Solved Random site redirects, logs pasted below

[arcing]

Hi,

I started noticing that google chrome would not load any websites, but firefox would. Also noticed that when I clicked on links after I searched on google, it would sometimes redirect me to a different webpage.

GMER did not find anything, so here are the other logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/11/2010 11:44:25 AM
mbam-log-2010-11-29 (11-44-25).txt

Scan type: Quick scan
Objects scanned: 138269
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Unloaded process successfully.

Memory Modules Infected:
C:\Windows\$NtUninstallMTF197$\habhu.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{62b6849d-7425-4e9d-abfc-0995a3732355} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c47a8a-fde2-4a01-a778-86d9c3b3052d} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e3c47a8a-fde2-4a01-a778-86d9c3b3052d} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF197$\habhu.dll (Trojan.BHO) -> Delete on reboot.
C:\Windows\$NtUninstallMTF197$\htlgv.dll (Adware.AdRotator) -> Delete on reboot.



DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Black at 12:05:34.65 on 29/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1791.959 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Black\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Black\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Black\AppData\Roaming\Mozilla\Firefox\Profiles\ngapt9h6.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Black\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-19 1255736]

=============== Created Last 30 ================

2010-11-29 17:04:22 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{31FE46D6-161F-475A-8A75-EAD6FBCAE944}\mpengine.dll
2010-11-29 16:39:58 -------- d-----w- C:\Users\Black\AppData\Roaming\Malwarebytes
2010-11-29 16:39:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 16:39:47 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-29 16:39:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-29 16:39:47 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-24 14:11:37 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 14:11:37 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-20 14:01:41 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-20 14:01:41 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-19 16:31:00 -------- d-----w- C:\Users\Black\AppData\Local\Apps
2010-11-19 16:28:42 -------- d-----w- C:\Users\Black\AppData\Roaming\SPlayer
2010-11-19 16:28:30 -------- d-----w- C:\Program Files (x86)\SPlayer
2010-11-19 16:24:10 -------- d-----w- C:\Users\Black\AppData\Roaming\foobar2000
2010-11-19 16:23:59 -------- d-----w- C:\Program Files (x86)\foobar2000
2010-11-19 15:45:40 -------- d-----w- C:\Windows\SysWow64\Wat
2010-11-19 15:45:40 -------- d-----w- C:\Windows\System32\Wat
2010-11-19 15:32:57 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-19 15:20:30 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-11-19 15:17:32 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-19 15:17:32 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-19 15:17:32 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-19 15:17:31 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-19 15:17:31 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-19 15:17:31 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-19 15:17:31 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-19 15:17:31 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-19 15:17:31 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-19 15:17:31 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-19 15:08:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-19 15:08:59 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-19 15:05:26 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31c8810e1cb87fb30\InstallManager_WLE_WLE.exe
2010-11-19 15:03:45 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f60596a81cb87fa25\MeshBetaRemover.exe
2010-11-19 15:02:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca4e32f41cb87fa1d\DSETUP.dll
2010-11-19 15:02:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca4e32f41cb87fa1d\DXSETUP.exe
2010-11-19 15:02:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca4e32f41cb87fa1d\dsetup32.dll
2010-11-19 15:02:25 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c640d3d11cb87fa1c\DSETUP.dll
2010-11-19 15:02:25 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c640d3d11cb87fa1c\DXSETUP.exe
2010-11-19 15:02:25 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c640d3d11cb87fa1c\dsetup32.dll
2010-11-19 15:00:36 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84bab8e81cb87fa10\Silverlight.4.0.exe
2010-11-19 14:58:36 -------- d-----w- C:\Users\Black\AppData\Local\Windows Live
2010-11-19 14:58:35 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-19 14:58:03 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-19 14:58:03 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-19 14:58:03 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-19 14:58:02 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-19 14:58:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-19 14:58:02 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-19 14:58:01 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-19 14:56:33 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-19 14:51:39 85936 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2010-11-19 14:51:39 -------- d-----w- C:\Program Files (x86)\PowerISO
2010-11-19 14:44:30 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2010-11-19 14:34:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-19 14:34:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-19 14:34:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2010-11-19 14:34:58 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2010-11-19 14:34:58 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2010-11-19 14:34:58 243200 ----a-w- C:\Windows\System32\wow64.dll
2010-11-19 14:34:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
2010-11-19 14:34:58 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2010-11-19 14:34:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-11-19 14:34:09 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-19 14:31:05 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2010-11-19 14:20:07 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2010-11-19 14:17:31 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-19 14:17:29 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-19 14:17:29 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-11-19 14:17:29 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-19 14:17:25 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-19 14:17:24 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-19 14:17:24 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-19 14:17:07 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-11-19 14:17:06 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-19 14:15:58 -------- d-----w- C:\Users\Black\AppData\Local\Microsoft Help
2010-11-19 14:08:33 -------- d-----w- C:\Users\Black\AppData\Local\Google
2010-11-19 14:07:43 -------- d-----w- C:\Users\Black\AppData\Local\Mozilla
2010-11-19 02:52:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-19 02:48:23 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-11-19 02:47:48 -------- d-sh--w- C:\Windows\Installer
2010-11-19 02:45:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-19 02:45:43 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-19 02:45:42 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-19 02:45:42 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-19 02:45:23 -------- d-----w- C:\Program Files\CCleaner
2010-11-19 02:43:27 -------- d-----w- C:\Windows\Panther
2010-11-19 02:28:32 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-11-19 02:23:16 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-11-19 02:22:29 -------- d-----w- C:\Users\Black\AppData\Roaming\Dropbox
2010-11-19 02:21:25 -------- d-----w- C:\Users\Black\AppData\Roaming\uTorrent
2010-11-18 23:56:16 -------- d-----w- C:\Users\Black\AppData\Local\Diagnostics
2010-11-18 23:45:43 0 ----a-w- C:\Windows\ativpsrm.bin
2010-11-10 17:49:36 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-27 09:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 08:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 08:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 07:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 07:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 07:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 07:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 07:52:14 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 07:51:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 07:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 07:50:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 07:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 07:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 07:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 07:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 07:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 07:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 07:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-27 07:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 07:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 07:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 07:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 07:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 07:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 07:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 07:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 07:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 07:14:58 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 07:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 07:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 07:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 07:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 07:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 07:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 07:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 07:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 07:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 07:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 07:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 07:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 06:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 06:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 06:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 06:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 06:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 06:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

