Solved Possible virus/malware sluggish connection

[CUtley26]

About a week ago my pc began to run sluggish upon opening programs and the internet connection seems to have slowed considerably. At first I considered it to be possible dust within the desktop, upon cleaning I still have the same problems.

I have ran Spybot and Adaware and upon detecting some items it has not cleared my problem.

I am attaching the required logs as requested. Thank you for your time and effort to investigate this matter. I have skipped step 4 because I am running Win 7 x64

 

[Broni]

Welcome aboard

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[CUtley26]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 202):
0x02C0D000 \SystemRoot\system32\ntoskrnl.exe
0x031E9000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00CDC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CE9000 \SystemRoot\system32\PSHED.dll
0x00CFD000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00D5B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E27000 \SystemRoot\System32\Drivers\spqy.sys
0x00F4D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00F56000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F85000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x010BD000 \SystemRoot\system32\DRIVERS\pci.sys
0x010F0000 \SystemRoot\System32\drivers\partmgr.sys
0x01105000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0111A000 \SystemRoot\System32\drivers\volmgrx.sys
0x01176000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0117D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0118D000 \SystemRoot\System32\drivers\mountmgr.sys
0x011A7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011B0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011DA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0147E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014DC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F6000 \SystemRoot\System32\Drivers\cng.sys
0x01569000 \SystemRoot\System32\drivers\pcw.sys
0x0157A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x016D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01584000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017D8000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E0000 \SystemRoot\System32\Drivers\mup.sys
0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015D0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02CA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CD1000 \SystemRoot\System32\Drivers\Null.SYS
0x02CDA000 \SystemRoot\System32\Drivers\Beep.SYS
0x02CE1000 \SystemRoot\System32\drivers\vga.sys
0x02CEF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D14000 \SystemRoot\System32\drivers\watchdog.sys
0x02D24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D2D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D36000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D3F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D4A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D5B000 \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
0x02D86000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DA4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x02DB1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x036E1000 \SystemRoot\system32\DRIVERS\serial.sys
0x036FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03719000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0372D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0377E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0378A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03795000 \SystemRoot\System32\drivers\discache.sys
0x03600000 \SystemRoot\system32\drivers\csc.sys
0x03683000 \SystemRoot\System32\Drivers\dfsc.sys
0x036A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x036B2000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
0x037A4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x037CA000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03E68000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0449E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04592000 \SystemRoot\System32\drivers\dxgmms1.sys
0x045D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03E32000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03E3F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04872000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x048C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x048D9000 \SystemRoot\system32\DRIVERS\irsir.sys
0x048E5000 \SystemRoot\system32\drivers\irenum.sys
0x048EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0490C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0491B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0492A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04936000 \SystemRoot\System32\Drivers\at8r90ma.SYS
0x0497B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04984000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04994000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x0499B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x049B1000 \SystemRoot\system32\DRIVERS\bridge.sys
0x049CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x049F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0484A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x037DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04CF2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x04D2F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04D31000 \SystemRoot\system32\DRIVERS\ks.sys
0x04D74000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D86000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04DE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C00000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04C21000 \SystemRoot\system32\drivers\portcls.sys
0x04C5E000 \SystemRoot\system32\drivers\drmk.sys
0x04C80000 \SystemRoot\system32\drivers\ksthunk.sys
0x05818000 \SystemRoot\system32\drivers\viahduaa.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x059AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x04C86000 \SystemRoot\system32\DRIVERS\udfs.sys
0x059B8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059C6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x059D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x059DB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x013E4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x059EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02A88000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02AA5000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x02AB6000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02AC2000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x02AD2000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x02AFA000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x006E0000 \SystemRoot\System32\cdd.dll
