Computer Infected Not Sure what it is

View previous topic View next topic Go down

Computer Infected Not Sure what it is

Post by MJ1 on Mon Sep 20, 2010 1:21 am

Hello,
I was on this site once in March and was helped with an older computer. I now have a Windows 7 64 bit computer and what is on here seems very similar to what I had on my old computer. The symptoms are almost identical. Here is the past thread for reference. [You must be registered and logged in to see this link.]

I am coming here for help much sooner than with the last computer - so the symptoms are not as yet as severe.
Symptoms:
1.Turns off antivirus - AVG will start a scan but then it turns it off - same with Malware bites and Super Antispyware and spyware doctor - won't let me run anything
2. It lights up only one program icon on my desktop and will only open that particular one - if I go into the right click menu then press open - it will open
3.firefox browser gets stuck at the bottom of the page and won't move - it just flashes when I try to move the curser up

HERE IS MY OTL SCAN:
OTL logfile created on: 9/19/2010 6:52:53 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\LA\Desktop\Documents\ABC14
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.41 Gb Total Space | 208.82 Gb Free Space | 73.17% Space Free | Partition Type: NTFS
Drive D: | 12.49 Gb Total Space | 2.08 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LA-PC
Current User Name: LA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/19 18:46:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\LA\Desktop\Documents\ABC14\OTL.exe
PRC - [2010/09/09 20:52:05 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/09 20:43:38 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2010/09/09 20:43:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/20 11:25:53 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 11:04:40 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 11:04:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 11:04:11 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/25 21:44:37 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/08/17 12:13:44 | 001,486,848 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (SafeList) ==========

MOD - [2010/09/19 18:46:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\LA\Desktop\Documents\ABC14\OTL.exe
MOD - [2010/09/09 20:44:05 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/09 20:43:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/09/09 20:43:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2009/07/13 19:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 19:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/20 11:25:53 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 11:04:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/24 11:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/07/15 11:04:40 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 11:04:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 09:24:06 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/11/09 12:20:10 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/20 17:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 11:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 11:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 11:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 11:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 11:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/23 18:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 22:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/03 13:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/26 06:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/08/16 14:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2010/05/30 17:09:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/30 17:09:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/30 17:09:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1QQ?МI{WyI{I{HC>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.7.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.05
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.3.8
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31
FF - prefs.js..extensions.enabledItems: searchsite@DW-dev:1.8


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 14:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/19 09:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 09:25:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/19 09:25:38 | 000,000,000 | ---D | M]

