Solved System very slow after antivirus detects trojan

[msta999]

My anti virus detected a trojan and then my HP G62-225DX laptop has been very slow. here is the logs from the first part of the 8 step:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5111

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/13/2010 10:29:01 PM
mbam-log-2010-11-13 (22-29-01).txt

Scan type: Quick scan
Objects scanned: 143869
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------

gmer - show'd nothing (blank)

--------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2010 12:22:18 PM
System Uptime: 11/13/2010 10:05:24 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 1484
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 284 GiB total, 244.592 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.309 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
F: is CDROM (UDF)
G: is Removable
H: is FIXED (NTFS) - 233 GiB total, 133.284 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP131: 11/1/2010 9:52:03 PM - Windows Update
RP132: 11/2/2010 8:31:08 AM - Windows Update
RP133: 11/2/2010 9:54:05 PM - Restore Operation
RP134: 11/2/2010 10:02:17 PM - Windows Update
RP135: 11/2/2010 10:03:19 PM - Windows Update
RP136: 11/3/2010 4:42:34 AM - Windows Update
RP137: 11/3/2010 8:28:50 AM - Windows Update
RP138: 11/3/2010 6:37:11 PM - Windows Update
RP139: 11/4/2010 4:54:35 AM - Windows Update
RP140: 11/4/2010 6:32:28 AM - Windows Update
RP141: 11/4/2010 1:28:44 PM - Windows Update
RP142: 11/5/2010 12:52:51 AM - Windows Update
RP145: 11/6/2010 11:05:23 PM - Windows Update
RP146: 11/8/2010 5:21:01 AM - Windows Update
RP148: 11/9/2010 8:23:05 AM - Windows Update
RP149: 11/9/2010 6:30:00 PM - Windows Update
RP150: 11/10/2010 12:51:18 PM - Windows Update
RP152: 11/12/2010 8:16:43 AM - Windows Update
RP153: 11/13/2010 12:03:31 AM - Windows Update

==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Adobe Shockwave Player
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
BufferChm
Build-a-lot 2
C4600
Cake Mania
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
DBPix20
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Photo Creations
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 21
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kaspersky Anti-Virus 2010
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office Access Runtime (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft RoundTable Firmware (KB 945549)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Thunderbird (3.1.2)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Mystery P.I. - The New York Fortune
Penguins!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PS_AIO_05_C4600_Software_Min
QuickTransfer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Reloaders Reference v9.3x74r
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
TextTwist 2
Toolbox
TrayApp
Virtual Families
Virtual Villagers - The Secret City
WebReg
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge

==== Event Viewer Messages From Past Week ========

11/13/2010 8:41:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
11/13/2010 12:05:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007 Service Pack 2 (SP2).
11/13/2010 10:12:09 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
11/12/2010 5:21:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Matt-PC\Matt SID (S-1-5-21-680673837-2220826610-2223672550-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/12/2010 5:21:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Matt-PC\Matt SID (S-1-5-21-680673837-2220826610-2223672550-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

 

[Broni]

DDS.txt log is missing.

 

[msta999]

Sorry, it said not to post it unless asked for. Here it is:

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Matt at 22:38:50.35 on Sat 11/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1920 [GMT -8:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Matt\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.heraldnet.com/
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-11 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-5 144896]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-27 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-1-29 1089056]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-26 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-11-14 06:19:31 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2010-11-14 06:19:03 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-14 06:19:00 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-14 06:18:58 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-14 06:18:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-12 16:17:14 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F2B585CC-B7DC-45E3-B6A8-0FF8D02B786E}\mpengine.dll
2010-11-11 09:13:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-11 09:13:58 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-26 21:06:47 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 21:06:47 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 21:06:47 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 21:06:47 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 21:06:47 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 21:06:47 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 21:06:47 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 21:06:36 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 22:39:58.57 ===============