0x02B04000 \SystemRoot\system32\drivers\luafv.sys
0x02B27000 \SystemRoot\system32\drivers\WudfPf.sys
0x02B48000 \SystemRoot\system32\DRIVERS\irda.sys
0x02B6B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02B80000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05E86000 \SystemRoot\system32\drivers\HTTP.sys
0x05F4E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F6C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05F84000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05FB1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05E23000 \SystemRoot\System32\Drivers\adfs.SYS
0x05E3B000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
0x05E58000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x05E5F000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x0669D000 \SystemRoot\system32\drivers\peauth.sys
0x06743000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0674E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0677B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0678D000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A4E000 \SystemRoot\System32\DRIVERS\srv.sys
0x06AE4000 \SystemRoot\system32\DRIVERS\bdfm.sys
0x06B0E000 \SystemRoot\system32\DRIVERS\BDHV.SYS
0x777B0000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0xFFAD0000 \Windows\System32\apisetschema.dll
0xFF5F0000 \Windows\System32\autochk.exe
0xFF8B0000 \Windows\System32\ole32.dll
0xFF890000 \Windows\System32\imagehlp.dll
0xFF840000 \Windows\System32\Wldap32.dll
0xFF710000 \Windows\System32\rpcrt4.dll
0xFF4B0000 \Windows\System32\iertutil.dll
0xFF430000 \Windows\System32\difxapi.dll
0x77980000 \Windows\System32\normaliz.dll
0xFF3B0000 \Windows\System32\shlwapi.dll
0xFF1D0000 \Windows\System32\setupapi.dll
0xFF1C0000 \Windows\System32\nsi.dll
0x77970000 \Windows\System32\psapi.dll
0xFF090000 \Windows\System32\wininet.dll
0xFF020000 \Windows\System32\gdi32.dll
0xFF000000 \Windows\System32\sechost.dll
0xFEE80000 \Windows\System32\urlmon.dll
0xFEE30000 \Windows\System32\ws2_32.dll
0xFED60000 \Windows\System32\usp10.dll
0x77690000 \Windows\System32\kernel32.dll
0xFEC50000 \Windows\System32\msctf.dll
0xFEBB0000 \Windows\System32\clbcatq.dll
0xFEBA0000 \Windows\System32\lpk.dll
0x77590000 \Windows\System32\user32.dll
0xFDE10000 \Windows\System32\shell32.dll
0xFDD70000 \Windows\System32\msvcrt.dll
0xFDD40000 \Windows\System32\imm32.dll
0xFDCA0000 \Windows\System32\comdlg32.dll
0xFDBC0000 \Windows\System32\oleaut32.dll
0xFDAE0000 \Windows\System32\advapi32.dll
0xFD970000 \Windows\System32\crypt32.dll
0xFD8D0000 \Windows\System32\comctl32.dll
0xFD860000 \Windows\System32\KernelBase.dll
0xFD840000 \Windows\System32\devobj.dll
0xFD800000 \Windows\System32\wintrust.dll
0xFD7C0000 \Windows\System32\cfgmgr32.dll
0xFD7B0000 \Windows\System32\msasn1.dll
0x770F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 82):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
456 csrss.exe
520 C:\Windows\System32\wininit.exe
540 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\atiesrxx.exe
916 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\atieclxx.exe
1264 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\spoolsv.exe
1472 C:\Windows\System32\svchost.exe
1576 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1596 C:\Windows\SysWOW64\ASTSRV.EXE
1648 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1728 C:\Windows\SysWOW64\svchost.exe
1780 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1968 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\nlsInterface.EXE
1168 C:\Windows\System32\svchost.exe
1360 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
1680 C:\Windows\System32\svchost.exe
1840 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
2336 C:\Windows\System32\svchost.exe
2492 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\taskhost.exe
3004 C:\Windows\System32\dwm.exe
3036 C:\Windows\explorer.exe
1332 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
3060 C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
2700 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
2036 C:\Windows\System32\regsvr32.exe
2904 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2460 C:\Windows\SysWOW64\regsvr32.exe
3076 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
3088 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
3148 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
3156 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3192 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
3212 C:\Windows\SysWOW64\rundll32.exe
3232 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3260 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3312 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3388 C:\Windows\System32\conhost.exe
3764 C:\Program Files\iPod\bin\iPodService.exe
3808 C:\Windows\System32\SearchIndexer.exe
4024 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
2256 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2444 C:\Windows\System32\svchost.exe
4280 C:\Program Files\Windows Media Player\wmpnetwk.exe
4348 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4632 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
1740 C:\Windows\System32\wuauclt.exe
4652 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4880 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5536 C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE
5932 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
14208 C:\Program Files (x86)\iTunes\iTunes.exe
11500 C:\Windows\System32\audiodg.exe
12356 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
12876 C:\Windows\System32\conhost.exe
13704 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
13276 C:\Windows\System32\conhost.exe
26076 C:\Windows\servicing\TrustedInstaller.exe
26524 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
26108 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
26464 C:\Windows\System32\SearchProtocolHost.exe
26512 C:\Windows\System32\SearchFilterHost.exe
24776 C:\Windows\explorer.exe
24056 C:\Users\JoeyLo\Downloads\MBRCheck.exe
1340 C:\Windows\System32\conhost.exe
26480 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05
PhysicalDrive1 Model Number: WD6400AAC External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
596 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: F351D7B573289C8B5D58D5E45F0BADA0604ED05D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

