TechSpot

Slow computer startups/shutdowns, programs, IE7, Google chrome unresponsive

By chiehs
Aug 17, 2010
  1. Hello,

    Recently my computer has been slowing down significantly. Starting the computer up and shutting it down take much more time than it used to.
    Also, while running programs, the computer might suddenly hang, and attempting the task does not seem to work (have to force shutdown).
    The same also applies for using IE7 and Chrome, as loading some pages may cause it to hang and become unresponsive. I have noticed this happening more often when trying to access sites that play videos like youtube.

    I have ran virus scans with Avira and Malwarebytes, but they did not seem to find anything.

    Hope that you can help!

    *GMER has an error when I run it because I am using 64-bit Windows 7.
     
  2. chiehs

    chiehs TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4438

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    17/8/2010 3:38:31 PM
    mbam-log-2010-08-17 (15-38-31).txt

    Scan type: Quick scan
    Objects scanned: 148626
    Time elapsed: 5 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/6/2010 1:48:51 PM
    System Uptime: 17/8/2010 3:08:39 PM (0 hours ago)

    Motherboard: ASUSTeK Computer Inc. | | K42Jv
    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | Socket 989 | 1176/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 116 GiB total, 54.812 GiB free.
    D: is FIXED (NTFS) - 333 GiB total, 247.774 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Description: A60BATTP IDE Controller
    Device ID: ACPI\PNPA000\4&5D18F2DF&0
    Manufacturer: (Standard mass storage controllers)
    Name: A60BATTP IDE Controller
    PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
    Service: ahgaat8d

    ==== System Restore Points ===================

    RP74: 14/8/2010 12:26:49 AM - StopZILLA! Restore Point.
    RP75: 14/8/2010 12:28:39 AM - Windows Update
    RP76: 14/8/2010 1:04:17 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP77: 14/8/2010 1:05:10 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP78: 17/8/2010 11:26:38 AM - Installed Java(TM) 6 Update 21

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.3 MUI
    Advanced SystemCare 3
    ASUS AI Recovery
    ASUS AP Bank
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ATK Package
    Avira AntiVir Personal - Free Antivirus
    Combined Community Codec Pack 2009-09-09
    ControlDeck
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDVD 9
    Definition update for Microsoft Office 2010 (KB982726)
    FXCM Trading Station
    Garena 2010
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 21
    JMicron Ethernet Adapter NDIS Driver
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    MetaTrader 4.00
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Mobile Broadband Modem
    MSVCRT
    MSXML 4.0 SP3 Parser (KB973685)
    NVIDIA PhysX
    NVIDIA Updatus
    Realtek High Definition Audio Driver
    Skype™ 4.2
    StarCraft II
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Outlook Social Connector (KB983403)
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 1.1.0
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinFlash
    Wireless Console 3

    ==== Event Viewer Messages From Past Week ========

    17/8/2010 3:08:54 PM, Error: volmgr [46] - Crash dump initialization failed!
    17/8/2010 2:44:54 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
    17/8/2010 11:22:27 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    16/8/2010 9:26:12 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    16/8/2010 12:41:32 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
    16/8/2010 12:41:32 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
    16/8/2010 12:41:32 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
    15/8/2010 10:09:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    15/8/2010 10:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    15/8/2010 10:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    15/8/2010 10:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    15/8/2010 10:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    15/8/2010 10:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    15/8/2010 10:09:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    15/8/2010 10:08:56 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    15/8/2010 10:08:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    15/8/2010 10:08:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    15/8/2010 10:08:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    15/8/2010 10:08:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    15/8/2010 10:08:36 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    14/8/2010 1:05:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
    13/8/2010 7:00:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    13/8/2010 7:00:42 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  3. chiehs

    chiehs TS Rookie Topic Starter

    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Sian at 15:41:28.67 on Tue 17/08/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3884.2556 [GMT 8:00]

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Sian\Desktop\dds.com
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.sg/
    uDefault_Page_URL = hxxp://asus.msn.com
    mLocal Page = c:\windows\syswow64\blank.htm
    mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
    uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
    mRun: [BDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
    mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [ATKOSD2] c:\program files (x86)\asus\atk package\atkosd2\ATKOSD2.exe
    mRun: [ATKMEDIA] c:\program files (x86)\asus\atk package\atk media\DMedia.exe
    mRun: [HControlUser] c:\program files (x86)\asus\atk package\atk hotkey\HControlUser.exe
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_C4A2FC3E3722966204FDD8.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\srspre~1.lnk - c:\windows\installer\{e5cf6b9c-3abe-43c9-9413-ad5ffc98f049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\micros~1\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\windows\syswow64\nvinit.dll
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    AppInit_DLLs-X64: c:\windows\system32\nvinitx.dll

