System very slow after antivirus detects trojan

Solved
By msta999
Nov 14, 2010
Topic Status:
Not open for further replies.
  1. My anti virus detected a trojan and then my HP G62-225DX laptop has been very slow. here is the logs from the first part of the 8 step:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5111

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/13/2010 10:29:01 PM
    mbam-log-2010-11-13 (22-29-01).txt

    Scan type: Quick scan
    Objects scanned: 143869
    Time elapsed: 8 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    --------------------------------------------------

    gmer - show'd nothing (blank)

    --------------------------------------------------

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/25/2010 12:22:18 PM
    System Uptime: 11/13/2010 10:05:24 PM (0 hours ago)

    Motherboard: Hewlett-Packard | | 1484
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 284 GiB total, 244.592 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.309 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
    F: is CDROM (UDF)
    G: is Removable
    H: is FIXED (NTFS) - 233 GiB total, 133.284 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP131: 11/1/2010 9:52:03 PM - Windows Update
    RP132: 11/2/2010 8:31:08 AM - Windows Update
    RP133: 11/2/2010 9:54:05 PM - Restore Operation
    RP134: 11/2/2010 10:02:17 PM - Windows Update
    RP135: 11/2/2010 10:03:19 PM - Windows Update
    RP136: 11/3/2010 4:42:34 AM - Windows Update
    RP137: 11/3/2010 8:28:50 AM - Windows Update
    RP138: 11/3/2010 6:37:11 PM - Windows Update
    RP139: 11/4/2010 4:54:35 AM - Windows Update
    RP140: 11/4/2010 6:32:28 AM - Windows Update
    RP141: 11/4/2010 1:28:44 PM - Windows Update
    RP142: 11/5/2010 12:52:51 AM - Windows Update
    RP145: 11/6/2010 11:05:23 PM - Windows Update
    RP146: 11/8/2010 5:21:01 AM - Windows Update
    RP148: 11/9/2010 8:23:05 AM - Windows Update
    RP149: 11/9/2010 6:30:00 PM - Windows Update
    RP150: 11/10/2010 12:51:18 PM - Windows Update
    RP152: 11/12/2010 8:16:43 AM - Windows Update
    RP153: 11/13/2010 12:03:31 AM - Windows Update

    ==== Installed Programs ======================

    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Adobe Shockwave Player
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    BufferChm
    Build-a-lot 2
    C4600
    Cake Mania
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink YouCam
    DBPix20
    Destinations
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Faerie Solitaire
    FATE
    Google Chrome
    Google Earth
    Google Update Helper
    GPBaseService2
    HP Advisor
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP Photo Creations
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HP User Guides 0178
    HPAsset component for HP Active Support Library
    HPProductAssistant
    HPSSupply
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 21
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kaspersky Anti-Virus 2010
    LabelPrint
    LightScribe System Software
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office Access Runtime (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft RoundTable Firmware (KB 945549)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Thunderbird (3.1.2)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Mystery P.I. - The New York Fortune
    Penguins!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PS_AIO_05_C4600_Software_Min
    QuickTransfer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Software
    Recovery Manager
    Reloaders Reference v9.3x74r
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    TextTwist 2
    Toolbox
    TrayApp
    Virtual Families
    Virtual Villagers - The Secret City
    WebReg
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! Messenger
    Yahoo! Software Update
    Zuma's Revenge

    ==== Event Viewer Messages From Past Week ========

    11/13/2010 8:41:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    11/13/2010 12:05:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007 Service Pack 2 (SP2).
    11/13/2010 10:12:09 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    11/12/2010 5:21:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Matt-PC\Matt SID (S-1-5-21-680673837-2220826610-2223672550-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    11/12/2010 5:21:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Matt-PC\Matt SID (S-1-5-21-680673837-2220826610-2223672550-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    DDS.txt log is missing.
  3. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    Sorry, it said not to post it unless asked for. Here it is:

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Matt at 22:38:50.35 on Sat 11/13/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1920 [GMT -8:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Matt\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.heraldnet.com/
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ============= SERVICES / DRIVERS ===============

    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
    R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-11 1153368]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-5 144896]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-27 295424]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-1-29 1089056]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 136176]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-26 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