 

[Broni]

What is drive H?
Internal, or external drive?

 

[CUtley26]

OTL.TXT is attached because of size.

EXTRA.TXT

OTL Extras logfile created on: 8/26/2010 7:35:59 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\JoeyLo\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 251.62 Gb Free Space | 54.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 809.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 596.17 Gb Total Space | 444.91 Gb Free Space | 74.63% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: JOEYLO-PC
Current User Name: JoeyLo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{e7394a0f-3f80-45b1-87fc-abcd51893247}" = Python 2.6.4 (64-bit)
"{EAA190F4-FF0D-4D28-A4E7-E0A20E1DDDFA}" = BitDefender Total Security 2010
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D49D448-D17E-4949-BE2A-B4FE7B8760D5}" = PrintingPress
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028704}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028705}" = Grand Theft Auto: Episodes from Liberty City
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5.1
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

 

[CUtley26]

"{FA583E24-6FBA-47D7-9DEF-10C2F7210A59}_is1" = PerfectTablePlan 4.1.2
"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.21
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.7
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"Camfrog 5.5" = Camfrog Video Chat 5.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"Eye Candy 6" = Alien Skin Eye Candy 6
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.10.2
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FOOK2 v1.0" = FOOK2
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"LimeWire" = LimeWire 5.5.8
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"MyPublisher" = MyPublisher
"PC Satellite TV Pro" = PC Satellite TV Pro
"PDF Filler_is1" = PDF Filler 3.11
"PS3 Media Server" = PS3 Media Server
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TurboTax 2009" = TurboTax 2009
"TVUPlayer" = TVUPlayer 2.5.2.2
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinAce Archiver" = WinAce Archiver
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/26/2010 1:07:52 AM | Computer Name = JoeyLo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: test.exe, version: 6.1.33.0, time stamp:
0x4c3d0765 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x009c1bed Faulting process id: 0x794 Faulting application
start time: 0x01cb44dc99b977f2 Faulting application path: C:\Users\JoeyLo\AppData\Local\Temp\test.exe
Faulting
module path: unknown Report Id: e080684d-b0cf-11df-87db-00252205cafc

Error - 8/26/2010 2:04:14 AM | Computer Name = JoeyLo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3855, time
stamp: 0x4c48d5ce Faulting module name: FOXITR~1.OCX, version: 1.0.1.1113, time stamp:
0x4afcef8f Exception code: 0xc0000005 Fault offset: 0x00002ccd Faulting process id:
0x12f0 Faulting application start time: 0x01cb44e36c0b1a66 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX
Report
Id: c092ca97-b0d7-11df-b32e-00252205cafc

Error - 8/26/2010 2:24:44 AM | Computer Name = JoeyLo-PC | Source = MsiInstaller | ID = 11601
Description =