    ============= SERVICES / DRIVERS ===============

    R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2010-8-8 24680]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/27 09:30:05];c:\program files (x86)\cyberlink\powerdvd9\000.fcl [2009-9-2 146928]
    R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-5-28 379520]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-8-17 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-8-17 267432]
    R2 ASMMAP64;ASMMAP64;c:\program files (x86)\asus\atk package\atkgfnex\ASMMAP64.sys [2009-7-3 15416]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-17 81072]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe [2010-6-24 1620584]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-8-7 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-5-28 2314240]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-1-18 128512]
    R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-5-28 56344]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-2-3 271872]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-18 143472]
    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\drivers\JME.sys [2010-2-25 115312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-28 135664]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-7-1 52264]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-28 35104]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-17 61280]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-6-25 116224]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-11 56832]
    S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-8-7 118672]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1255736]

    =============== Created Last 30 ================

    2010-08-17 03:39:27 0 d-----w- c:\users\sian\appdata\roaming\Avira
    2010-08-17 03:27:28 0 d-----w- c:\programdata\Sun
    2010-08-17 03:27:11 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-08-17 03:27:11 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-08-17 03:27:11 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-08-17 03:27:11 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-08-17 03:22:11 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-17 03:22:11 0 d-----w- c:\programdata\Avira
    2010-08-17 03:22:11 0 d-----w- c:\program files (x86)\Avira
    2010-08-16 06:23:02 0 d-----w- c:\programdata\Kaspersky Lab
    2010-08-15 14:05:03 0 d-----w- c:\programdata\IObit
    2010-08-15 14:04:06 0 d-----w- c:\users\sian\appdata\roaming\Malwarebytes
    2010-08-15 14:03:21 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-15 14:03:21 0 d-----w- c:\programdata\Malwarebytes
    2010-08-15 14:03:21 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-08-15 14:02:31 65536 --sha-w- C:\ntuser.dat{d0a1a51a-a867-11df-96ac-1c4bd6122b68}.TM.blf
     
  4. chiehs

    chiehs TS Rookie Topic Starter

    2010-08-15 14:02:31 65536 --sha-w- C:\ntuser.dat{d0a1a516-a867-11df-96ac-1c4bd6122b68}.TM.blf
    2010-08-15 14:02:31 524288 --sha-w- C:\ntuser.dat{d0a1a51a-a867-11df-96ac-1c4bd6122b68}.TMContainer00000000000000000002.regtrans-ms
    2010-08-15 14:02:31 524288 --sha-w- C:\ntuser.dat{d0a1a51a-a867-11df-96ac-1c4bd6122b68}.TMContainer00000000000000000001.regtrans-ms
    2010-08-15 14:02:31 524288 --sha-w- C:\ntuser.dat{d0a1a516-a867-11df-96ac-1c4bd6122b68}.TMContainer00000000000000000002.regtrans-ms
    2010-08-15 14:02:31 524288 --sha-w- C:\ntuser.dat{d0a1a516-a867-11df-96ac-1c4bd6122b68}.TMContainer00000000000000000001.regtrans-ms
    2010-08-15 14:02:31 5120 --sha-w- C:\ntuser.dat.LOG1
    2010-08-15 14:02:31 262144 ----a-w- C:\ntuser.dat
    2010-08-15 14:02:31 0 --sha-w- C:\ntuser.dat.LOG2
    2010-08-13 16:24:48 1240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-08-13 15:33:01 0 d-----w- c:\programdata\STOPzilla!
    2010-08-11 14:22:10 463360 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-11 14:22:10 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-11 14:22:10 340992 ----a-w- c:\windows\system32\schannel.dll
    2010-08-11 14:22:10 224256 ----a-w- c:\windows\syswow64\schannel.dll
    2010-08-11 14:22:10 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-11 14:22:05 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-11 14:22:04 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-08-11 14:22:04 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
    2010-08-11 14:22:03 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
    2010-08-07 17:21:42 24680 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
    2010-08-04 13:00:52 0 d-----w- c:\program files (x86)\Combined Community Codec Pack
    2010-08-03 01:56:54 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-08-02 15:41:37 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment.Trash
    2010-08-02 15:33:37 0 d-----w- c:\programdata\Blizzard Entertainment
    2010-08-02 15:33:37 0 d-----w- c:\program files (x86)\StarCraft II
    2010-08-02 15:33:37 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
    2010-07-25 13:33:06 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat