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[msta999]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G62 Notebook PC
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 199):
0x02C1B000 \SystemRoot\system32\ntoskrnl.exe
0x031F7000 \SystemRoot\system32\hal.dll
0x00BC7000 \SystemRoot\system32\kdcom.dll
0x00C6E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB2000 \SystemRoot\system32\PSHED.dll
0x00CC6000 \SystemRoot\system32\CLFS.SYS
0x00D24000 \SystemRoot\system32\CI.dll
0x00E3F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F49000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F52000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F8F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F9C000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FBA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FC6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B8000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011D4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0102A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01035000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01045000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01222000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014E5000 \SystemRoot\System32\Drivers\msrpc.sys
0x01543000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0155D000 \SystemRoot\System32\Drivers\cng.sys
0x015D0000 \SystemRoot\System32\drivers\pcw.sys
0x015E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01671000 \SystemRoot\system32\drivers\ndis.sys
0x01763000 \SystemRoot\system32\drivers\NETIO.SYS
0x017C3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01652000 \SystemRoot\System32\Drivers\mup.sys
0x017EE000 \SystemRoot\system32\DRIVERS\klbg.sys
0x01664000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014C0000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03B35000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03B5F000 \SystemRoot\system32\DRIVERS\klif.sys
0x03BBC000 \SystemRoot\System32\Drivers\Null.SYS
0x03BC5000 \SystemRoot\System32\Drivers\Beep.SYS
0x03BCC000 \SystemRoot\System32\drivers\vga.sys
0x03BDA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EB000 \SystemRoot\System32\drivers\watchdog.sys
0x013F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01200000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01209000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01212000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011DD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C2F000 \SystemRoot\system32\DRIVERS\kl1.sys
0x04158000 \SystemRoot\system32\drivers\afd.sys
0x02CDB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D20000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D29000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D4F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D65000 \SystemRoot\system32\DRIVERS\klim6.sys
0x02D6F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D7E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D99000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DAD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C0C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C17000 \SystemRoot\System32\drivers\discache.sys
0x02C26000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C44000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02C55000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C7B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02C91000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0480A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C96000 \SystemRoot\System32\Drivers\fastfat.SYS
0x042B4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x043A8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04267000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x09654000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x0977C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x09789000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x097D5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x09600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0529C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x052EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x052F0000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x052FA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05309000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05312000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05322000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05338000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0535C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05368000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05397000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x053B2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x053D3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x053ED000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05200000 \SystemRoot\system32\DRIVERS\ks.sys
0x05243000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0562E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05688000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A82000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05CA9000 \SystemRoot\system32\drivers\portcls.sys
0x05CE6000 \SystemRoot\system32\drivers\drmk.sys
0x05D08000 \SystemRoot\system32\drivers\ksthunk.sys
0x05D0E000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05D36000 \SystemRoot\System32\drivers\Dxapi.sys
0x05D42000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05D8C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05DA9000 \SystemRoot\system32\DRIVERS\udfs.sys
0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x05A2E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x006E0000 \SystemRoot\System32\cdd.dll
0x0569D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05A3C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00830000 \SystemRoot\System32\ATMFD.DLL
0x05A4F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05A60000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05A6C000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x05D50000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x057B9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05D78000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x057D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x057E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05D82000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05600000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05255000 \SystemRoot\system32\drivers\luafv.sys
0x0560D000 \SystemRoot\system32\drivers\WudfPf.sys
0x05278000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03A00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0960F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x09622000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0528D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03A53000 \SystemRoot\system32\drivers\HTTP.sys
0x0428B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0963A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x026A4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x026F2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02715000 \SystemRoot\system32\drivers\peauth.sys
0x027BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x027C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02600000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02612000 \SystemRoot\System32\DRIVERS\srv2.sys
0x070EE000 \SystemRoot\System32\DRIVERS\srv.sys
0x07184000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77610000 \Windows\System32\ntdll.dll
0x47FE0000 \Windows\System32\smss.exe
0xFF930000 \Windows\System32\apisetschema.dll
0xFF840000 \Windows\System32\autochk.exe
0xFF880000 \Windows\System32\clbcatq.dll
0x777E0000 \Windows\System32\normaliz.dll
0x774F0000 \Windows\System32\kernel32.dll
0xFF750000 \Windows\System32\rpcrt4.dll
0xFF6D0000 \Windows\System32\shlwapi.dll
0xFF6B0000 \Windows\System32\imagehlp.dll
0xFF660000 \Windows\System32\ws2_32.dll
0xFF5E0000 \Windows\System32\difxapi.dll
0xFF5C0000 \Windows\System32\sechost.dll
0xFF3B0000 \Windows\System32\ole32.dll
0xFF2D0000 \Windows\System32\oleaut32.dll
0xFF2C0000 \Windows\System32\nsi.dll
0xFF270000 \Windows\System32\Wldap32.dll
0xFE4E0000 \Windows\System32\shell32.dll
0xFE300000 \Windows\System32\setupapi.dll
0xFE1D0000 \Windows\System32\wininet.dll
0xFE130000 \Windows\System32\comdlg32.dll
0xFE050000 \Windows\System32\advapi32.dll
0xFDFB0000 \Windows\System32\msvcrt.dll
0x773F0000 \Windows\System32\user32.dll
0xFDFA0000 \Windows\System32\lpk.dll
0xFDF30000 \Windows\System32\gdi32.dll
0xFDF00000 \Windows\System32\imm32.dll
0xFDD80000 \Windows\System32\urlmon.dll
0xFDC70000 \Windows\System32\msctf.dll
0xFDA10000 \Windows\System32\iertutil.dll
0xFD940000 \Windows\System32\usp10.dll
0x777D0000 \Windows\System32\psapi.dll
0xFD7D0000 \Windows\System32\crypt32.dll
0xFD730000 \Windows\System32\comctl32.dll
0xFD6F0000 \Windows\System32\wintrust.dll
0xFD680000 \Windows\System32\KernelBase.dll
0xFD660000 \Windows\System32\devobj.dll
0xFD620000 \Windows\System32\cfgmgr32.dll
0xFD610000 \Windows\System32\msasn1.dll
0x76F90000 \Windows\SysWOW64\normaliz.dll