============= FINISH: 12:06:11.73 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 18/11/2010 6:54:34 PM
System Uptime: 29/11/2010 11:45:18 AM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | M3A78-EM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | AM2 | 2800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 53.074 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_816810EC&REV_02\4&17AA8702&0&0030
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_816810EC&REV_02\4&17AA8702&0&0030
Service: RTL8167

==== System Restore Points ===================

RP13: 24/11/2010 9:52:36 AM - Windows Update
RP14: 25/11/2010 9:30:24 AM - Windows Update
RP15: 26/11/2010 10:24:00 AM - Revo Uninstaller's restore point - Google Chrome
RP16: 26/11/2010 10:44:02 AM - Windows Update
RP17: 26/11/2010 10:49:20 AM - Restore Operation
RP18: 26/11/2010 11:02:49 AM - Windows Update
RP19: 27/11/2010 5:42:25 PM - Windows Update
RP20: 28/11/2010 8:43:56 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader X
foobar2000 v1.1.1
Google Chrome
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft Silverlight
Mozilla Firefox (3.6.12)
PowerISO
Revo Uninstaller 1.90
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SPlayer
Street-Ads Browser Enhancer

==== Event Viewer Messages From Past Week ========

29/11/2010 11:45:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/11/2010 11:45:27 AM, Error: RTL8167 [5008] - Realtek PCIe GBE Family Controller : Has encountered an invalid network address.
29/11/2010 11:37:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/11/2010 11:36:28 AM, Error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/11/2010 8:33:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/11/2010 8:33:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88006768910, 0x0000000000000000, 0xfffff8000287f6a6, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112810-18330-01.
26/11/2010 11:07:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
26/11/2010 11:07:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
26/11/2010 11:06:57 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26/11/2010 10:52:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/11/2010 10:23:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/11/2010 10:12:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/11/2010 10:10:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

==== End Of File ===========================



Thanks in advance.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[arcing]