    ==================== Find3M ====================

    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-09 08:17:26 347350 ----a-w- c:\windows\system32\nvcoproc.bin
    2010-07-09 08:17:18 762472 ----a-w- c:\windows\system32\nv3dappshext.dll
    2010-07-09 08:17:18 624744 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2010-07-09 08:17:18 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2010-07-09 08:17:18 282728 ----a-w- c:\windows\system32\nvhotkey.dll
    2010-07-09 08:17:18 1882216 ----a-w- c:\windows\system32\nvsvcr.dll
    2010-07-09 08:17:18 159336 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-07-09 08:17:18 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
    2010-07-09 08:17:18 15314024 ----a-w- c:\windows\system32\nvcpl.dll
    2010-07-09 08:17:18 116328 ----a-w- c:\windows\system32\nvmctray.dll
    2010-07-07 06:03:20 660072 ----a-w- c:\windows\system32\nvuninst.exe
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-23 02:49:21 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
    2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
    2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
    2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-07 23:58:00 3184744 ----a-w- c:\windows\system32\nvencodemft.dll
    2010-06-07 23:58:00 2890856 ----a-w- c:\windows\syswow64\nvencodemft.dll
    2010-06-07 23:58:00 255592 ----a-w- c:\windows\system32\nvcod1921.dll
    2010-06-01 20:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-01 20:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
    2010-06-01 20:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
    2010-06-01 20:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-01 20:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
    2010-06-01 20:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-27 17:00:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2010-05-27 17:00:26 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
    2010-05-27 16:59:02 3054136 ----a-w- c:\windows\AsScrPro.exe
    2010-05-27 16:59:01 7680 ----a-w- c:\windows\syswow64\instnm.exe
    2010-05-27 16:59:01 5120 ----a-w- c:\windows\syswow64\wow32.dll
    2010-05-27 16:59:01 25600 ----a-w- c:\windows\syswow64\setup16.exe
    2010-05-27 16:59:01 243200 ----a-w- c:\windows\system32\wow64.dll
    2010-05-27 16:59:01 2048 ----a-w- c:\windows\syswow64\user.exe
    2010-05-27 16:59:01 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
    2010-05-27 16:58:29 716800 ----a-w- c:\windows\syswow64\jscript.dll
    2010-05-27 16:57:10 389632 ----a-w- c:\windows\system32\winlogon.exe
    2010-05-27 16:57:10 2870272 ----a-w- c:\windows\explorer.exe
    2010-05-27 16:57:10 2614272 ----a-w- c:\windows\syswow64\explorer.exe
    2010-05-27 16:53:06 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
    2010-05-27 16:52:30 70656 ----a-w- c:\windows\syswow64\fontsub.dll
    2010-05-27 16:52:30 148480 ----a-w- c:\windows\system32\t2embed.dll
    2010-05-27 16:52:30 108544 ----a-w- c:\windows\syswow64\t2embed.dll
    2010-05-27 16:52:30 100864 ----a-w- c:\windows\system32\fontsub.dll
    2010-05-27 16:48:47 311808 ----a-w- c:\windows\system32\msv1_0.dll
    2010-05-27 16:48:47 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
    2010-05-27 16:48:13 46592 ----a-w- c:\windows\system32\msasn1.dll
    2010-05-27 16:48:13 34816 ----a-w- c:\windows\syswow64\msasn1.dll
    2010-05-27 16:46:51 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
    2010-05-27 16:46:51 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
    2010-05-27 16:46:51 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2010-05-27 16:46:51 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
    2010-05-27 16:46:51 11406336 ----a-w- c:\windows\syswow64\wmp.dll
    2010-05-27 16:28:18 353576 ----a-w- c:\windows\syswow64\msvcr71.dll
    2010-05-27 16:28:18 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
    2010-05-27 16:28:17 505128 ----a-w- c:\windows\syswow64\msvcp71.dll
    2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
    2010-05-26 03:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 03:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
    2010-05-26 03:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 03:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 03:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
    2010-05-26 03:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
    2010-05-26 03:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
    2010-05-26 03:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-26 03:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
    2010-05-26 03:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-21 06:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    ============= FINISH: 15:42:10.39 ===============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
     
  6. chiehs

    chiehs TS Rookie Topic Starter

    Hi Broni,

    Thanks for your quick assistance!