Processes (total 78):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
476 csrss.exe
540 C:\Windows\System32\wininit.exe
576 csrss.exe
600 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\spoolsv.exe
1296 C:\Windows\System32\svchost.exe
1416 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1440 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
1504 C:\Windows\System32\taskhost.exe
1636 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\dwm.exe
1704 C:\Windows\explorer.exe
1716 C:\Windows\SysWOW64\svchost.exe
1748 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1792 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1832 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\svchost.exe
1956 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1084 C:\Windows\System32\svchost.exe
2064 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2288 C:\Windows\System32\igfxtray.exe
2304 C:\Windows\System32\hkcmd.exe
2328 C:\Windows\System32\igfxpers.exe
2344 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2372 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2496 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2644 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
2652 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
2708 C:\Program Files\Java\jre6\bin\jusched.exe
2788 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3040 WmiPrvSE.exe
3064 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
1460 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3016 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1448 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3080 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
3088 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3368 C:\Windows\System32\SearchIndexer.exe
3908 WUDFHost.exe
3300 C:\Program Files\Windows Media Player\wmpnetwk.exe
2756 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2764 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
3380 C:\Windows\System32\svchost.exe
2784 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3352 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
224 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2160 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4384 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4752 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
5032 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
3364 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
5048 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3340 C:\Windows\System32\svchost.exe
4688 C:\Windows\System32\wuauclt.exe
3568 C:\Windows\System32\svchost.exe
4860 C:\Program Files (x86)\Internet Explorer\iexplore.exe
980 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
3432 C:\Windows\System32\taskeng.exe
1216 C:\Windows\System32\SearchProtocolHost.exe
1000 C:\Windows\System32\SearchFilterHost.exe
3736 C:\Windows\System32\audiodg.exe
1944 dllhost.exe
3220 dllhost.exe
4712 C:\Users\Matt\Desktop\MBRCheck.exe
1688 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`01e00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004a`7f500000 (FAT32)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001
PhysicalDrive2 Model Number: ST325082J, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4D658D98AF63420E19685FDF758F22E67D2F3B93
232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Broni]