Thanks for helping.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 187):
0x02A5E000 \SystemRoot\system32\ntoskrnl.exe
0x02A15000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00C54000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C61000 \SystemRoot\system32\PSHED.dll
0x00C75000 \SystemRoot\system32\CLFS.SYS
0x00CD3000 \SystemRoot\system32\CI.dll
0x00E35000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE8000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F48000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F52000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F85000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F92000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D93000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FBC000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FD3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FED000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F8000 \SystemRoot\system32\drivers\fileinfo.sys
0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110C000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0116A000 \SystemRoot\System32\Drivers\cng.sys
0x013EE000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01000000 \SystemRoot\system32\drivers\ndis.sys
0x014DB000 \SystemRoot\system32\drivers\NETIO.SYS
0x0153B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01603000 \SystemRoot\System32\drivers\tcpip.sys
0x01566000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015B0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144C000 \SystemRoot\System32\Drivers\spldr.sys
0x01454000 \SystemRoot\System32\drivers\rdyboost.sys
0x0148E000 \SystemRoot\System32\Drivers\mup.sys
0x014A0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014A9000 \SystemRoot\system32\DRIVERS\disk.sys
0x0186A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018FA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01927000 \SystemRoot\System32\Drivers\Null.SYS
0x01930000 \SystemRoot\System32\Drivers\Beep.SYS
0x01937000 \SystemRoot\System32\drivers\vga.sys
0x01945000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0196A000 \SystemRoot\System32\drivers\watchdog.sys
0x0197A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01983000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0198C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01995000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019B1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03AC4000 \SystemRoot\system32\drivers\afd.sys
0x03B4E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B93000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B9C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03BC2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BD1000 \SystemRoot\system32\DRIVERS\serial.sys
0x03A00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A2F000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03A48000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A99000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03AA5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AB0000 \SystemRoot\System32\drivers\discache.sys
0x02CE7000 \SystemRoot\system32\drivers\csc.sys
0x02D6A000 \SystemRoot\System32\Drivers\dfsc.sys
0x02D88000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02D99000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02DBF000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x02C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04804000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03CAE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03DA2000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C24000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03C62000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x01800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C6D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C7E000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03C8B000 \SystemRoot\system32\DRIVERS\parport.sys
0x03DE8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x02CA1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03DF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02CBF000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02CCB000 \SystemRoot\system32\DRIVERS\fet6x64.sys
0x02CD7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02DD6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x02DE6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x019DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03BEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x042CA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x042F9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04314000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04335000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0434F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0435A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04369000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0436B000 \SystemRoot\system32\DRIVERS\ks.sys
0x043AE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04200000 \SystemRoot\system32\drivers\HdAudio.sys
0x0425C000 \SystemRoot\system32\drivers\portcls.sys
0x04299000 \SystemRoot\system32\drivers\drmk.sys
0x042BB000 \SystemRoot\system32\drivers\ksthunk.sys
0x04018000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04072000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0407D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00070000 \SystemRoot\System32\win32k.sys
0x04092000 \SystemRoot\System32\drivers\Dxapi.sys
0x0409E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040AC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x040B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x040C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x040D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x040E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x040FB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04104000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04106000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04113000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x04121000 \SystemRoot\system32\drivers\luafv.sys
0x04144000 \SystemRoot\system32\drivers\WudfPf.sys
0x04165000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0417A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A9C000 \SystemRoot\system32\drivers\HTTP.sys
0x02B64000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B82000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0460C000 \SystemRoot\system32\drivers\peauth.sys
0x046B2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x046BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x046EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x046FC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04763000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06467000 \SystemRoot\System32\DRIVERS\srv.sys
0x064FD000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06533000 \SystemRoot\system32\drivers\spsys.sys
0x77840000 \Windows\System32\ntdll.dll
0x47C50000 \Windows\System32\smss.exe
0xFFB60000 \Windows\System32\apisetschema.dll
0xFF220000 \Windows\System32\autochk.exe
0xFFB30000 \Windows\System32\imagehlp.dll
0xFFB10000 \Windows\System32\sechost.dll
0x77A10000 \Windows\System32\normaliz.dll
0xFF9E0000 \Windows\System32\rpcrt4.dll
0xFF9B0000 \Windows\System32\imm32.dll
0x77740000 \Windows\System32\user32.dll
0xFF9A0000 \Windows\System32\lpk.dll
0xFF8D0000 \Windows\System32\usp10.dll
0xFF670000 \Windows\System32\iertutil.dll
0xFF5D0000 \Windows\System32\comdlg32.dll
0xFF580000 \Windows\System32\Wldap32.dll
0xFF500000 \Windows\System32\difxapi.dll
0xFF320000 \Windows\System32\setupapi.dll
0xFF310000 \Windows\System32\nsi.dll
0x77620000 \Windows\System32\kernel32.dll
0xFE580000 \Windows\System32\shell32.dll
0xFE450000 \Windows\System32\wininet.dll
0xFE3D0000 \Windows\System32\shlwapi.dll
0xFE250000 \Windows\System32\urlmon.dll
0xFE1E0000 \Windows\System32\gdi32.dll
0xFE100000 \Windows\System32\oleaut32.dll
0xFE060000 \Windows\System32\msvcrt.dll
0xFDE50000 \Windows\System32\ole32.dll
0x77A00000 \Windows\System32\psapi.dll
0xFDE00000 \Windows\System32\ws2_32.dll
0xFDD20000 \Windows\System32\advapi32.dll
0xFDC10000 \Windows\System32\msctf.dll
0xFDB70000 \Windows\System32\clbcatq.dll
0xFDA00000 \Windows\System32\crypt32.dll
0xFD960000 \Windows\System32\comctl32.dll
0xFD920000 \Windows\System32\cfgmgr32.dll
0xFD8B0000 \Windows\System32\KernelBase.dll
0xFD890000 \Windows\System32\devobj.dll
0xFD850000 \Windows\System32\wintrust.dll
0xFD840000 \Windows\System32\msasn1.dll
0x779F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 46):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
460 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\winlogon.exe
808 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
948 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
384 C:\Windows\System32\atiesrxx.exe
708 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\atieclxx.exe
1364 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\spoolsv.exe
1668 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\dwm.exe
1800 C:\Windows\System32\taskhost.exe
1900 C:\Windows\explorer.exe
1332 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2100 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2472 C:\Program Files\Microsoft Security Essentials\msseces.exe
2804 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
2824 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2844 C:\Windows\System32\svchost.exe
3036 C:\Windows\System32\SearchIndexer.exe
1552 C:\Program Files\Windows Media Player\wmpnetwk.exe
2744 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2576 C:\Windows\System32\SearchProtocolHost.exe
2832 WmiPrvSE.exe
3048 C:\Windows\System32\SearchFilterHost.exe
2760 C:\Windows\System32\svchost.exe
3420 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3564 dllhost.exe
3732 C:\Windows\explorer.exe
2284 C:\Windows\System32\sppsvc.exe
3608 C:\Users\Black\Downloads\MBRCheck.exe
3572 C:\Windows\System32\conhost.exe
4056 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/30/2010 at 09:46 AM

Application Version : 4.46.1000

Core Rules Database Version : 5929
Trace Rules Database Version: 3741

Scan type : Complete Scan
Total Scan Time : 00:28:37

Memory items scanned : 333
Memory threats detected : 0
Registry items scanned : 12208
Registry threats detected : 4
File items scanned : 75006
File threats detected : 0

Adware.AdRotator
(x86) HKU\.DEFAULT\Software\Sky-Banners
(x86) HKU\S-1-5-18\Software\Sky-Banners
(x86) HKU\.DEFAULT\Software\Street-Ads
(x86) HKU\S-1-5-18\Software\Street-Ads



I don't seem to be getting the site redirects anymore. Chrome is working fine as well.

Thanks again.