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer Inc.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: K42Jv
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 204):
    0x02E5F000 \SystemRoot\system32\ntoskrnl.exe
    0x02E16000 \SystemRoot\system32\hal.dll
    0x00BD5000 \SystemRoot\system32\kdcom.dll
    0x00CB0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CF4000 \SystemRoot\system32\PSHED.dll
    0x00D08000 \SystemRoot\system32\CLFS.SYS
    0x00E43000 \SystemRoot\system32\CI.dll
    0x00F03000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00FA7000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x010C8000 \SystemRoot\System32\Drivers\spsp.sys
    0x011EE000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FB6000 \SystemRoot\system32\DRIVERS\pci.sys
    0x0109D000 \SystemRoot\System32\drivers\partmgr.sys
    0x010B2000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x010BB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FE9000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D66000 \SystemRoot\System32\drivers\volmgrx.sys
    0x011F7000 \SystemRoot\system32\drivers\pciide.sys
    0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
    0x012E1000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x014E9000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x014F2000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0151C000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01527000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01532000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0157E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0160D000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01592000 \SystemRoot\System32\Drivers\msrpc.sys
    0x017B0000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01200000 \SystemRoot\System32\Drivers\cng.sys
    0x017CA000 \SystemRoot\System32\drivers\pcw.sys
    0x017DB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0189E000 \SystemRoot\system32\drivers\ndis.sys
    0x01990000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
    0x0182B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01273000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01875000 \SystemRoot\System32\Drivers\spldr.sys
    0x00DC2000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0187D000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
    0x01882000 \SystemRoot\System32\Drivers\mup.sys
    0x01894000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x017E5000 \SystemRoot\system32\DRIVERS\disk.sys
    0x00C3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00C6A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x019F0000 \SystemRoot\System32\Drivers\Null.SYS
    0x019F9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x012BF000 \SystemRoot\System32\drivers\vga.sys
    0x02E6E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02E93000 \SystemRoot\System32\drivers\watchdog.sys
    0x02EA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02EAC000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02EB5000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02EBE000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02EC9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02EDA000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02EF8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02F05000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02F4A000 \SystemRoot\system32\drivers\afd.sys
    0x02FD4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02E26000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02E3C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02E4B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02FDD000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03C25000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03C76000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03C82000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03C8D000 \SystemRoot\System32\drivers\discache.sys
    0x03C9C000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03CBA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03CCB000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x03CED000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x100E3000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10D75000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03E4E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03F42000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04A1A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x03F88000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03F99000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04015000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x0419E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x041AB000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x041D2000 \SystemRoot\system32\DRIVERS\JME.sys
    0x03E24000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x10D77000 \SystemRoot\system32\DRIVERS\ETD.sys
    0x041F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04000000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x03FEF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x10D9C000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x04008000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04A11000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x10DC3000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0400D000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x10DD9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x10DE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x10000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x053F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x10024000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x10053000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x1006E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x1008F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03D13000 \SystemRoot\system32\DRIVERS\ks.sys
    0x100A9000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x100BB000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03D56000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x100CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05AB8000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05CF4000 \SystemRoot\system32\drivers\portcls.sys
    0x05D31000 \SystemRoot\system32\drivers\drmk.sys
    0x05D53000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05D59000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x05DA0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05DBA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x05DEF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05DF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05A0D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02C36000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x02DEE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x02C00000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x005E0000 \SystemRoot\System32\TSDDD.dll
    0x00660000 \SystemRoot\System32\cdd.dll
    0x03DDC000 \SystemRoot\system32\drivers\luafv.sys
    0x042D1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x0430E000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04296000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x043AA000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x042AB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x00E2A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x042BE000 \SystemRoot\system32\DRIVERS\TurboB.sys