Error - 8/26/2010 4:07:31 AM | Computer Name = JoeyLo-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/26/2010 4:07:36 AM | Computer Name = JoeyLo-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\LogMeIn\x86\LogMeInToolkit.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 8/26/2010 4:08:15 AM | Computer Name = JoeyLo-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 8/26/2010 4:17:14 AM | Computer Name = JoeyLo-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\null_flt.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 8/26/2010 4:17:14 AM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7000
Description = The null_flt service failed to start due to the following error: %%1275

Error - 8/26/2010 4:17:14 AM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service 64-bit service terminated with the
following error: %%183

Error - 8/26/2010 1:09:06 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/26/2010 1:11:40 PM | Computer Name = JoeyLo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 8/26/2010 1:11:40 PM | Computer Name = JoeyLo-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\null_flt.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\null_flt.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7000
Description = The null_flt service failed to start due to the following error: %%1275

Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service 64-bit service terminated with the
following error: %%183


< End of report >

 

[Broni]

Probably, you didn't see my previous reply...

What is drive H?
Internal, or external drive?

 

[CUtley26]

Sorry I didn't. It's an external drive.

 

[Broni]

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 1 and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 5 for Windows 7, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

 

[CUtley26]

I ran MBRCheck but this time it did not give the option to hit 'Y' for more options.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 202):
0x02C0D000 \SystemRoot\system32\ntoskrnl.exe
0x031E9000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00CDC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CE9000 \SystemRoot\system32\PSHED.dll
0x00CFD000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00D5B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E27000 \SystemRoot\System32\Drivers\spqy.sys
0x00F4D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00F56000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F85000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x010BD000 \SystemRoot\system32\DRIVERS\pci.sys
0x010F0000 \SystemRoot\System32\drivers\partmgr.sys
0x01105000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0111A000 \SystemRoot\System32\drivers\volmgrx.sys
0x01176000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0117D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0118D000 \SystemRoot\System32\drivers\mountmgr.sys
0x011A7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011B0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011DA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0147E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014DC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F6000 \SystemRoot\System32\Drivers\cng.sys
0x01569000 \SystemRoot\System32\drivers\pcw.sys
0x0157A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x016D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01584000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017D8000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E0000 \SystemRoot\System32\Drivers\mup.sys
0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015D0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02CA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CD1000 \SystemRoot\System32\Drivers\Null.SYS
0x02CDA000 \SystemRoot\System32\Drivers\Beep.SYS
0x02CE1000 \SystemRoot\System32\drivers\vga.sys
0x02CEF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D14000 \SystemRoot\System32\drivers\watchdog.sys
0x02D24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D2D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D36000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D3F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D4A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D5B000 \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
0x02D86000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DA4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x02DB1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x036E1000 \SystemRoot\system32\DRIVERS\serial.sys
0x036FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03719000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0372D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0377E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0378A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03795000 \SystemRoot\System32\drivers\discache.sys
0x03600000 \SystemRoot\system32\drivers\csc.sys
0x03683000 \SystemRoot\System32\Drivers\dfsc.sys
0x036A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x036B2000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
0x037A4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x037CA000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03E68000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0449E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04592000 \SystemRoot\System32\drivers\dxgmms1.sys
0x045D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03E32000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03E3F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04872000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x048C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x048D9000 \SystemRoot\system32\DRIVERS\irsir.sys
0x048E5000 \SystemRoot\system32\drivers\irenum.sys
0x048EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0490C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0491B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0492A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04936000 \SystemRoot\System32\Drivers\at8r90ma.SYS
0x0497B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04984000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04994000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x0499B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x049B1000 \SystemRoot\system32\DRIVERS\bridge.sys
0x049CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x049F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0484A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x037DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04CF2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x04D2F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04D31000 \SystemRoot\system32\DRIVERS\ks.sys
0x04D74000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D86000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04DE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C00000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04C21000 \SystemRoot\system32\drivers\portcls.sys