 

[Broni]

Good news, but we need to fix your MBR and run couple more scans to make sure, all is clean 100%.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[arcing]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 186):
0x02A0F000 \SystemRoot\system32\ntoskrnl.exe
0x02FEB000 \SystemRoot\system32\hal.dll
0x00BAC000 \SystemRoot\system32\kdcom.dll
0x00C3F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C4C000 \SystemRoot\system32\PSHED.dll
0x00C60000 \SystemRoot\system32\CLFS.SYS
0x00CBE000 \SystemRoot\system32\CI.dll
0x00E42000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F4C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F55000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F92000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F9F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E09000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E33000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010EE000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0114E000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D7000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015C9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015D9000 \SystemRoot\System32\Drivers\spldr.sys
0x011AC000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E1000 \SystemRoot\System32\Drivers\mup.sys
0x015F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x011E6000 \SystemRoot\system32\DRIVERS\disk.sys
0x018AC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01912000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0193C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01969000 \SystemRoot\System32\Drivers\Null.SYS
0x01972000 \SystemRoot\System32\Drivers\Beep.SYS
0x01979000 \SystemRoot\System32\drivers\vga.sys
0x01987000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019AC000 \SystemRoot\System32\drivers\watchdog.sys
0x019BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019C5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019CE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019D7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019E2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CE6000 \SystemRoot\system32\drivers\afd.sys
0x02D70000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DBE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DE4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C38000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C4C000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x02C65000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02C6F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02C79000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02CCA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CD6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0182B000 \SystemRoot\System32\drivers\discache.sys
0x03EFD000 \SystemRoot\system32\drivers\csc.sys
0x03F80000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F9E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03FAF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03FD5000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03E00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04805000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03AEF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03A6A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03AA8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03EA1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03AB3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03AC4000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03AD1000 \SystemRoot\system32\DRIVERS\parport.sys
0x03BE3000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0183A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03BEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FEC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02DF3000 \SystemRoot\system32\DRIVERS\fet6x64.sys
0x01858000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x01861000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x01871000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x01887000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x019F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x010BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00DDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04269000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04283000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0428E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0429D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0429F000 \SystemRoot\system32\DRIVERS\ks.sys
0x042E2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x042F4000 \SystemRoot\system32\drivers\HdAudio.sys
0x04350000 \SystemRoot\system32\drivers\portcls.sys
0x0438D000 \SystemRoot\system32\drivers\drmk.sys
0x043AF000 \SystemRoot\system32\drivers\ksthunk.sys
0x0405F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x040B9000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x040C4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00080000 \SystemRoot\System32\win32k.sys
0x040D9000 \SystemRoot\System32\drivers\Dxapi.sys
0x040E5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x040FF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04108000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0411B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04129000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04142000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0414B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0414D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0415A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x04168000 \SystemRoot\system32\drivers\luafv.sys
0x0418B000 \SystemRoot\system32\drivers\WudfPf.sys
0x041AC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x041C1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0341E000 \SystemRoot\system32\drivers\HTTP.sys
0x034E6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03504000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0351C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03549000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03597000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x062A1000 \SystemRoot\system32\drivers\peauth.sys
0x06347000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06352000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0637F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06391000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06200000 \SystemRoot\System32\DRIVERS\srv.sys
0x774F0000 \Windows\System32\ntdll.dll
0x47760000 \Windows\System32\smss.exe
0xFF810000 \Windows\System32\apisetschema.dll
0xFF080000 \Windows\System32\autochk.exe
0xFF680000 \Windows\System32\urlmon.dll
0xFF670000 \Windows\System32\lpk.dll
0xFF5D0000 \Windows\System32\msvcrt.dll
0xFF4C0000 \Windows\System32\msctf.dll
0x776C0000 \Windows\System32\psapi.dll
0xFF4A0000 \Windows\System32\imagehlp.dll
0xFF3C0000 \Windows\System32\advapi32.dll
0xFF3A0000 \Windows\System32\sechost.dll
0xFF320000 \Windows\System32\difxapi.dll
0x773F0000 \Windows\System32\user32.dll
0xFF2D0000 \Windows\System32\Wldap32.dll
0xFF2C0000 \Windows\System32\nsi.dll
0xFF190000 \Windows\System32\rpcrt4.dll
0x776B0000 \Windows\System32\normaliz.dll
0x772D0000 \Windows\System32\kernel32.dll
0xFF110000 \Windows\System32\shlwapi.dll
0xFF0A0000 \Windows\System32\gdi32.dll
0xFF000000 \Windows\System32\comdlg32.dll
0xFEE20000 \Windows\System32\setupapi.dll
0xFEC10000 \Windows\System32\ole32.dll
0xFEB70000 \Windows\System32\clbcatq.dll
0xFEB20000 \Windows\System32\ws2_32.dll
0xFEA50000 \Windows\System32\usp10.dll
0xFDCC0000 \Windows\System32\shell32.dll
0xFDBE0000 \Windows\System32\oleaut32.dll
0xFD980000 \Windows\System32\iertutil.dll
0xFD950000 \Windows\System32\imm32.dll
0xFD820000 \Windows\System32\wininet.dll
0xFD780000 \Windows\System32\comctl32.dll
0xFD760000 \Windows\System32\devobj.dll
0xFD6F0000 \Windows\System32\KernelBase.dll
0xFD6B0000 \Windows\System32\wintrust.dll
0xFD540000 \Windows\System32\crypt32.dll
0xFD500000 \Windows\System32\cfgmgr32.dll
0xFD4F0000 \Windows\System32\msasn1.dll
0x765C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 45):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
460 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
932 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
380 C:\Windows\System32\atiesrxx.exe
412 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\atieclxx.exe
1512 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\svchost.exe
1840 C:\Windows\System32\dwm.exe
1920 C:\Windows\System32\taskhost.exe
1928 C:\Windows\explorer.exe
1536 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2096 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2372 C:\Program Files\Microsoft Security Essentials\msseces.exe
2516 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2748 C:\Windows\System32\svchost.exe
2768 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
2796 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
2808 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3052 C:\Windows\System32\SearchIndexer.exe
1500 C:\Program Files\Windows Media Player\wmpnetwk.exe
2780 C:\Windows\System32\SearchProtocolHost.exe
2680 C:\Windows\System32\SearchFilterHost.exe
3004 WmiPrvSE.exe
2572 C:\Windows\System32\svchost.exe
3848 C:\Users\Black\Downloads\MBRCheck.exe
3860 C:\Windows\System32\conhost.exe
3904 C:\Windows\System32\dllhost.exe
4008 dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