    0x042C5000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    0x06284000 \SystemRoot\system32\drivers\HTTP.sys
    0x0634C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0636A000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x06382000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x063AF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06A02000 \SystemRoot\system32\drivers\peauth.sys
    0x06AA8000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06AB3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06AE0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06AF2000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
    0x06B1D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06C1F000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06CB5000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x06D64000 \SystemRoot\system32\DRIVERS\ewusbfake.sys
    0x06D81000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
    0x06C00000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x06CEB000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x06D10000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x06D9E000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x06DAC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x06DC5000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x77CA0000 \Windows\System32\ntdll.dll
    0x483A0000 \Windows\System32\smss.exe
    0xFFFC0000 \Windows\System32\apisetschema.dll
    0xFF570000 \Windows\System32\autochk.exe
    0xFFF30000 \Windows\System32\shlwapi.dll
    0xFFE50000 \Windows\System32\oleaut32.dll
    0xFFDB0000 \Windows\System32\clbcatq.dll
    0xFFBD0000 \Windows\System32\setupapi.dll
    0xFFB80000 \Windows\System32\Wldap32.dll
    0xFFA00000 \Windows\System32\urlmon.dll
    0x77B80000 \Windows\System32\kernel32.dll
    0xFF930000 \Windows\System32\usp10.dll
    0xFF6D0000 \Windows\System32\iertutil.dll
    0xFF5A0000 \Windows\System32\rpcrt4.dll
    0xFF570000 \Windows\System32\autochk.exe
    0xFF550000 \Windows\System32\imagehlp.dll
    0x77A80000 \Windows\System32\user32.dll
    0xFF420000 \Windows\System32\wininet.dll
    0xFF3A0000 \Windows\System32\difxapi.dll
    0xFF390000 \Windows\System32\lpk.dll
    0xFF280000 \Windows\System32\msctf.dll
    0xFF270000 \Windows\System32\nsi.dll
    0x77E70000 \Windows\System32\psapi.dll
    0xFF250000 \Windows\System32\sechost.dll
    0xFF1E0000 \Windows\System32\gdi32.dll
    0xFE450000 \Windows\System32\shell32.dll
    0xFE3B0000 \Windows\System32\msvcrt.dll
    0xFE310000 \Windows\System32\comdlg32.dll
    0x77E60000 \Windows\System32\normaliz.dll
    0xFE2C0000 \Windows\System32\ws2_32.dll
    0xFE0B0000 \Windows\System32\ole32.dll
    0xFDFD0000 \Windows\System32\advapi32.dll
    0xFDE60000 \Windows\System32\crypt32.dll
    0xFDDC0000 \Windows\System32\comctl32.dll
    0xFDD80000 \Windows\System32\cfgmgr32.dll
    0xFDD40000 \Windows\System32\wintrust.dll
    0xFDCD0000 \Windows\System32\KernelBase.dll
    0xFDCB0000 \Windows\System32\devobj.dll
    0xFDCA0000 \Windows\System32\msasn1.dll
    0x75CD0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 87):
    0 System Idle Process
    4 System
    328 C:\Windows\System32\smss.exe
    464 csrss.exe
    564 C:\Windows\System32\wininit.exe
    584 csrss.exe
    620 C:\Windows\System32\services.exe
    644 C:\Windows\System32\lsass.exe
    652 C:\Windows\System32\lsm.exe
    760 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    500 C:\Windows\System32\svchost.exe
    372 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\winlogon.exe
    1236 C:\Windows\System32\FBAgent.exe
    1320 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    1440 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    1508 C:\Windows\System32\spoolsv.exe
    1572 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1692 C:\Windows\System32\svchost.exe
    1820 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1856 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    1896 C:\Windows\System32\svchost.exe
    1988 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1792 C:\Windows\System32\svchost.exe
    2300 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2308 C:\Windows\System32\conhost.exe
    2600 C:\Windows\System32\svchost.exe
    2824 C:\Windows\System32\svchost.exe
    2312 C:\Windows\System32\taskhost.exe
    2904 C:\Windows\System32\taskeng.exe
    1612 C:\Windows\System32\dwm.exe
    2984 C:\Windows\explorer.exe
    256 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2064 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    1040 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    1256 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    1728 C:\Program Files\P4G\BatteryLife.exe
    1600 C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    2208 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    2816 WmiPrvSE.exe
    2924 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    1180 C:\Windows\System32\igfxtray.exe
    688 C:\Windows\System32\hkcmd.exe
    1656 C:\Windows\System32\igfxpers.exe
    2112 C:\Program Files\Elantech\ETDCtrl.exe
    3088 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    3120 WmiPrvSE.exe
    3468 C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    3484 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    3516 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    3584 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    3640 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    3648 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    3656 C:\Program Files\Elantech\ETDCtrlHelper.exe
    3668 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    3716 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3736 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3868 C:\Windows\System32\SearchIndexer.exe
    1160 C:\Windows\SysWOW64\ACEngSvr.exe
    3240 C:\Windows\System32\svchost.exe
    1412 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4836 C:\Windows\AsScrPro.exe
    4856 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    5016 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    5084 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4368 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    4008 C:\Windows\System32\svchost.exe
    2780 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    5304 C:\Program Files (x86)\Garena\Garena.exe
    4448 C:\Program Files (x86)\Mobile Broadband Modem\Mobile Broadband Modem.exe
    5928 C:\Windows\System32\audiodg.exe
    5488 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    7944 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    472 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    8152 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    9792 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    6720 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    8088 C:\Windows\System32\SearchProtocolHost.exe
    8520 C:\Windows\System32\SearchFilterHost.exe
    7408 C:\Windows\System32\SearchProtocolHost.exe
    4916 C:\Users\Sian\Desktop\MBRCheck.exe
    5500 C:\Windows\System32\conhost.exe
    9372 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`26676e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`426eac00 (NTFS)