    =============== Created Last 30 ================

    2010-11-14 06:19:31 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
    2010-11-14 06:19:03 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-14 06:19:00 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-14 06:18:58 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-14 06:18:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-12 16:17:14 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F2B585CC-B7DC-45E3-B6A8-0FF8D02B786E}\mpengine.dll
    2010-11-11 09:13:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-11-11 09:13:58 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-10-26 21:06:47 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-26 21:06:47 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-26 21:06:47 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-26 21:06:47 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-26 21:06:47 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-26 21:06:47 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-26 21:06:47 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-26 21:06:36 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

    ==================== Find3M ====================

    2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    ============= FINISH: 22:39:58.57 ===============
  4. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  5. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP G62 Notebook PC
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 199):
    0x02C1B000 \SystemRoot\system32\ntoskrnl.exe
    0x031F7000 \SystemRoot\system32\hal.dll
    0x00BC7000 \SystemRoot\system32\kdcom.dll
    0x00C6E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CB2000 \SystemRoot\system32\PSHED.dll
    0x00CC6000 \SystemRoot\system32\CLFS.SYS
    0x00D24000 \SystemRoot\system32\CI.dll
    0x00E3F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EE3000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EF2000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F49000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F52000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F5C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F8F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F9C000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FB1000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FBA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FC6000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
    0x010B8000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x011D4000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0102A000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01035000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x01045000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01222000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014E5000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01543000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0155D000 \SystemRoot\System32\Drivers\cng.sys
    0x015D0000 \SystemRoot\System32\drivers\pcw.sys
    0x015E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01671000 \SystemRoot\system32\drivers\ndis.sys
    0x01763000 \SystemRoot\system32\drivers\NETIO.SYS
    0x017C3000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01801000 \SystemRoot\System32\drivers\tcpip.sys
    0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
    0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01652000 \SystemRoot\System32\Drivers\mup.sys
    0x017EE000 \SystemRoot\system32\DRIVERS\klbg.sys
    0x01664000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x014C0000 \SystemRoot\system32\DRIVERS\disk.sys
    0x013C5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x03B35000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03B5F000 \SystemRoot\system32\DRIVERS\klif.sys
    0x03BBC000 \SystemRoot\System32\Drivers\Null.SYS
    0x03BC5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x03BCC000 \SystemRoot\System32\drivers\vga.sys
    0x03BDA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x015EB000 \SystemRoot\System32\drivers\watchdog.sys
    0x013F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01200000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01209000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01212000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x011DD000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x011EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03C2F000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x04158000 \SystemRoot\system32\drivers\afd.sys
    0x02CDB000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02D20000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02D29000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D4F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02D65000 \SystemRoot\system32\DRIVERS\klim6.sys
    0x02D6F000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02D7E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02D99000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02DAD000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02C00000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02C0C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02C17000 \SystemRoot\System32\drivers\discache.sys
    0x02C26000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02C44000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02C55000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02C7B000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02C91000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0480A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x02C96000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x042B4000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x043A8000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x043EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04267000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x09654000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
    0x0977C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x09789000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x097D5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x09600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0529C000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x052EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x052F0000 \SystemRoot\system32\DRIVERS\klmouflt.sys
    0x052FA000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05309000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x05312000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x05322000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x05338000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0535C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05368000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x05397000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x053B2000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x053D3000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x053ED000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05200000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05243000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0562E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05688000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05A82000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05CA9000 \SystemRoot\system32\drivers\portcls.sys
    0x05CE6000 \SystemRoot\system32\drivers\drmk.sys