I used to have linux and windows xp dual boot before I formatted and installed Win7, if that has anything to do with the MBR.

 

[Broni]

Since you formatted, that shouldn't have any impact.

In any case, our fix didn't work, so we'll have to use different method.

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

 

[arcing]

--my bad just got your pm. will try again.

Don't know if you got my PM but when after I did bootrec /FixMbr it said it was successful, and I did a restart. But, when windows was loading(when the 4 coloured 'balls' are about to converge), the computer restarts. It asks if I want to do a startup repair before windows loads.

 

[Broni]

It asks if I want to do a startup repair before windows loads

Go for it.

 

[arcing]

I got it to start up again, but not through the method you posted or the start up recovery. It seems to have worked

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 187):
0x02A17000 \SystemRoot\system32\ntoskrnl.exe
0x02FF3000 \SystemRoot\system32\hal.dll
0x00BC8000 \SystemRoot\system32\kdcom.dll
0x00CE0000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CED000 \SystemRoot\system32\PSHED.dll
0x00D01000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F32000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F41000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F98000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FAB000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FEB000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E71000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E78000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D5F000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00D68000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00D92000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D9D000 \SystemRoot\system32\drivers\fltmgr.sys
0x00DE9000 \SystemRoot\system32\drivers\fileinfo.sys
0x01039000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01245000 \SystemRoot\System32\Drivers\msrpc.sys
0x012A3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x012BD000 \SystemRoot\System32\Drivers\cng.sys
0x01330000 \SystemRoot\System32\drivers\pcw.sys
0x01341000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014AB000 \SystemRoot\system32\drivers\ndis.sys
0x0159D000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01475000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0134B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01485000 \SystemRoot\System32\Drivers\spldr.sys
0x01397000 \SystemRoot\System32\drivers\rdyboost.sys
0x0148D000 \SystemRoot\System32\Drivers\mup.sys
0x0149F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013D1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02ACA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02AF4000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02B21000 \SystemRoot\System32\Drivers\Null.SYS
0x02B2A000 \SystemRoot\System32\Drivers\Beep.SYS
0x02B31000 \SystemRoot\System32\drivers\vga.sys
0x02B3F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B64000 \SystemRoot\System32\drivers\watchdog.sys
0x02B74000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B7D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B86000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02B8F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02B9A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BAB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BC9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02A00000 \SystemRoot\system32\drivers\afd.sys
0x03810000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03855000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0385E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03884000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03893000 \SystemRoot\system32\DRIVERS\serial.sys
0x038B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x038CB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x038DF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x038F8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03902000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0390C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0395D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03969000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03974000 \SystemRoot\System32\drivers\discache.sys
0x03CE9000 \SystemRoot\system32\drivers\csc.sys
0x03D6C000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D8A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D9B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DC1000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04602000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03AFC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03A6A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03AA8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03983000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03AB3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03AC4000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03AD1000 \SystemRoot\system32\DRIVERS\parport.sys
0x03AEE000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x03CA1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03BF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03CBF000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03CCB000 \SystemRoot\system32\DRIVERS\fet6x64.sys
0x04DF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03CD7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03DD8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x039D9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02A8A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02BD6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x042A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x042C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x042DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x042EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x042F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x042FB000 \SystemRoot\system32\DRIVERS\ks.sys
0x0433E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04350000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x043AA000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x043B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04200000 \SystemRoot\system32\drivers\HdAudio.sys
0x0425C000 \SystemRoot\system32\drivers\portcls.sys
0x043CA000 \SystemRoot\system32\drivers\drmk.sys
0x043EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x043F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x03C4B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C59000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04299000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x03C65000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03C78000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03C86000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x042A2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02BF1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02AB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x011DC000 \SystemRoot\system32\drivers\luafv.sys
0x02220000 \SystemRoot\system32\drivers\WudfPf.sys
0x02241000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02256000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0226E000 \SystemRoot\system32\drivers\HTTP.sys
0x02336000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02354000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0236C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02399000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x036C7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x036EA000 \SystemRoot\system32\drivers\peauth.sys
0x03790000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0379B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x037AB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x037D8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0602B000 \SystemRoot\System32\DRIVERS\srv.sys
0x77000000 \Windows\System32\ntdll.dll
0x47C80000 \Windows\System32\smss.exe
0xFF320000 \Windows\System32\apisetschema.dll
0xFF5F0000 \Windows\System32\autochk.exe
0xFF2F0000 \Windows\System32\sechost.dll
0x76EE0000 \Windows\System32\kernel32.dll
0xFF110000 \Windows\System32\setupapi.dll
0x771D0000 \Windows\System32\psapi.dll
0xFF0C0000 \Windows\System32\ws2_32.dll
0x76DE0000 \Windows\System32\user32.dll
0xFEFE0000 \Windows\System32\advapi32.dll
0xFEFD0000 \Windows\System32\lpk.dll
0xFEEA0000 \Windows\System32\rpcrt4.dll
0xFEE20000 \Windows\System32\shlwapi.dll
0xFEDB0000 \Windows\System32\gdi32.dll
0xFED30000 \Windows\System32\difxapi.dll
0xFEBB0000 \Windows\System32\urlmon.dll
0xFE950000 \Windows\System32\iertutil.dll
0xFE8B0000 \Windows\System32\msvcrt.dll
0xFE7E0000 \Windows\System32\usp10.dll
0xFE5D0000 \Windows\System32\ole32.dll
0xFE5C0000 \Windows\System32\nsi.dll
0xFE520000 \Windows\System32\clbcatq.dll
0xFE4D0000 \Windows\System32\Wldap32.dll
0x771C0000 \Windows\System32\normaliz.dll
0xFD740000 \Windows\System32\shell32.dll
0xFD610000 \Windows\System32\wininet.dll
0xFD570000 \Windows\System32\comdlg32.dll
0xFD540000 \Windows\System32\imm32.dll
0xFD520000 \Windows\System32\imagehlp.dll
0xFD440000 \Windows\System32\oleaut32.dll
0xFD330000 \Windows\System32\msctf.dll
0xFD1C0000 \Windows\System32\crypt32.dll
0xFD180000 \Windows\System32\cfgmgr32.dll
0xFD110000 \Windows\System32\KernelBase.dll
0xFD0D0000 \Windows\System32\wintrust.dll
0xFD030000 \Windows\System32\comctl32.dll
0xFD010000 \Windows\System32\devobj.dll
0xFD000000 \Windows\System32\msasn1.dll
0x76580000 \Windows\SysWOW64\normaliz.dll