[2010/07/20 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Extensions
[2010/07/20 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/19 09:49:47 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/19 09:25:47 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/07/25 16:06:25 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/08/26 14:00:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/06/23 15:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/05/07 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\firebug@software.joehewitt.com
[2010/09/11 09:15:13 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\rankchecker@seobook.com
[2010/03/08 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\robsbacklinkbuilder@robwhisonant.com
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\searchsite@DW-dev
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\seo4firefox@seobook.com
[2010/09/05 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\seotoolbar@seobook.com
[2010/06/19 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\yslow@yahoo-inc.com
[2010/08/07 07:32:32 | 000,002,887 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\domainsbotcom.xml
[2010/08/25 11:55:05 | 000,001,635 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\firefox-add-ons.xml
[2010/09/17 06:57:10 | 000,005,090 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\youtube.xml
[2010/09/19 09:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/07 13:38:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/21 13:04:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 21:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/09 08:40:11 | 000,000,931 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.2 licensing.intellimon.com
O1 - Hosts: 127.0.0.2 mailserver.intellimon.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} [You must be registered and logged in to see this link.] (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/10 05:19:41 | 000,000,000 | ---D | M] - C:\Auto Blogging Software WSO $47 -- [ NTFS ]
O33 - MountPoints2\{098f22de-2632-11df-b270-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{098f22de-2632-11df-b270-001e642cddd0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1d34a1de-fcf1-11de-b741-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{1d34a1de-fcf1-11de-b741-001e642cddd0}\Shell\AutoRun\command - "" = F:\laucher.exe -- File not found
O33 - MountPoints2\{5b27dd8d-3cc4-11df-8396-001f16eb01ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5b27dd8d-3cc4-11df-8396-001f16eb01ae}\Shell\AutoRun\command - "" = G:\MediaManager.exe -- File not found
O33 - MountPoints2\{7317175c-fb42-11de-aab9-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{7317175c-fb42-11de-aab9-001e642cddd0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e268d9b-f330-11de-b68a-001f16eb01ae}\Shell - "" = AutoRun
O33 - MountPoints2\{9e268d9b-f330-11de-b68a-001f16eb01ae}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/09/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Dad Problems
[2010/09/09 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/09 20:43:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/09 20:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/09 20:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/09 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/09 20:43:30 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Real
[2010/09/03 01:00:02 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\QuickPlay
[2010/08/30 08:43:56 | 000,000,000 | ---D | C] -- C:\Articles ReWritten
[2010/08/29 13:24:04 | 000,000,000 | ---D | C] -- C:\2f806cd18b85ca8ab1d747b5abafb770
[2010/08/29 13:16:51 | 000,000,000 | ---D | C] -- C:\2845b24da2fd5da100
[2010/08/29 13:15:15 | 000,000,000 | ---D | C] -- C:\ee13e07ee3ddeb0500eb075b990614
[2010/08/28 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\LA\Documents\My Domain Records
[2010/08/28 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softnik Technologies
[2010/08/27 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\LA\dwhelper
[2010/08/25 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\LA\Desktop\upressv5
[2010/08/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBP 11
[2010/08/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\IBP
[2010/08/23 00:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLS Media
[2010/08/09 08:41:08 | 000,000,000 | ---D | C] -- C:\Users\LA\Documents\Micro Niche Finder
[2010/08/09 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Micro Niche Finder
[2010/08/09 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Micro Niche Finder
[2010/08/09 08:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyPHP-5.3.3
[2010/08/07 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\skypePM
[2010/08/07 13:39:36 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Skype
[2010/08/07 13:37:57 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/07 13:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/07 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/08/07 13:34:25 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/07/20 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\MozSwing