    0x05D08000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05D0E000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x05D36000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05D42000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x05D8C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05DA9000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x00590000 \SystemRoot\System32\TSDDD.dll
    0x05A2E000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x0569D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05A3C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00830000 \SystemRoot\System32\ATMFD.DLL
    0x05A4F000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x05A60000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x05A6C000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x05D50000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x057B9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x05D78000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x057D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x057E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05D82000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05600000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05255000 \SystemRoot\system32\drivers\luafv.sys
    0x0560D000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05278000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0960F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x09622000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0528D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x03A53000 \SystemRoot\system32\drivers\HTTP.sys
    0x0428B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0963A000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x026A4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x026F2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x02715000 \SystemRoot\system32\drivers\peauth.sys
    0x027BB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x027C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x02600000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x02612000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x070EE000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07184000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x77610000 \Windows\System32\ntdll.dll
    0x47FE0000 \Windows\System32\smss.exe
    0xFF930000 \Windows\System32\apisetschema.dll
    0xFF840000 \Windows\System32\autochk.exe
    0xFF880000 \Windows\System32\clbcatq.dll
    0x777E0000 \Windows\System32\normaliz.dll
    0x774F0000 \Windows\System32\kernel32.dll
    0xFF750000 \Windows\System32\rpcrt4.dll
    0xFF6D0000 \Windows\System32\shlwapi.dll
    0xFF6B0000 \Windows\System32\imagehlp.dll
    0xFF660000 \Windows\System32\ws2_32.dll
    0xFF5E0000 \Windows\System32\difxapi.dll
    0xFF5C0000 \Windows\System32\sechost.dll
    0xFF3B0000 \Windows\System32\ole32.dll
    0xFF2D0000 \Windows\System32\oleaut32.dll
    0xFF2C0000 \Windows\System32\nsi.dll
    0xFF270000 \Windows\System32\Wldap32.dll
    0xFE4E0000 \Windows\System32\shell32.dll
    0xFE300000 \Windows\System32\setupapi.dll
    0xFE1D0000 \Windows\System32\wininet.dll
    0xFE130000 \Windows\System32\comdlg32.dll
    0xFE050000 \Windows\System32\advapi32.dll
    0xFDFB0000 \Windows\System32\msvcrt.dll
    0x773F0000 \Windows\System32\user32.dll
    0xFDFA0000 \Windows\System32\lpk.dll
    0xFDF30000 \Windows\System32\gdi32.dll
    0xFDF00000 \Windows\System32\imm32.dll
    0xFDD80000 \Windows\System32\urlmon.dll
    0xFDC70000 \Windows\System32\msctf.dll
    0xFDA10000 \Windows\System32\iertutil.dll
    0xFD940000 \Windows\System32\usp10.dll
    0x777D0000 \Windows\System32\psapi.dll
    0xFD7D0000 \Windows\System32\crypt32.dll
    0xFD730000 \Windows\System32\comctl32.dll
    0xFD6F0000 \Windows\System32\wintrust.dll
    0xFD680000 \Windows\System32\KernelBase.dll
    0xFD660000 \Windows\System32\devobj.dll
    0xFD620000 \Windows\System32\cfgmgr32.dll
    0xFD610000 \Windows\System32\msasn1.dll
    0x76F90000 \Windows\SysWOW64\normaliz.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    348 C:\Windows\System32\smss.exe
    476 csrss.exe
    540 C:\Windows\System32\wininit.exe
    576 csrss.exe
    600 C:\Windows\System32\services.exe
    616 C:\Windows\System32\lsass.exe
    628 C:\Windows\System32\lsm.exe
    736 C:\Windows\System32\svchost.exe
    804 C:\Windows\System32\winlogon.exe
    860 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    368 C:\Windows\System32\svchost.exe
    844 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\spoolsv.exe
    1296 C:\Windows\System32\svchost.exe
    1416 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    1440 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    1504 C:\Windows\System32\taskhost.exe
    1636 C:\Windows\System32\svchost.exe
    1652 C:\Windows\System32\dwm.exe
    1704 C:\Windows\explorer.exe
    1716 C:\Windows\SysWOW64\svchost.exe
    1748 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    1792 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1832 C:\Windows\System32\svchost.exe
    472 C:\Windows\System32\svchost.exe
    1956 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    1084 C:\Windows\System32\svchost.exe
    2064 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2288 C:\Windows\System32\igfxtray.exe
    2304 C:\Windows\System32\hkcmd.exe
    2328 C:\Windows\System32\igfxpers.exe
    2344 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2372 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    2496 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2644 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    2652 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    2708 C:\Program Files\Java\jre6\bin\jusched.exe
    2788 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3040 WmiPrvSE.exe
    3064 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    1460 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    3016 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    1448 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3080 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    3088 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3368 C:\Windows\System32\SearchIndexer.exe
    3908 WUDFHost.exe
    3300 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2756 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2764 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
    3380 C:\Windows\System32\svchost.exe
    2784 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    3352 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    224 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    2160 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    4384 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4752 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
    5032 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    3364 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
    5048 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    3340 C:\Windows\System32\svchost.exe
    4688 C:\Windows\System32\wuauclt.exe
    3568 C:\Windows\System32\svchost.exe
    4860 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    980 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    3432 C:\Windows\System32\taskeng.exe
    1216 C:\Windows\System32\SearchProtocolHost.exe
    1000 C:\Windows\System32\SearchFilterHost.exe
    3736 C:\Windows\System32\audiodg.exe
    1944 dllhost.exe
    3220 dllhost.exe
    4712 C:\Users\Matt\Desktop\MBRCheck.exe
    1688 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`01e00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004a`7f500000 (FAT32)
    \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001
    PhysicalDrive2 Model Number: ST325082J, Rev: 3.AA