We need to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[msta999]

I can't figure out how to boot from cd. I've try'd esc, F2, F8, Del. ?

 

[Broni]

Did you try to put the CD in and restart computer to see, if it'll boot from the CD?

 

[msta999]

Yes, I did. The only thing that comes up on reboot is "hit esc" and that takes me into safe mode option. I have rebooted several times, just watching the screen and nothing else shows up.

 

[Broni]

Check BIOS for correct boot order: http://www.hiren.info/pages/bios-boot-cdrom

 

[msta999]

OK, I was hitting the esc too long and it was going to another window. Now, I can get to the part where I select english, but after that I just get:

Can't open CD drivver CDRCACH
SHSUCDX Can't install
Error: Failure loading; unable to find CD-ROM drive!
If you have multiple cd-rom drives, please remove the other cd - rom and try again................it goes on.

 

[Broni]

I'm glad to see, you figured out how to boot from the CD

We'll use another method to reset MBR since the above didn't want to work...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.


I have to post it in two parts, because the board doesn't allow me so many images in one post.

 

[Broni]

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

 

[msta999]

Finally! Thanks, here it is

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G62 Notebook PC
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 199):
0x02C09000 \SystemRoot\system32\ntoskrnl.exe
0x031E5000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00C8A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCE000 \SystemRoot\system32\PSHED.dll
0x00CE2000 \SystemRoot\system32\CLFS.SYS
0x00D40000 \SystemRoot\system32\CI.dll
0x00E3A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EDE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EED000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F44000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F4D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F57000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F8A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F97000 \SystemRoot\System32\drivers\partmgr.sys
0x00FAC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FC1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD6000 \SystemRoot\System32\drivers\mountmgr.sys
0x010C1000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011DD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0102A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01035000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01045000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014AF000 \SystemRoot\System32\Drivers\msrpc.sys
0x0150D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01527000 \SystemRoot\System32\Drivers\cng.sys
0x0159A000 \SystemRoot\System32\drivers\pcw.sys
0x015AB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01641000 \SystemRoot\system32\drivers\ndis.sys
0x01733000 \SystemRoot\system32\drivers\NETIO.SYS
0x01793000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x015B5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017BE000 \SystemRoot\System32\Drivers\spldr.sys
0x017C6000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x01612000 \SystemRoot\system32\DRIVERS\klbg.sys
0x01620000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01629000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03A2A000 \SystemRoot\system32\DRIVERS\klif.sys
0x03A87000 \SystemRoot\System32\Drivers\Null.SYS
0x03A90000 \SystemRoot\System32\Drivers\Beep.SYS
0x03A97000 \SystemRoot\System32\drivers\vga.sys
0x03AA5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01494000 \SystemRoot\System32\drivers\watchdog.sys
0x014A4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01230000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013DD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x010B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x013F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C98000 \SystemRoot\system32\DRIVERS\kl1.sys
0x03C00000 \SystemRoot\system32\drivers\afd.sys
0x02C05000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C4A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02C53000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C79000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C8F000 \SystemRoot\system32\DRIVERS\klim6.sys
0x02C99000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02CA8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02CC3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02CD7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D28000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D34000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02D3F000 \SystemRoot\System32\drivers\discache.sys
0x02D4E000 \SystemRoot\System32\Drivers\dfsc.sys
0x02D6C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02D7D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02DA3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02DB9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04805000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02DBE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0448F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04583000 \SystemRoot\System32\drivers\dxgmms1.sys