[2010/07/20 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEO PowerSuite
[2010/07/17 15:30:37 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\ccsetup233.exe
[2010/07/15 11:04:39 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/04 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incansoft
[2010/07/04 12:46:30 | 000,000,000 | ---D | C] -- C:\IS0034
[2010/07/04 02:45:05 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/07/04 02:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/07/04 02:42:51 | 002,764,720 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\RegistrarLite.exe
[2010/07/03 23:07:18 | 000,000,000 | ---D | C] -- C:\ScrubTmp
[2010/07/03 22:40:29 | 000,000,000 | ---D | C] -- C:\343870be3367ffa420e42b30e4
[2010/07/03 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\IsolatedStorage
[2010/07/02 17:59:49 | 000,000,000 | ---D | C] -- C:\WordFlood Activ code
[2010/07/02 17:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordFlood 2.0
[2010/06/28 15:43:38 | 000,740,432 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\sg20o.ocx
[2010/06/28 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Niche Research Commando
[2010/06/28 15:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Version
[2010/06/28 13:28:11 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Affilorama
[2010/06/28 13:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traffic Travis v3
[2010/06/28 11:20:08 | 000,000,000 | ---D | C] -- C:\8f30480d3b7097bb0c5f7ef7b8467535
[2010/06/28 02:13:31 | 000,000,000 | ---D | C] -- C:\1cb88b731fdd5f4a1010254e4c
[2010/06/27 06:40:51 | 000,000,000 | ---D | C] -- C:\325f060c6272aac42ccb89
[2010/06/27 00:32:24 | 000,000,000 | ---D | C] -- C:\c6c673037c9abcea6af5a979f0bb2b
[2010/06/25 12:02:18 | 000,000,000 | ---D | C] -- C:\8bc0ebb71a6bd7f2c6b506f6
[2010/06/25 02:50:25 | 000,000,000 | ---D | C] -- C:\099c4b18e9624e2b4728
[2010/06/24 00:13:41 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\SubmissionTool
[2010/06/24 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\SocialSubmitter
[2010/06/23 16:38:58 | 000,000,000 | ---D | C] -- C:\Articles
[2010/06/23 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNV Infotech
[2010/06/23 15:20:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/06/23 14:35:50 | 000,000,000 | -HSD | C] -- C:\Users\LA\AppData\Roaming\.#
[2010/06/23 14:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/06/23 14:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Action Machine
[2010/06/23 14:35:20 | 000,000,000 | ---D | C] -- C:\theactionmachine2
[1 C:\Users\LA\*.tmp files -> C:\Users\LA\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/19 18:53:18 | 005,505,024 | -HS- | M] () -- C:\Users\LA\ntuser.dat
[2010/09/19 18:43:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 18:43:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 18:40:19 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 18:40:19 | 000,628,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 18:40:19 | 000,111,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 18:39:45 | 065,036,688 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/19 18:38:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/19 18:35:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 18:35:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/09/19 18:35:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 18:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 18:35:36 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 18:31:10 | 005,001,404 | -H-- | M] () -- C:\Users\LA\AppData\Local\IconCache.db
[2010/09/19 18:06:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/19 18:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14408874-1626793267-1475201148-1000UA.job
[2010/09/19 17:44:59 | 002,742,959 | ---- | M] () -- C:\Users\LA\.websiteauditor.properties
[2010/09/19 09:39:00 | 000,023,611 | ---- | M] () -- C:\Users\LA\Desktop\BUNCH of Downloads.odt
[2010/09/17 10:47:45 | 000,130,048 | ---- | M] () -- C:\Users\LA\Desktop\Zfindit2 .doc
[2010/09/17 07:59:24 | 001,993,420 | ---- | M] () -- C:\Launch Manager 1.00.1e.zip
[2010/09/17 07:51:24 | 000,038,691 | ---- | M] () -- C:\Users\LA\Desktop\KEYBOARD DRIVER DETAILS.JPG
[2010/09/16 11:09:35 | 000,043,028 | ---- | M] () -- C:\Users\LA\Documents\live chat.JPG
[2010/09/15 14:00:40 | 000,423,345 | ---- | M] () -- C:\Users\LA\Desktop\MEETINGList.pdf
[2010/09/14 22:49:43 | 000,083,748 | ---- | M] () -- C:\Users\LA\Documents\Site Flipping2.pdf
[2010/09/14 22:48:30 | 001,054,331 | ---- | M] () -- C:\Users\LA\Documents\Site Flipping Manual.pdf
[2010/09/14 22:39:33 | 000,171,051 | ---- | M] () -- C:\Users\LA\Documents\Awakening-the-Dream.pdf
[2010/09/13 23:01:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14408874-1626793267-1475201148-1000Core1cab6c160c20022.job