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 4D658D98AF63420E19685FDF758F22E67D2F3B93
    232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  6. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    We need to fix your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
  7. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    I can't figure out how to boot from cd. I've try'd esc, F2, F8, Del. ?
  8. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Did you try to put the CD in and restart computer to see, if it'll boot from the CD?
  9. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    Yes, I did. The only thing that comes up on reboot is "hit esc" and that takes me into safe mode option. I have rebooted several times, just watching the screen and nothing else shows up.
  10. Broni

    Broni Malware Annihilator Posts: 46,131   +251

  11. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    OK, I was hitting the esc too long and it was going to another window. Now, I can get to the part where I select english, but after that I just get:

    Can't open CD drivver CDRCACH
    SHSUCDX Can't install
    Error: Failure loading; unable to find CD-ROM drive!
    If you have multiple cd-rom drives, please remove the other cd - rom and try again................it goes on.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    I'm glad to see, you figured out how to boot from the CD :)

    We'll use another method to reset MBR since the above didn't want to work...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning ISO Images to a CD or DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.


    I have to post it in two parts, because the board doesn't allow me so many images in one post.
  13. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
  14. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    Finally! Thanks, here it is

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP G62 Notebook PC
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 199):
    0x02C09000 \SystemRoot\system32\ntoskrnl.exe
    0x031E5000 \SystemRoot\system32\hal.dll
    0x00BC4000 \SystemRoot\system32\kdcom.dll
    0x00C8A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CCE000 \SystemRoot\system32\PSHED.dll
    0x00CE2000 \SystemRoot\system32\CLFS.SYS
    0x00D40000 \SystemRoot\system32\CI.dll
    0x00E3A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EDE000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EED000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F44000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F4D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F57000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F8A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F97000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FAC000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FB5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FC1000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FD6000 \SystemRoot\System32\drivers\mountmgr.sys
    0x010C1000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x011DD000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0102A000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01035000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x01045000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0123A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014AF000 \SystemRoot\System32\Drivers\msrpc.sys
    0x0150D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01527000 \SystemRoot\System32\Drivers\cng.sys
    0x0159A000 \SystemRoot\System32\drivers\pcw.sys
    0x015AB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01641000 \SystemRoot\system32\drivers\ndis.sys
    0x01733000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01793000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01801000 \SystemRoot\System32\drivers\tcpip.sys
    0x015B5000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017BE000 \SystemRoot\System32\Drivers\spldr.sys
    0x017C6000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01600000 \SystemRoot\System32\Drivers\mup.sys
    0x01612000 \SystemRoot\system32\DRIVERS\klbg.sys
    0x01620000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01629000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x03A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03A2A000 \SystemRoot\system32\DRIVERS\klif.sys
    0x03A87000 \SystemRoot\System32\Drivers\Null.SYS
    0x03A90000 \SystemRoot\System32\Drivers\Beep.SYS
    0x03A97000 \SystemRoot\System32\drivers\vga.sys
    0x03AA5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01494000 \SystemRoot\System32\drivers\watchdog.sys
    0x014A4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01230000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x013DD000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x013E6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x010B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x013F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03C98000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x03C00000 \SystemRoot\system32\drivers\afd.sys
    0x02C05000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02C4A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02C53000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C79000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02C8F000 \SystemRoot\system32\DRIVERS\klim6.sys
    0x02C99000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02CA8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02CC3000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02CD7000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02D28000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02D34000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02D3F000 \SystemRoot\System32\drivers\discache.sys
    0x02D4E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02D6C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02D7D000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02DA3000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02DB9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04805000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x02DBE000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0448F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04583000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x045C9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04456000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04467000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x052C2000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
    0x053EA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x0524C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0526A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x056D0000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x05722000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05724000 \SystemRoot\system32\DRIVERS\klmouflt.sys
    0x0572E000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0573D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x05746000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x05756000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0576C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05790000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0579C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x057CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x05600000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x05621000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0563B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0563D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05680000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0584E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x058A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05A4C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05C73000 \SystemRoot\system32\drivers\portcls.sys