0x045C9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04456000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04467000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x052C2000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x053EA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0524C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0526A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x056D0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05722000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05724000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x0572E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0573D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05746000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05756000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0576C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05790000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0579C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x057CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0563B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0563D000 \SystemRoot\system32\DRIVERS\ks.sys
0x05680000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0584E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A4C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05C73000 \SystemRoot\system32\drivers\portcls.sys
0x05CB0000 \SystemRoot\system32\drivers\drmk.sys
0x05CD2000 \SystemRoot\system32\drivers\ksthunk.sys
0x05CD8000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x05D00000 \SystemRoot\System32\drivers\Dxapi.sys
0x05D0C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x058BD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05D1A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05D2D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x05D3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05D58000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05D86000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05D97000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05DA3000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x05DB3000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x05DDB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05DF6000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x05A00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05A0E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A27000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05A30000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x059D9000 \SystemRoot\system32\drivers\luafv.sys
0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
0x05821000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03ACA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05836000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05692000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05A3D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03B1D000 \SystemRoot\system32\drivers\HTTP.sys
0x056AA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x057E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05279000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x034FD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0354B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03400000 \SystemRoot\system32\drivers\peauth.sys
0x034A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x034B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x034DE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0356E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07262000 \SystemRoot\System32\DRIVERS\srv.sys
0x072F8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0732B000 \SystemRoot\system32\drivers\spsys.sys
0x77A00000 \Windows\System32\ntdll.dll
0x47F50000 \Windows\System32\smss.exe
0xFFD20000 \Windows\System32\apisetschema.dll
0xFF9A0000 \Windows\System32\autochk.exe
0xFFBE0000 \Windows\System32\wininet.dll
0xFFB40000 \Windows\System32\clbcatq.dll
0xFFA30000 \Windows\System32\msctf.dll
0xFF900000 \Windows\System32\rpcrt4.dll
0xFF6A0000 \Windows\System32\iertutil.dll
0xFF680000 \Windows\System32\imagehlp.dll
0x778E0000 \Windows\System32\kernel32.dll
0xFF5E0000 \Windows\System32\msvcrt.dll
0xFE850000 \Windows\System32\shell32.dll
0xFE780000 \Windows\System32\usp10.dll
0xFE6A0000 \Windows\System32\advapi32.dll
0xFE630000 \Windows\System32\gdi32.dll
0xFE600000 \Windows\System32\imm32.dll
0xFE3F0000 \Windows\System32\ole32.dll
0x777E0000 \Windows\System32\user32.dll
0x77BD0000 \Windows\System32\normaliz.dll
0xFE210000 \Windows\System32\setupapi.dll
0xFE200000 \Windows\System32\lpk.dll
0xFE180000 \Windows\System32\difxapi.dll
0xFE130000 \Windows\System32\Wldap32.dll
0xFE050000 \Windows\System32\oleaut32.dll
0xFE030000 \Windows\System32\sechost.dll
0xFDFB0000 \Windows\System32\shlwapi.dll
0xFDF10000 \Windows\System32\comdlg32.dll
0xFDD90000 \Windows\System32\urlmon.dll
0x77BC0000 \Windows\System32\psapi.dll
0xFDD40000 \Windows\System32\ws2_32.dll
0xFDD30000 \Windows\System32\nsi.dll
0xFDBC0000 \Windows\System32\crypt32.dll
0xFDB50000 \Windows\System32\KernelBase.dll
0xFDB10000 \Windows\System32\wintrust.dll
0xFDA70000 \Windows\System32\comctl32.dll
0xFDA30000 \Windows\System32\cfgmgr32.dll
0xFDA10000 \Windows\System32\devobj.dll
0xFDA00000 \Windows\System32\msasn1.dll
0x77060000 \Windows\SysWOW64\normaliz.dll