Processes (total 45):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
460 csrss.exe
524 C:\Windows\System32\wininit.exe
556 csrss.exe
584 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
892 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
992 C:\Windows\System32\atiesrxx.exe
472 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\dwm.exe
1488 C:\Windows\System32\atieclxx.exe
1504 C:\Windows\explorer.exe
1520 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\taskhost.exe
1844 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1180 C:\Program Files\Microsoft Security Essentials\msseces.exe
2024 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2192 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2228 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2548 C:\Windows\System32\SearchIndexer.exe
2656 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
2676 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
2692 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2724 C:\Windows\System32\svchost.exe
2936 C:\Program Files\Windows Media Player\wmpnetwk.exe
1060 C:\Windows\System32\SearchProtocolHost.exe
1028 C:\Windows\System32\SearchFilterHost.exe
2328 C:\Windows\System32\svchost.exe
1884 WmiPrvSE.exe
3220 dllhost.exe
3684 C:\Users\Black\Downloads\MBRCheck.exe
3692 C:\Windows\System32\conhost.exe
3732 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

[Broni]

Excellent!

I got it to start up again, but not through the method you posted or the start up recovery

What exactly did you do? Did you use system restore by any chance?

 

[arcing]

No It wasn't a system restore. I hit before F8 before windows login and choose repair computer, command prompt.

Then, I copied my copy of the bcd and saved it. Created a blank bcd and imported that bcd back to overwrite my current one. Restarted the computer and it crashed saying invalid BCD. Then I booted my win7 dvd and I said repair and it repaired itself and I was able to boot again.

edit:http://www.sevenforums.com/installation-setup/3513-bcdedit-help.html is what I followed.

 

[Broni]

OK.

How are the issues?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[arcing]

OTL logfile created on: 03/12/2010 9:41:12 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Black\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 52.20 Gb Free Space | 70.13% Space Free | Partition Type: NTFS

Computer Name: BLACK-PC | User Name: Black | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
PRC - [2010/11/30 15:10:25 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Users\Black\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2008/11/02 03:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 8F 23 6A 93 87 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/18 21:44:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 10:08:59 | 000,000,000 | ---D | M]