    0x05CB0000 \SystemRoot\system32\drivers\drmk.sys
    0x05CD2000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05CD8000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x05D00000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05D0C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x058BD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05D1A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05D2D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00440000 \SystemRoot\System32\TSDDD.dll
    0x00750000 \SystemRoot\System32\cdd.dll
    0x008D0000 \SystemRoot\System32\ATMFD.DLL
    0x05D3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05D58000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x05D86000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x05D97000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x05DA3000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x05DB3000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x05DDB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x05DF6000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x05A00000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05A0E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05A27000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05A30000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x059D9000 \SystemRoot\system32\drivers\luafv.sys
    0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05821000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03ACA000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x05836000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x05692000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x05A3D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x03B1D000 \SystemRoot\system32\drivers\HTTP.sys
    0x056AA000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x057E6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05279000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x034FD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0354B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03400000 \SystemRoot\system32\drivers\peauth.sys
    0x034A6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x034B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x034DE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0356E000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07262000 \SystemRoot\System32\DRIVERS\srv.sys
    0x072F8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0732B000 \SystemRoot\system32\drivers\spsys.sys
    0x77A00000 \Windows\System32\ntdll.dll
    0x47F50000 \Windows\System32\smss.exe
    0xFFD20000 \Windows\System32\apisetschema.dll
    0xFF9A0000 \Windows\System32\autochk.exe
    0xFFBE0000 \Windows\System32\wininet.dll
    0xFFB40000 \Windows\System32\clbcatq.dll
    0xFFA30000 \Windows\System32\msctf.dll
    0xFF900000 \Windows\System32\rpcrt4.dll
    0xFF6A0000 \Windows\System32\iertutil.dll
    0xFF680000 \Windows\System32\imagehlp.dll
    0x778E0000 \Windows\System32\kernel32.dll
    0xFF5E0000 \Windows\System32\msvcrt.dll
    0xFE850000 \Windows\System32\shell32.dll
    0xFE780000 \Windows\System32\usp10.dll
    0xFE6A0000 \Windows\System32\advapi32.dll
    0xFE630000 \Windows\System32\gdi32.dll
    0xFE600000 \Windows\System32\imm32.dll
    0xFE3F0000 \Windows\System32\ole32.dll
    0x777E0000 \Windows\System32\user32.dll
    0x77BD0000 \Windows\System32\normaliz.dll
    0xFE210000 \Windows\System32\setupapi.dll
    0xFE200000 \Windows\System32\lpk.dll
    0xFE180000 \Windows\System32\difxapi.dll
    0xFE130000 \Windows\System32\Wldap32.dll
    0xFE050000 \Windows\System32\oleaut32.dll
    0xFE030000 \Windows\System32\sechost.dll
    0xFDFB0000 \Windows\System32\shlwapi.dll
    0xFDF10000 \Windows\System32\comdlg32.dll
    0xFDD90000 \Windows\System32\urlmon.dll
    0x77BC0000 \Windows\System32\psapi.dll
    0xFDD40000 \Windows\System32\ws2_32.dll
    0xFDD30000 \Windows\System32\nsi.dll
    0xFDBC0000 \Windows\System32\crypt32.dll
    0xFDB50000 \Windows\System32\KernelBase.dll
    0xFDB10000 \Windows\System32\wintrust.dll
    0xFDA70000 \Windows\System32\comctl32.dll
    0xFDA30000 \Windows\System32\cfgmgr32.dll
    0xFDA10000 \Windows\System32\devobj.dll
    0xFDA00000 \Windows\System32\msasn1.dll
    0x77060000 \Windows\SysWOW64\normaliz.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    348 C:\Windows\System32\smss.exe
    476 csrss.exe
    532 C:\Windows\System32\wininit.exe
    544 csrss.exe
    580 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    716 C:\Windows\System32\svchost.exe
    788 C:\Windows\System32\winlogon.exe
    840 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    384 C:\Windows\System32\audiodg.exe
    528 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\spoolsv.exe
    1264 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\taskhost.exe
    1452 C:\Windows\System32\dwm.exe
    1464 C:\Windows\explorer.exe
    1504 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    1532 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    1664 C:\Windows\System32\svchost.exe
    1692 C:\Windows\System32\taskeng.exe
    1712 C:\Windows\SysWOW64\svchost.exe
    1756 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    1812 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1884 C:\Windows\System32\svchost.exe
    1972 C:\Windows\System32\svchost.exe
    2008 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    1040 C:\Windows\System32\svchost.exe
    2120 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2296 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2360 C:\Windows\System32\igfxtray.exe
    2368 C:\Windows\System32\hkcmd.exe
    2384 C:\Windows\System32\igfxpers.exe
    2480 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2512 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    2624 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    2680 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    2692 C:\Program Files\Java\jre6\bin\jusched.exe
    2716 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    2796 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    2880 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    2904 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2972 WmiPrvSE.exe
    1432 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3280 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    3576 C:\Windows\System32\SearchIndexer.exe
    3652 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    3744 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3984 WUDFHost.exe
    4080 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2600 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3644 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
    2352 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    3864 C:\Windows\System32\SearchProtocolHost.exe
    3336 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    2888 C:\Windows\System32\svchost.exe
    4104 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    4208 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4732 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    700 C:\Windows\System32\sppsvc.exe
    1352 C:\Windows\System32\svchost.exe
    3892 WmiPrvSE.exe
    668 C:\Windows\System32\wuauclt.exe
    3476 C:\Windows\System32\SearchFilterHost.exe
    2244 dllhost.exe
    4400 dllhost.exe
    4680 C:\Users\Matt\Desktop\MBRCheck.exe
    4684 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`01e00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004a`7f500000 (FAT32)
    \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001
    PhysicalDrive2 Model Number: ST325082J, Rev: 3.AA