0x04C5E000 \SystemRoot\system32\drivers\drmk.sys
0x04C80000 \SystemRoot\system32\drivers\ksthunk.sys
0x05818000 \SystemRoot\system32\drivers\viahduaa.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x059AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x04C86000 \SystemRoot\system32\DRIVERS\udfs.sys
0x059B8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059C6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x059D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x059DB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x013E4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x059EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02A88000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02AA5000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x02AB6000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02AC2000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x02AD2000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x02AFA000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x006E0000 \SystemRoot\System32\cdd.dll
0x02B04000 \SystemRoot\system32\drivers\luafv.sys
0x02B27000 \SystemRoot\system32\drivers\WudfPf.sys
0x02B48000 \SystemRoot\system32\DRIVERS\irda.sys
0x02B6B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02B80000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05E86000 \SystemRoot\system32\drivers\HTTP.sys
0x05F4E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05F6C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05F84000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05FB1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05E23000 \SystemRoot\System32\Drivers\adfs.SYS
0x05E3B000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
0x05E58000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x05E5F000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x0669D000 \SystemRoot\system32\drivers\peauth.sys
0x06743000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0674E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0677B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0678D000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A4E000 \SystemRoot\System32\DRIVERS\srv.sys
0x06AE4000 \SystemRoot\system32\DRIVERS\bdfm.sys
0x06B0E000 \SystemRoot\system32\DRIVERS\BDHV.SYS
0x777B0000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0xFFAD0000 \Windows\System32\apisetschema.dll
0xFF5F0000 \Windows\System32\autochk.exe
0xFF8B0000 \Windows\System32\ole32.dll
0xFF890000 \Windows\System32\imagehlp.dll
0xFF840000 \Windows\System32\Wldap32.dll
0xFF710000 \Windows\System32\rpcrt4.dll
0xFF4B0000 \Windows\System32\iertutil.dll
0xFF430000 \Windows\System32\difxapi.dll
0x77980000 \Windows\System32\normaliz.dll
0xFF3B0000 \Windows\System32\shlwapi.dll
0xFF1D0000 \Windows\System32\setupapi.dll
0xFF1C0000 \Windows\System32\nsi.dll
0x77970000 \Windows\System32\psapi.dll
0xFF090000 \Windows\System32\wininet.dll
0xFF020000 \Windows\System32\gdi32.dll
0xFF000000 \Windows\System32\sechost.dll
0xFEE80000 \Windows\System32\urlmon.dll
0xFEE30000 \Windows\System32\ws2_32.dll
0xFED60000 \Windows\System32\usp10.dll
0x77690000 \Windows\System32\kernel32.dll
0xFEC50000 \Windows\System32\msctf.dll
0xFEBB0000 \Windows\System32\clbcatq.dll
0xFEBA0000 \Windows\System32\lpk.dll
0x77590000 \Windows\System32\user32.dll
0xFDE10000 \Windows\System32\shell32.dll
0xFDD70000 \Windows\System32\msvcrt.dll
0xFDD40000 \Windows\System32\imm32.dll
0xFDCA0000 \Windows\System32\comdlg32.dll
0xFDBC0000 \Windows\System32\oleaut32.dll
0xFDAE0000 \Windows\System32\advapi32.dll
0xFD970000 \Windows\System32\crypt32.dll
0xFD8D0000 \Windows\System32\comctl32.dll
0xFD860000 \Windows\System32\KernelBase.dll
0xFD840000 \Windows\System32\devobj.dll
0xFD800000 \Windows\System32\wintrust.dll
0xFD7C0000 \Windows\System32\cfgmgr32.dll
0xFD7B0000 \Windows\System32\msasn1.dll
0x770F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 75):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
456 csrss.exe
520 C:\Windows\System32\wininit.exe
540 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\atiesrxx.exe
916 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\atieclxx.exe
1264 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\spoolsv.exe
1472 C:\Windows\System32\svchost.exe
1576 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1596 C:\Windows\SysWOW64\ASTSRV.EXE
1648 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1728 C:\Windows\SysWOW64\svchost.exe
1780 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1968 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\nlsInterface.EXE
1168 C:\Windows\System32\svchost.exe
1360 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
1680 C:\Windows\System32\svchost.exe
1840 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
2336 C:\Windows\System32\svchost.exe
2492 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\taskhost.exe
3004 C:\Windows\System32\dwm.exe
3036 C:\Windows\explorer.exe
1332 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
3060 C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
2700 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
2036 C:\Windows\System32\regsvr32.exe
2904 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2460 C:\Windows\SysWOW64\regsvr32.exe
3076 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
3088 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
3148 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
3156 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3192 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
3212 C:\Windows\SysWOW64\rundll32.exe
3232 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3260 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3312 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3388 C:\Windows\System32\conhost.exe
3764 C:\Program Files\iPod\bin\iPodService.exe
3808 C:\Windows\System32\SearchIndexer.exe
4024 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
2256 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2444 C:\Windows\System32\svchost.exe
4280 C:\Program Files\Windows Media Player\wmpnetwk.exe
4348 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4632 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
1740 C:\Windows\System32\wuauclt.exe
4652 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4880 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5932 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
29028 C:\Windows\servicing\TrustedInstaller.exe
30072 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
32464 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
31132 C:\Windows\System32\audiodg.exe
31048 C:\Windows\System32\SearchProtocolHost.exe
31448 C:\Windows\System32\SearchFilterHost.exe
28288 C:\Users\JoeyLo\Downloads\MBRCheck.exe
31564 C:\Windows\System32\conhost.exe
32760 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05
PhysicalDrive1 Model Number: WD6400AAC External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
596 GB \\.\PhysicalDrive1 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