Processes (total 74):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
476 csrss.exe
532 C:\Windows\System32\wininit.exe
544 csrss.exe
580 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\audiodg.exe
528 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\spoolsv.exe
1264 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\taskhost.exe
1452 C:\Windows\System32\dwm.exe
1464 C:\Windows\explorer.exe
1504 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1532 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
1664 C:\Windows\System32\svchost.exe
1692 C:\Windows\System32\taskeng.exe
1712 C:\Windows\SysWOW64\svchost.exe
1756 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1812 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1884 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\svchost.exe
2008 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1040 C:\Windows\System32\svchost.exe
2120 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2296 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2360 C:\Windows\System32\igfxtray.exe
2368 C:\Windows\System32\hkcmd.exe
2384 C:\Windows\System32\igfxpers.exe
2480 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2512 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2624 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
2680 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
2692 C:\Program Files\Java\jre6\bin\jusched.exe
2716 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2796 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2880 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2904 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2972 WmiPrvSE.exe
1432 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3280 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3576 C:\Windows\System32\SearchIndexer.exe
3652 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
3744 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3984 WUDFHost.exe
4080 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2600 C:\Program Files\Windows Media Player\wmpnetwk.exe
3644 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
2352 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3864 C:\Windows\System32\SearchProtocolHost.exe
3336 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
2888 C:\Windows\System32\svchost.exe
4104 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4208 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4732 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
700 C:\Windows\System32\sppsvc.exe
1352 C:\Windows\System32\svchost.exe
3892 WmiPrvSE.exe
668 C:\Windows\System32\wuauclt.exe
3476 C:\Windows\System32\SearchFilterHost.exe
2244 dllhost.exe
4400 dllhost.exe
4680 C:\Users\Matt\Desktop\MBRCheck.exe
4684 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`01e00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004a`7f500000 (FAT32)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001
PhysicalDrive2 Model Number: ST325082J, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Good job

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[msta999]

Hope I did this right. I opened OTL, pasted the info you left and ran quick scan. Here it is:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

 

[msta999]

I see I didn't get it all, I'll try it again:

OTL Extras logfile created on: 11/14/2010 8:02:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 244.17 Gb Free Space | 86.03% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.66 Mb Free Space | 93.28% Space Free | Partition Type: FAT32
Drive H: | 232.88 Gb Total Space | 124.97 Gb Free Space | 53.66% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DBPix" = DBPix20
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"My HP Game Console" = HP Game Console
"Reloaders Reference v9.3x74r" = Reloaders Reference v9.3x74r
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2010 11:29:14 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 11/3/2010 11:29:14 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/3/2010 9:37:38 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 11/3/2010 9:37:38 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/4/2010 8:36:36 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/4/2010 8:37:48 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 11/4/2010 9:33:11 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 11/4/2010 9:33:11 AM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 11/4/2010 4:29:37 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 11/4/2010 4:29:37 PM | Computer Name = Matt-PC | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 11/14/2010 2:12:09 AM | Computer Name = Matt-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 11/14/2010 4:14:35 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007
Service Pack 2 (SP2).

Error - 11/14/2010 4:40:38 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007
Service Pack 2 (SP2).

Error - 11/14/2010 1:04:35 PM | Computer Name = Matt-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 11/14/2010 2:17:57 PM | Computer Name = Matt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft Office Access Runtime and Data Connectivity 2007
Service Pack 2 (SP2).

Error - 11/14/2010 2:34:40 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 11/14/2010 2:34:40 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 11/14/2010 3:17:13 PM | Computer Name = Matt-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:14:35 AM on ?11/?14/?2010 was unexpected.

Error - 11/14/2010 4:19:21 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11/14/2010 4:52:23 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7024
Description = The Superfetch service terminated with service-specific error %%0.


< End of report >

 

[Broni]

I still need OTL.txt log.