    PhysicalDrive0 Model Number: ST9500325AS, Rev: 0003SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  7. chiehs

    chiehs TS Rookie Topic Starter

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/18/2010 at 11:46 AM

    Application Version : 4.41.1000

    Core Rules Database Version : 5372
    Trace Rules Database Version: 3184

    Scan type : Complete Scan
    Total Scan Time : 00:41:40

    Memory items scanned : 310
    Memory threats detected : 0
    Registry items scanned : 13107
    Registry threats detected : 0
    File items scanned : 101597
    File threats detected : 143

    Adware.Tracking Cookie
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@richmedia.yahoo[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@ad.yieldmanager[3].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@mediacorp.112.2o7[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@chitika[3].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@msnportal.112.2o7[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@ads.bleepingcomputer[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@atdmt[6].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@toplist[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@content.yieldmanager[5].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@sistic.122.2o7[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@2o7[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@statcounter[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@collective-media[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@ads.admaxasia[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@content.yieldmanager[4].txt
    .atdmt.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificmedia.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    cdn4.specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    cdn4.specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    cdn4.specificclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .stopzilla.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .stopzilla.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .stopzilla.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .stopzilla.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .dmtracker.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .bs.serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .smartadserver.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .smartadserver.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .smartadserver.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .smartadserver.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .xiti.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .smartadserver.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .insightexpressai.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .apmebf.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    rotator.adjuggler.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    rotator.adjuggler.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    rotator.adjuggler.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    adsrv.admediate.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    adsrv.admediate.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .webmasterplan.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    adsrv.admediate.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .webmasterplan.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .webmasterplan.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tradedoubler.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tradedoubler.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tradedoubler.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .traffictrack.de [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adtech.de [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .game-advertising-online.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adfarm1.adition.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zanox-affiliate.de [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    www.zanox-affiliate.de [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .2o7.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kaspersky.122.2o7.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .yadro.ru [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .chitika.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .statcounter.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .toplist.cz [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaonenetwork.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ads.pointroll.com [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .fastclick.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .sistic.122.2o7.net [ C:\Users\Sian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@ad.yieldmanager[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@ads.admaxasia[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@ads.pubmatic[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@atdmt[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@atdmt[3].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@atdmt[4].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@atdmt[5].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@chitika[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@content.yieldmanager[2].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@content.yieldmanager[3].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@invitemedia[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@mediaonenetwork[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@stopzilla[1].txt
    C:\Users\Sian\AppData\Roaming\Microsoft\Windows\Cookies\sian@tacoda[1].txt
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    So far, all looks clean :)

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. chiehs

    chiehs TS Rookie Topic Starter

    Hmm, it seems after I did the SUPERAntiSpyware scan and rebooted my computer, my Internet Explorer browser becomes unresponsive whenever I open it. Have to go back to using Chrome again now, do you have any idea what the problem might be?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I see no connection.
    Super removed only some tracking cookies.
    They're merely text files...more, or less harmless.

    Go ahead with OTL. We'll see what happens.
     
  11. chiehs

    chiehs TS Rookie Topic Starter

    Yup okay, just asking! Will probably just try reinstalling it to see if it fixes the problem later.

    The txt files are too large to post in the reply, so I attached them. Hope that's okay.
     