 

[Broni]

That's because it looks good
Nothing to fix....

Let me check your OTL logs now...

 

[Broni]

Uninstall Ask.com as it's considered as an adware.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O4 - HKLM..\Run: []  File not found
  O4 - HKCU..\Run: [AdobeBridge]  File not found
  O4 - HKCU..\Run: [CDPreLoader]  File not found
  O4 - HKCU..\Run: [PipePSFactory]  File not found
  O4 - HKCU..\Run: [System32DOS] C:\Windows\SysWow64DOS.exe File not found
  O4 - HKCU..\Run: [Trunk32App]  File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  @Alternate Data Stream - 24 bytes -> C:\Windows:A8922D9F804C2940
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\Ask.com
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[CUtley26]

RUN FIX:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CDPreLoader deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PipePSFactory deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\System32DOS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Trunk32App deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\Windows:A8922D9F804C2940 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Ask.com not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JoeyLo
->Temp folder emptied: 22901593 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40330096 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2319 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 275908 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: JoeyLo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08262010_220407

Files\Folders moved on Reboot...
C:\Users\JoeyLo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[CUtley26]

OTL attached.

 

[Broni]

Good
How is computer running at the moment?

Last scans.....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[CUtley26]

Feeling smoother now as far as the browsing and programs running. It did run very sluggish upon the reboot after the OTL Run Fix, but other than that it appears better.

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
````````````````````````````````
Process Check:
objlist.exe by Laurent
Common Files BitDefender BitDefender Update Service livesrv.exe
BitDefender BitDefender 2010 vsserv.exe
BitDefender BitDefender 2010 bdagent.exe
BitDefender BitDefender 2010 seccenter.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[Broni]

This one looks good

 

[CUtley26]

Just ran process #2 upon restarting BitDefender blocked a virus named Gen:Trojan.Heur.LP.fq4@auRs!wp

Bout to run step three and post results.

 

[Broni]

OK.............

 

[CUtley26]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 27, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 26, 2010 23:28:11
Records in database: 4163272
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Program Files
C:\Program Files (x86)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\JoeyLo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows

Scan statistics:
Objects scanned: 126818
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:14:43

No threats found. Scanned area is clean.

Selected area has been scanned.

 

[CUtley26]

Looks all good now. What exactly was wrong or accounting for the sluggish performance?

thanks Broni!

 

[Broni]

Wonderful

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.