[2010/11/19 09:07:51 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\Mozilla\Extensions
[2010/11/19 09:07:51 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\Mozilla\Firefox\Profiles\ngapt9h6.default\extensions
[2010/11/19 10:09:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/19 10:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/19 10:08:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Program Files (x86)\SPlayer\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 09:39:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
[2010/11/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/30 09:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/30 09:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/30 09:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/29 11:39:58 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Malwarebytes
[2010/11/29 11:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 11:39:47 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 11:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/29 11:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/28 20:33:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/20 14:41:42 | 000,000,000 | ---D | C] -- C:\Users\Black\Desktop\Songs from AMMA's MP3
[2010/11/19 11:31:00 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Apps
[2010/11/19 11:28:42 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\SPlayer
[2010/11/19 11:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SPlayer
[2010/11/19 11:24:10 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\foobar2000
[2010/11/19 11:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2010/11/19 10:45:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/11/19 10:45:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/11/19 10:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/19 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/19 10:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/11/19 10:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/19 09:58:36 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Windows Live
[2010/11/19 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/11/19 09:51:39 | 000,085,936 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/11/19 09:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/11/19 09:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/11/19 09:44:01 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Macromedia
[2010/11/19 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/19 09:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/11/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/11/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/11/19 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/11/19 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/11/19 09:15:58 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Microsoft Help
[2010/11/19 09:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/11/19 09:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/19 09:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/11/19 09:14:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/11/19 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\WinRAR
[2010/11/19 09:11:28 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Adobe
[2010/11/19 09:11:28 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Adobe
[2010/11/19 09:08:33 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Google
[2010/11/19 09:07:43 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Mozilla
[2010/11/19 09:07:42 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Mozilla
[2010/11/18 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/18 21:47:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/11/18 21:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/18 21:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/11/18 21:44:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/11/18 21:43:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/11/18 21:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/18 21:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/11/18 21:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/11/18 21:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/18 21:26:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/11/18 21:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/11/18 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/11/18 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Dropbox
[2010/11/18 21:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/18 21:21:25 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\uTorrent
[2010/11/18 21:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/18 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Diagnostics
[2010/11/18 18:54:57 | 000,000,000 | R--D | C] -- C:\Users\Black\Searches
[2010/11/18 18:54:57 | 000,000,000 | -H-D | C] -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/18 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Identities
[2010/11/18 18:54:45 | 000,000,000 | R--D | C] -- C:\Users\Black\Contacts
[2010/11/18 18:54:44 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\VirtualStore
[2010/11/18 18:54:38 | 000,000,000 | --SD | C] -- C:\Users\Black\AppData\Roaming\Microsoft
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Videos
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Saved Games
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Pictures
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Music
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Links
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Favorites
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Downloads
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\My Documents
[2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Desktop
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\AppData\Local\Temporary Internet Files
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Templates
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Start Menu
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\SendTo
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Recent
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\PrintHood
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\NetHood
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Documents\My Videos
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Documents\My Pictures
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Documents\My Music
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\My Documents
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Local Settings
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\AppData\Local\History
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Cookies
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Application Data
[2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\AppData\Local\Application Data
[2010/11/18 18:54:38 | 000,000,000 | -H-D | C] -- C:\Users\Black\AppData
[2010/11/18 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Temp
[2010/11/18 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Microsoft
[2010/11/18 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Media Center Programs
[2010/11/18 18:54:32 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/11/18 18:47:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/18 18:44:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/11/18 18:44:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
[2010/12/03 09:36:53 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000Core.job
[2010/12/03 09:36:52 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000UA.job
[2010/12/03 09:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/02 18:13:44 | 000,002,401 | ---- | M] () -- C:\Users\Black\Desktop\Google Chrome.lnk
[2010/12/02 17:59:45 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 17:59:45 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 17:56:47 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/02 17:56:47 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/02 17:56:47 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/02 17:52:23 | 1408,585,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/02 13:10:27 | 000,008,192 | ---- | M] () -- C:\bcd
[2010/12/02 13:08:57 | 000,024,576 | ---- | M] () -- C:\savebcd
[2010/11/30 09:05:36 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/29 11:39:52 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 20:33:27 | 216,982,160 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/26 10:33:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(27).DAT
[2010/11/20 09:16:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/19 12:18:47 | 000,000,952 | ---- | M] () -- C:\Users\Black\Desktop\2010.xlsx - Shortcut.lnk
[2010/11/19 12:18:32 | 000,000,965 | ---- | M] () -- C:\Users\Black\Desktop\work.xls - Shortcut.lnk
[2010/11/19 11:28:39 | 000,001,031 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer(Home Theater).lnk
[2010/11/19 11:28:39 | 000,001,019 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer.lnk
[2010/11/19 11:28:39 | 000,001,007 | ---- | M] () -- C:\Users\Black\Desktop\SPlayer(Home Theater).lnk
[2010/11/19 11:28:39 | 000,000,995 | ---- | M] () -- C:\Users\Black\Desktop\SPlayer.lnk
[2010/11/19 11:24:02 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/11/19 11:13:02 | 000,339,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/19 09:54:46 | 000,000,680 | ---- | M] () -- C:\Users\Black\Desktop\SUSEELA - Shortcut.lnk
[2010/11/19 09:51:41 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/11/19 09:44:31 | 000,001,268 | ---- | M] () -- C:\Users\Black\Desktop\Revo Uninstaller.lnk
[2010/11/18 21:48:19 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/18 21:44:40 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/11/18 21:44:30 | 000,001,967 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/18 21:44:30 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/18 19:21:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/18 18:55:11 | 000,001,441 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/18 18:47:28 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/11/18 18:47:28 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/11/18 18:45:43 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2010/12/02 13:10:14 | 000,008,192 | ---- | C] () -- C:\bcd
[2010/12/02 13:08:57 | 000,024,576 | ---- | C] () -- C:\savebcd
[2010/11/30 09:05:36 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/29 11:39:52 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 20:33:27 | 216,982,160 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/20 09:16:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/11/19 12:18:49 | 000,000,952 | ---- | C] () -- C:\Users\Black\Desktop\2010.xlsx - Shortcut.lnk
[2010/11/19 12:18:34 | 000,000,965 | ---- | C] () -- C:\Users\Black\Desktop\work.xls - Shortcut.lnk
[2010/11/19 11:28:39 | 000,001,031 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer(Home Theater).lnk
[2010/11/19 11:28:39 | 000,001,019 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer.lnk
[2010/11/19 11:28:39 | 000,001,007 | ---- | C] () -- C:\Users\Black\Desktop\SPlayer(Home Theater).lnk
[2010/11/19 11:28:39 | 000,000,995 | ---- | C] () -- C:\Users\Black\Desktop\SPlayer.lnk
[2010/11/19 11:24:02 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/11/19 09:54:46 | 000,000,680 | ---- | C] () -- C:\Users\Black\Desktop\SUSEELA - Shortcut.lnk
[2010/11/19 09:51:41 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/11/19 09:44:31 | 000,001,268 | ---- | C] () -- C:\Users\Black\Desktop\Revo Uninstaller.lnk
[2010/11/19 09:31:05 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/11/19 09:09:10 | 000,002,401 | ---- | C] () -- C:\Users\Black\Desktop\Google Chrome.lnk
[2010/11/19 09:08:35 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000UA.job
[2010/11/19 09:08:34 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000Core.job
[2010/11/18 21:48:19 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/18 21:44:40 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/11/18 21:44:30 | 000,001,967 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/18 21:44:30 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/18 19:21:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/18 18:55:11 | 000,001,441 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/18 18:54:38 | 000,000,290 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/18 18:54:38 | 000,000,272 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/18 18:45:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/18 18:44:06 | 1408,585,728 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/11/18 21:22:44 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\Dropbox
[2010/11/24 09:25:12 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\foobar2000
[2010/11/19 11:30:13 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\SPlayer
[2010/11/27 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\uTorrent
[2010/11/26 10:33:38 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA(27).DAT
[2009/07/14 00:08:49 | 000,004,660 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(28).TXT
[2010/11/26 11:05:56 | 000,007,692 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/02 13:10:27 | 000,008,192 | ---- | M] () -- C:\bcd
[2010/12/02 13:10:27 | 000,005,120 | -HS- | M] () -- C:\bcd.LOG
[2010/12/02 17:52:23 | 1408,585,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/02 17:52:26 | 1878,118,400 | -HS- | M] () -- C:\pagefile.sys
[2010/12/02 13:08:57 | 000,024,576 | ---- | M] () -- C:\savebcd
[2010/12/02 13:08:57 | 000,021,504 | -HS- | M] () -- C:\savebcd.LOG
[2010/12/02 13:08:57 | 000,000,000 | -HS- | M] () -- C:\savebcd.LOG1
[2010/12/02 13:08:57 | 000,000,000 | -HS- | M] () -- C:\savebcd.LOG2