    Attached Files:

  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I don't see much here.....
    I hope, you're not using registry part of Advanced System Care....

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
      O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O33 - MountPoints2\{0136a372-8024-11df-8de2-1c4bd6122b68}\Shell - "" = AutoRun
      O33 - MountPoints2\{0136a372-8024-11df-8de2-1c4bd6122b68}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
      O33 - MountPoints2\{0136a38c-8024-11df-8de2-1c4bd6122b68}\Shell - "" = AutoRun
      O33 - MountPoints2\{0136a38c-8024-11df-8de2-1c4bd6122b68}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
      O33 - MountPoints2\{4ae60454-802d-11df-8c96-1c4bd6122b68}\Shell - "" = AutoRun
      O33 - MountPoints2\{4ae60454-802d-11df-8c96-1c4bd6122b68}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
      O33 - MountPoints2\G\Shell - "" = AutoRun
      O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/23 02:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
      [2010/08/13 23:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  13. chiehs

    chiehs TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
    File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
    C:\Windows\SysNative\igfxdev.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136a372-8024-11df-8de2-1c4bd6122b68}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136a372-8024-11df-8de2-1c4bd6122b68}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136a372-8024-11df-8de2-1c4bd6122b68}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136a372-8024-11df-8de2-1c4bd6122b68}\ not found.
    File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136a38c-8024-11df-8de2-1c4bd6122b68}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136a38c-8024-11df-8de2-1c4bd6122b68}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136a38c-8024-11df-8de2-1c4bd6122b68}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136a38c-8024-11df-8de2-1c4bd6122b68}\ not found.
    File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ae60454-802d-11df-8c96-1c4bd6122b68}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ae60454-802d-11df-8c96-1c4bd6122b68}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ae60454-802d-11df-8c96-1c4bd6122b68}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ae60454-802d-11df-8c96-1c4bd6122b68}\ not found.
    File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
    File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
    C:\ProgramData\STOPzilla!\vdb folder moved successfully.
    C:\ProgramData\STOPzilla!\Quarantine folder moved successfully.
    C:\ProgramData\STOPzilla! folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sian
    ->Temp folder emptied: 1438095 bytes
    ->Temporary Internet Files folder emptied: 99372717 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 22379383 bytes
    ->Flash cache emptied: 1944 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser.Sian-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15116 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 48955 bytes

    Total Files Cleaned = 118.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sian
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser.Sian-PC
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08182010_132712

    Files\Folders moved on Reboot...
    File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
    C:\Users\Sian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMT4MW2R\7rnylnyt[1].css moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMT4MW2R\google_com_sg[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMT4MW2R\home[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMT4MW2R\home[2].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J2P0K3\6pa1za89[1].css moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J2P0K3\8t0jwey6[1].css moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J2P0K3\aaiezkrf[1].css moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J2P0K3\google_com_sg[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J2P0K3\home[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1J2P0K3\redirectiframe[1].html moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXIYJ9GQ\AC_RunActiveContent[1].js moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXIYJ9GQ\bw7hgwyd[1].css moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXIYJ9GQ\google_com_sg[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXIYJ9GQ\home[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXIYJ9GQ\jumboseafood_com_sg[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXIYJ9GQ\pnfo76ka[1].css moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGNYR72Q\google_com_sg[1].htm moved successfully.
    C:\Users\Sian\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  14. chiehs

    chiehs TS Rookie Topic Starter

    Actually I was using it...is it bad for the computer? I didn't know..
     

    Attached Files:

    • OTL.Txt
      File size:
      114 KB
      Views:
      1
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  17. chiehs

    chiehs TS Rookie Topic Starter

    The Kaspersky online scan looks like it may take a looong while, so I'll just post the Security checkup first.


    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is disabled!)
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player
    Adobe Reader 9.3.3 MUI
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  18. chiehs

    chiehs TS Rookie Topic Starter

    The online scan didn't seem to find anything...strange...I wonder why my computer is acting so strangely.


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, August 18, 2010
    Operating system: Microsoft (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, August 18, 2010 00:54:29
    Records in database: 4138097
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    G:\
    H:\

    Scan statistics:
    Objects scanned: 106003
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 02:07:02

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Excellent :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  20. chiehs

    chiehs TS Rookie Topic Starter

    Hi Broni, did as you said, so far my computer seems to be running fine again. Thanks so much for all your help! :)
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Cool [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...