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  15. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Good job :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    Hope I did this right. I opened OTL, pasted the info you left and ran quick scan. Here it is:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop
  17. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    I see I didn't get it all, I'll try it again:

    OTL Extras logfile created on: 11/14/2010 8:02:29 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matt\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.83 Gb Total Space | 244.17 Gb Free Space | 86.03% Space Free | Partition Type: NTFS
    Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 92.66 Mb Free Space | 93.28% Space Free | Partition Type: FAT32
    Drive H: | 232.88 Gb Total Space | 124.97 Gb Free Space | 53.66% Space Free | Partition Type: NTFS

    Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
    "{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelĀ® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
    "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
    "{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "DBPix" = DBPix20
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
    "My HP Game Console" = HP Game Console
    "Reloaders Reference v9.3x74r" = Reloaders Reference v9.3x74r
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT082122" = Blackhawk Striker 2
    "WT082124" = Blasterball 3
    "WT082133" = Dora's Carnival Adventure
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082171" = Poker Superstars III
    "WT082172" = Polar Bowler
    "WT082173" = Polar Golfer
    "WT082188" = Virtual Families
    "WT082189" = Wheel of Fortune 2
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082438" = Build-a-lot 2
    "WT082442" = Faerie Solitaire
    "WT082443" = Jewel Quest 3
    "WT082456" = Mystery P.I. - The New York Fortune
    "WT082463" = Zuma's Revenge
    "WT082468" = Jewel Quest Solitaire 2
    "WT083477" = Cake Mania
    "WT083484" = Escape Rosecliff Island
    "WT083491" = TextTwist 2
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/3/2010 11:29:14 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 11/3/2010 11:29:14 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 11/3/2010 9:37:38 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 11/3/2010 9:37:38 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 11/4/2010 8:36:36 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/4/2010 8:37:48 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 11/4/2010 9:33:11 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 11/4/2010 9:33:11 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 11/4/2010 4:29:37 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 11/4/2010 4:29:37 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
    Description =

    [ System Events ]
    Error - 11/14/2010 2:12:09 AM | Computer Name = Matt-PC | Source = NetBT | ID = 4319
    Description = A duplicate name has been detected on the TCP network. The IP address
    of the computer that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.

    Error - 11/14/2010 4:14:35 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007
    Service Pack 2 (SP2).

    Error - 11/14/2010 4:40:38 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007
    Service Pack 2 (SP2).

    Error - 11/14/2010 1:04:35 PM | Computer Name = Matt-PC | Source = NetBT | ID = 4319
    Description = A duplicate name has been detected on the TCP network. The IP address
    of the computer that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.

    Error - 11/14/2010 2:17:57 PM | Computer Name = Matt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007
    Service Pack 2 (SP2).