 

[msta999]

I don't see it. I see OTL and Extra and I believe I posted both of them. Where will I find it?

 

[msta999]

maybe this is it:

OTL logfile created on: 11/14/2010 8:02:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 244.17 Gb Free Space | 86.03% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.66 Mb Free Space | 93.28% Space Free | Partition Type: FAT32
Drive H: | 232.88 Gb Total Space | 124.97 Gb Free Space | 53.66% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2010/10/06 15:17:30 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/08/18 08:24:48 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/18 14:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/18 08:24:48 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 10:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/25 11:52:05 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/03/05 11:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/03/05 11:57:00 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/05 16:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/29 01:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 17:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/22 17:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 17:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.heraldnet.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/07 18:34:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/11/02 20:57:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/07/25 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2010/07/25 12:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 19:54:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/11/14 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Windows Live
[2010/11/14 10:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\NTBR_CD
[2010/11/13 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2010/11/13 22:19:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/13 22:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/13 22:18:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/13 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/13 21:57:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
[2010/11/11 01:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/11 01:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/11/07 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Fishing w Brian
[2010/10/25 15:25:25 | 000,000,000 | R--D | C] -- C:\Users\Matt\Desktop\Work
[2010/10/24 20:06:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Family

========== Files - Modified Within 30 Days ==========

[2010/11/14 20:03:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/11/14 18:23:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 18:23:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 18:16:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 18:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 18:16:19 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 17:54:45 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/14 17:54:45 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/14 17:54:45 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/14 10:10:44 | 002,565,432 | ---- | M] () -- C:\Users\Matt\Desktop\NTBR_CD.exe
[2010/11/14 09:04:44 | 000,080,384 | ---- | M] () -- C:\Users\Matt\Desktop\MBRCheck.exe
[2010/11/13 22:38:46 | 000,630,272 | ---- | M] () -- C:\Users\Matt\Desktop\dds.scr
[2010/11/13 22:35:49 | 000,296,448 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.exe
[2010/11/13 22:19:06 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 22:16:26 | 000,053,752 | ---- | M] () -- C:\Users\Matt\Desktop\4716-malwarebytes-anti-malware.htm
[2010/11/13 21:57:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
[2010/11/12 17:17:49 | 000,007,204 | ---- | M] () -- C:\Users\Matt\Desktop\Makita 9.6.jpg
[2010/11/11 01:14:05 | 000,001,282 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/11 01:14:05 | 000,001,258 | ---- | M] () -- C:\Users\Matt\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 11:07:02 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/02 21:22:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job
[2010/11/01 12:25:36 | 000,026,112 | ---- | M] () -- C:\Users\Matt\Documents\What kind of Woman am I looking for.doc
[2010/10/26 16:02:34 | 000,196,565 | ---- | M] () -- C:\Users\Matt\Desktop\1999 jeep cherokee sport 4x4 4dr black.mht
[2010/10/23 23:54:45 | 000,129,594 | ---- | M] () -- C:\Users\Matt\Documents\Stavick.10-18-10.tif