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/18 18:55:11 | 000,000,221 | -HS- | M] () -- C:\Users\Black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/20 09:20:39 | 000,000,402 | -HS- | M] () -- C:\Users\Black\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[arcing]

whoops forgot this.


OTL Extras logfile created on: 03/12/2010 9:41:12 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Black\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 52.20 Gb Free Space | 70.13% Space Free | Partition Type: NTFS

Computer Name: BLACK-PC | User Name: Black | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF197$" = Street-Ads Browser Enhancer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"foobar2000" = foobar2000 v1.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.90
"SPlayer" = SPlayer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/11/2010 7:51:17 PM | Computer Name = Black-PC | Source = Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=92BG3
ACID=?
Detailed
Error[?]

Error - 18/11/2010 7:54:31 PM | Computer Name = Black-PC | Source = Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=BBBBB
ACID=?
Detailed
Error[?]

Error - 18/11/2010 10:26:29 PM | Computer Name = Black-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 19/11/2010 11:07:04 AM | Computer Name = Black-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 19/11/2010 11:08:22 AM | Computer Name = Black-PC | Source = MsiInstaller | ID = 1043
Description =

Error - 26/11/2010 12:05:46 PM | Computer Name = Black-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000000feb000 Faulting process id: 0x408 Faulting
application start time: 0x01cb8d81f159d2a0 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 06daa509-f977-11df-9b0b-1cbdb98708c5

[ System Events ]
Error - 30/11/2010 10:24:04 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.766.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 30/11/2010 10:48:39 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 01/12/2010 10:07:18 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 01/12/2010 10:13:47 AM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
address.

Error - 01/12/2010 10:14:00 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 01/12/2010 11:57:55 AM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
address.

Error - 01/12/2010 11:58:08 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 02/12/2010 11:31:45 AM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
address.

Error - 02/12/2010 11:31:49 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%861 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Error - 02/12/2010 6:52:25 PM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
address.


< End of report >

 

[Broni]

How are the issues?

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
  SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
  O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[arcing]

All processes killed
========== OTL ==========
Service KMService stopped successfully!
Service KMService deleted successfully!
File C:\Windows\SysNative\srvany.exe not found.
Error: No service named KMService was found to stop!
Service\Driver key KMService not found.
C:\Windows\SysWOW64\srvany.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gchk deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Black
->Temp folder emptied: 547263 bytes
->Temporary Internet Files folder emptied: 7497486 bytes
->Java cache emptied: 1664363 bytes
->FireFox cache emptied: 106999277 bytes
->Google Chrome cache emptied: 240515163 bytes
->Flash cache emptied: 12966 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42674 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 25301 bytes

Total Files Cleaned = 341.00 mb


[EMPTYFLASH]

User: All Users

User: Black
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12032010_205821

Files\Folders moved on Reboot...
C:\Users\Black\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


ESET didn't find any threats.

Everything seems fine, no issues with redirection or anything out of the ordinary.

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[arcing]

Computer is doing fine. No issues since the last time I updated you.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Black
->Temp folder emptied: 412577 bytes
->Temporary Internet Files folder emptied: 5360045 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16319488 bytes
->Google Chrome cache emptied: 8346290 bytes
->Flash cache emptied: 611 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1578 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


[EMPTYFLASH]

User: All Users

User: Black
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 12032010_215934

Files\Folders moved on Reboot...
C:\Users\Black\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

For the trojans, should I look at the previous logs to see if I had any? In any case, I'll change my passwords just incase.

Thanks you very much for your help!

 

[Broni]

Yes!!

Good luck and stay safe