    Error - 11/14/2010 2:34:40 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866306
    Description =

    Error - 11/14/2010 2:34:40 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866306
    Description =

    Error - 11/14/2010 3:17:13 PM | Computer Name = Matt-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:14:35 AM on ?11/?14/?2010 was unexpected.

    Error - 11/14/2010 4:19:21 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 11/14/2010 4:52:23 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7024
    Description = The Superfetch service terminated with service-specific error %%0.


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    I still need OTL.txt log.
     
  19. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    I don't see it. I see OTL and Extra and I believe I posted both of them. Where will I find it?
  20. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    maybe this is it:

    OTL logfile created on: 11/14/2010 8:02:29 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matt\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.83 Gb Total Space | 244.17 Gb Free Space | 86.03% Space Free | Partition Type: NTFS
    Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 92.66 Mb Free Space | 93.28% Space Free | Partition Type: FAT32
    Drive H: | 232.88 Gb Total Space | 124.97 Gb Free Space | 53.66% Space Free | Partition Type: NTFS

    Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    PRC - [2010/10/06 15:17:30 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
    PRC - [2010/08/18 08:24:48 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/01/18 14:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/08/18 08:24:48 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/04 10:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/07/25 11:52:05 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2010/03/05 11:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2010/03/05 11:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/02/05 16:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/01/29 01:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2009/11/27 17:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
    DRV:64bit: - [2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009/09/22 17:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/09/22 17:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.heraldnet.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/07 18:34:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/11/02 20:57:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2010/07/25 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
    [2010/07/25 12:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/14 19:54:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2010/11/14 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Windows Live
    [2010/11/14 10:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\NTBR_CD
    [2010/11/13 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
    [2010/11/13 22:19:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/13 22:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/13 22:18:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/13 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/13 21:57:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
    [2010/11/11 01:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/11/11 01:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2010/11/07 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Fishing w Brian
    [2010/10/25 15:25:25 | 000,000,000 | R--D | C] -- C:\Users\Matt\Desktop\Work
    [2010/10/24 20:06:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Family

    ========== Files - Modified Within 30 Days ==========

    [2010/11/14 20:03:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2010/11/14 18:23:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 18:23:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 18:16:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/14 18:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/14 18:16:19 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/14 17:54:45 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/14 17:54:45 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/14 17:54:45 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/14 10:10:44 | 002,565,432 | ---- | M] () -- C:\Users\Matt\Desktop\NTBR_CD.exe
    [2010/11/14 09:04:44 | 000,080,384 | ---- | M] () -- C:\Users\Matt\Desktop\MBRCheck.exe
    [2010/11/13 22:38:46 | 000,630,272 | ---- | M] () -- C:\Users\Matt\Desktop\dds.scr
    [2010/11/13 22:35:49 | 000,296,448 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.exe
    [2010/11/13 22:19:06 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 22:16:26 | 000,053,752 | ---- | M] () -- C:\Users\Matt\Desktop\4716-malwarebytes-anti-malware.htm
    [2010/11/13 21:57:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
    [2010/11/12 17:17:49 | 000,007,204 | ---- | M] () -- C:\Users\Matt\Desktop\Makita 9.6.jpg
    [2010/11/11 01:14:05 | 000,001,282 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/11/11 01:14:05 | 000,001,258 | ---- | M] () -- C:\Users\Matt\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/04 11:07:02 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/11/02 21:22:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job
    [2010/11/01 12:25:36 | 000,026,112 | ---- | M] () -- C:\Users\Matt\Documents\What kind of Woman am I looking for.doc
    [2010/10/26 16:02:34 | 000,196,565 | ---- | M] () -- C:\Users\Matt\Desktop\1999 jeep cherokee sport 4x4 4dr black.mht
    [2010/10/23 23:54:45 | 000,129,594 | ---- | M] () -- C:\Users\Matt\Documents\Stavick.10-18-10.tif