========== Files Created - No Company Name ==========

[2010/11/14 10:10:41 | 002,565,432 | ---- | C] () -- C:\Users\Matt\Desktop\NTBR_CD.exe
[2010/11/14 09:04:42 | 000,080,384 | ---- | C] () -- C:\Users\Matt\Desktop\MBRCheck.exe
[2010/11/13 23:46:36 | 000,159,301 | ---- | C] () -- C:\Users\Matt\Desktop\22 mag int arms.JPG
[2010/11/13 22:38:16 | 000,630,272 | ---- | C] () -- C:\Users\Matt\Desktop\dds.scr
[2010/11/13 22:35:36 | 000,296,448 | ---- | C] () -- C:\Users\Matt\Desktop\gmer.exe
[2010/11/13 22:19:06 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/13 22:16:22 | 000,053,752 | ---- | C] () -- C:\Users\Matt\Desktop\4716-malwarebytes-anti-malware.htm
[2010/11/12 17:18:27 | 000,007,204 | ---- | C] () -- C:\Users\Matt\Desktop\Makita 9.6.jpg
[2010/11/11 01:14:05 | 000,001,282 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/11 01:14:05 | 000,001,258 | ---- | C] () -- C:\Users\Matt\Desktop\Spybot - Search & Destroy.lnk
[2010/11/01 12:25:35 | 000,026,112 | ---- | C] () -- C:\Users\Matt\Documents\What kind of Woman am I looking for.doc
[2010/10/26 16:02:33 | 000,196,565 | ---- | C] () -- C:\Users\Matt\Desktop\1999 jeep cherokee sport 4x4 4dr black.mht
[2010/10/23 23:54:38 | 000,129,594 | ---- | C] () -- C:\Users\Matt\Documents\Stavick.10-18-10.tif
[2010/10/07 16:41:47 | 000,001,769 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/15 16:47:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/25 11:31:13 | 000,000,412 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/04/27 00:32:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/04/27 00:32:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/04/27 00:32:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/04/27 00:32:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/04/27 00:31:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/04/27 00:17:00 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/27 00:17:00 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/24 11:30:15 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/03/24 11:25:41 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/03/24 11:24:33 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/03/24 11:24:01 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/03/05 11:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/03/05 11:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/09/29 14:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/07/25 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Thunderbird
[2010/11/14 17:55:33 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/11/14 18:16:19 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 18:16:22 | 3148,791,808 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/25 11:55:53 | 000,000,221 | -HS- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/13 22:35:49 | 000,296,448 | ---- | M] () -- C:\Users\Matt\Desktop\gmer.exe
[2010/11/14 09:04:44 | 000,080,384 | ---- | M] () -- C:\Users\Matt\Desktop\MBRCheck.exe
[2010/11/14 10:10:44 | 002,565,432 | ---- | M] () -- C:\Users\Matt\Desktop\NTBR_CD.exe
[2010/11/14 20:00:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/11/13 21:57:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/07/29 16:29:46 | 000,103,720 | ---- | M] () -- C:\Users\Matt\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 14:34:04 | 000,000,402 | -HS- | M] () -- C:\Users\Matt\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/30 11:26:00 | 000,000,412 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2010/10/07 18:45:50 | 000,001,769 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/27 00:32:31 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/24 11:30:54 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/04/27 00:32:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/24 11:25:35 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/04/27 00:31:29 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/04/27 00:32:18 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/24 11:24:28 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/03/24 11:30:10 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/04/27 00:32:36 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

[Broni]

Now, you got it
Hold on there...

 

[Broni]

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
  "DisableMonitoring" =-
  "" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[msta999]

The JavaRa is only an addvertisement. I checked download.com but it wasn't there. You have another safe place to download it?

 

[Broni]

Hmmm...try my site: http://www.smartestcomputing.us.com/files/file/4-javara/

 

[msta999]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 16157510 bytes
->Temporary Internet Files folder emptied: 40552648 bytes
->Java cache emptied: 3617 bytes
->Google Chrome cache emptied: 10259933 bytes
->Flash cache emptied: 2982 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152033 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 90630 bytes

Total Files Cleaned = 64.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Matt
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11142010_234415

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF02901C987581DDA2.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF1A1229C67C6AE9FB.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF2BC0984C247B8A39.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF35661218CD0D9C00.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF38433C28509C228A.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DF90CD9F921729215B.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DFAB6ABCDFEE3BD86E.TMP not found!
File\Folder C:\Users\Matt\AppData\Local\Temp\~DFEAC81F3445601ECC.TMP not found!
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S5XJ4EWN\sh27[1].html moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ335RQ4\crosspixel-dest[1].htm moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ335RQ4\topic156562-2[1].html moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...