    ========== Files Created - No Company Name ==========

    [2010/11/14 10:10:41 | 002,565,432 | ---- | C] () -- C:\Users\Matt\Desktop\NTBR_CD.exe
    [2010/11/14 09:04:42 | 000,080,384 | ---- | C] () -- C:\Users\Matt\Desktop\MBRCheck.exe
    [2010/11/13 23:46:36 | 000,159,301 | ---- | C] () -- C:\Users\Matt\Desktop\22 mag int arms.JPG
    [2010/11/13 22:38:16 | 000,630,272 | ---- | C] () -- C:\Users\Matt\Desktop\dds.scr
    [2010/11/13 22:35:36 | 000,296,448 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.exe
    [2010/11/13 22:19:06 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 22:16:22 | 000,053,752 | ---- | C] () -- C:\Users\Matt\Desktop\4716-malwarebytes-anti-malware.htm
    [2010/11/12 17:18:27 | 000,007,204 | ---- | C] () -- C:\Users\Matt\Desktop\Makita 9.6.jpg
    [2010/11/11 01:14:05 | 000,001,282 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/11/11 01:14:05 | 000,001,258 | ---- | C] () -- C:\Users\Matt\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/01 12:25:35 | 000,026,112 | ---- | C] () -- C:\Users\Matt\Documents\What kind of Woman am I looking for.doc
    [2010/10/26 16:02:33 | 000,196,565 | ---- | C] () -- C:\Users\Matt\Desktop\1999 jeep cherokee sport 4x4 4dr black.mht
    [2010/10/23 23:54:38 | 000,129,594 | ---- | C] () -- C:\Users\Matt\Documents\Stavick.10-18-10.tif
    [2010/10/07 16:41:47 | 000,001,769 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/08/15 16:47:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/07/25 11:31:13 | 000,000,412 | ---- | C] () -- C:\ProgramData\HPWALog.txt
    [2010/04/27 00:32:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2010/04/27 00:32:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/04/27 00:32:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/04/27 00:32:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/04/27 00:31:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/04/27 00:17:00 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/04/27 00:17:00 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/03/24 11:30:15 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/03/24 11:25:41 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/03/24 11:24:33 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/03/24 11:24:01 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/03/05 11:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/03/05 11:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2009/09/29 14:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/07/25 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Thunderbird
    [2010/11/14 17:55:33 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/11/14 18:16:19 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/14 18:16:22 | 3148,791,808 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/25 11:55:53 | 000,000,221 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/13 22:35:49 | 000,296,448 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.exe
    [2010/11/14 09:04:44 | 000,080,384 | ---- | M] () -- C:\Users\Matt\Desktop\MBRCheck.exe
    [2010/11/14 10:10:44 | 002,565,432 | ---- | M] () -- C:\Users\Matt\Desktop\NTBR_CD.exe
    [2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2010/11/13 21:57:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2010/07/29 16:29:46 | 000,103,720 | ---- | M] () -- C:\Users\Matt\GoToAssistDownloadHelper.exe

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 14:34:04 | 000,000,402 | -HS- | M] () -- C:\Users\Matt\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/30 11:26:00 | 000,000,412 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2010/10/07 18:45:50 | 000,001,769 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/04/27 00:32:31 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/03/24 11:30:54 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/04/27 00:32:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/03/24 11:25:35 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/04/27 00:31:29 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/04/27 00:32:18 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/03/24 11:24:28 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/03/24 11:30:10 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/04/27 00:32:36 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Now, you got it :)
    Hold on there...
  22. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring" =-
      "" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    The JavaRa is only an addvertisement. I checked download.com but it wasn't there. You have another safe place to download it?
  24. Broni

    Broni Malware Annihilator Posts: 46,131   +251

  25. msta999

    msta999 Newcomer, in training Topic Starter Posts: 99

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Matt
    ->Temp folder emptied: 16157510 bytes
    ->Temporary Internet Files folder emptied: 40552648 bytes
    ->Java cache emptied: 3617 bytes
    ->Google Chrome cache emptied: 10259933 bytes
    ->Flash cache emptied: 2982 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 152033 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 90630 bytes

    Total Files Cleaned = 64.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Matt
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_234415

    Files\Folders moved on Reboot...
    C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DF02901C987581DDA2.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DF1A1229C67C6AE9FB.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DF2BC0984C247B8A39.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DF35661218CD0D9C00.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DF38433C28509C228A.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DF90CD9F921729215B.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DFAB6ABCDFEE3BD86E.TMP not found!
    File\Folder C:\Users\Matt\AppData\Local\Temp\~DFEAC81F3445601ECC.TMP not found!
    C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S5XJ4EWN\sh27[1].html moved successfully.
    C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ335RQ4\crosspixel-dest[1].htm moved successfully.
    C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ335RQ4\topic156562-2[1].html moved successfully.
    C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.