[2010/09/09 20:44:35 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/09/09 20:44:05 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/09 20:43:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/09 20:39:14 | 000,000,839 | ---- | M] () -- C:\kvno_audio.mov
[2010/09/09 18:13:56 | 000,000,063 | ---- | M] () -- C:\kvno.rm
[2010/09/03 21:32:54 | 000,099,473 | ---- | M] () -- C:\Users\LA\Desktop\ALLDomains-77278727.csv
[2010/09/01 01:01:02 | 000,003,367 | ---- | M] () -- C:\history.data
[2010/08/29 21:37:06 | 000,000,061 | ---- | M] () -- C:\Windows\s2t.ini
[2010/08/29 13:07:36 | 000,002,090 | ---- | M] () -- C:\Users\LA\Desktop\Auto Blogging - Shortcut.lnk
[2010/08/29 12:31:17 | 000,003,117 | ---- | M] () -- C:\Users\LA\Desktop\ABS-UserManual.pdf.lnk
[2010/08/28 23:37:44 | 000,022,016 | ---- | M] () -- C:\Users\LA\Desktop\ZSiteMakerDoc.doc
[2010/08/28 13:22:20 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Domain Name Analyzer v5.lnk
[2010/08/25 19:54:40 | 000,000,923 | ---- | M] () -- C:\Users\LA\Desktop\ABC14 - Shortcut.lnk
[2010/08/25 11:41:09 | 000,001,923 | ---- | M] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/25 11:41:09 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 01:36:13 | 000,006,225 | ---- | M] () -- C:\Users\LA\Desktop\ToDoList - Shortcut.lnk
[2010/08/23 00:28:49 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\BlogSlammer!.lnk
[2010/08/21 00:05:55 | 000,461,377 | ---- | M] () -- C:\Users\LA\.spyglass.properties
[2010/08/20 23:24:46 | 000,000,923 | ---- | M] () -- C:\Users\LA\Desktop\ABC11 - Shortcut.lnk
[2010/08/20 17:03:09 | 000,002,344 | ---- | M] () -- C:\Users\LA\Desktop\Google Chrome.lnk
[2010/08/20 00:20:03 | 000,001,876 | ---- | M] () -- C:\Users\LA\Desktop\ABC12 - Shortcut.lnk
[2010/08/19 17:14:34 | 000,029,184 | ---- | M] () -- C:\Users\LA\Desktop\Photoshoplinkns.doc
[2010/08/17 17:43:03 | 004,198,724 | ---- | M] () -- C:\FileZilla_3.3.4.1_win32-setup.exe
[2010/08/13 08:10:02 | 000,363,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 19:34:50 | 000,018,703 | ---- | M] () -- C:\Users\LA\Desktop\Text for Ads Odesk.odt
[2010/08/09 08:58:59 | 000,001,899 | ---- | M] () -- C:\Users\LA\Desktop\EasyPHP 5.3.3.lnk
[2010/08/09 08:37:17 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Micro Niche Finder.lnk
[2010/08/09 08:37:17 | 000,001,967 | ---- | M] () -- C:\Users\LA\Desktop\Micro Niche Finder.lnk
[2010/08/09 00:33:12 | 001,344,512 | ---- | M] () -- C:\Users\LA\Documents\writer.dsam
[2010/08/07 15:03:09 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/07 13:40:55 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/07 13:34:29 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/07/25 03:20:25 | 000,014,635 | ---- | M] () -- C:\Users\LA\Desktop\resume-sample-lawyer-legal1.gif
[2010/07/24 01:07:41 | 000,224,598 | ---- | M] () -- C:\Users\LA\Desktop\Deb FPBSC_kit.pdf
[2010/07/20 21:05:07 | 000,002,272 | ---- | M] () -- C:\Users\LA\Desktop\LinkAssistant.lnk
[2010/07/20 21:04:55 | 000,002,301 | ---- | M] () -- C:\Users\LA\Desktop\WebSite Auditor.lnk
[2010/07/20 21:04:43 | 000,002,247 | ---- | M] () -- C:\Users\LA\Desktop\Rank Tracker.lnk
[2010/07/20 21:04:27 | 000,002,247 | ---- | M] () -- C:\Users\LA\Desktop\SEO SpyGlass.lnk
[2010/07/17 15:42:55 | 000,456,306 | ---- | M] () -- C:\Users\LA\Documents\cc_20100717_154225.reg
[2010/07/17 15:37:52 | 000,000,967 | ---- | M] () -- C:\Users\LA\Desktop\CCleaner.lnk
[2010/07/17 15:31:09 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\ccsetup233.exe
[2010/07/15 11:04:40 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/15 11:04:39 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/15 11:04:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/04 13:02:12 | 000,001,853 | ---- | M] () -- C:\Users\LA\Desktop\WEB20Bot_Client - Shortcut.lnk
[2010/07/04 02:42:54 | 002,764,720 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\RegistrarLite.exe
[2010/07/03 21:40:54 | 000,005,160 | ---- | M] () -- C:\Users\LA\Desktop\ABC10 - Shortcut.lnk
[2010/07/03 21:32:48 | 000,012,416 | ---- | M] () -- C:\Users\LA\Desktop\StressDomains.csv
[2010/07/02 17:58:01 | 000,001,029 | ---- | M] () -- C:\Users\LA\Desktop\WordFlood 2.0.lnk
[2010/06/30 23:42:18 | 000,000,973 | ---- | M] () -- C:\Users\LA\Desktop\Traffic Travis.lnk
[2010/06/28 13:30:12 | 000,000,997 | ---- | M] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/06/23 16:02:56 | 000,001,744 | ---- | M] () -- C:\Users\LA\Desktop\DesktipApp - Shortcut.lnk
[2010/06/23 15:21:20 | 000,735,290 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 14:35:48 | 000,001,898 | ---- | M] () -- C:\Users\LA\Desktop\The Action Machine.lnk
[2010/06/23 11:54:37 | 005,327,844 | ---- | M] () -- C:\theactionmachine2.zip
[2010/06/22 02:17:14 | 000,163,955 | ---- | M] () -- C:\Windows\XHeader Bonus Download Uninstaller.exe
[1 C:\Users\LA\*.tmp files -> C:\Users\LA\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 17:43:49 | 002,742,959 | ---- | C] () -- C:\Users\LA\.websiteauditor.properties
[2010/09/17 07:59:20 | 001,993,420 | ---- | C] () -- C:\Launch Manager 1.00.1e.zip
[2010/09/17 07:51:24 | 000,038,691 | ---- | C] () -- C:\Users\LA\Desktop\KEYBOARD DRIVER DETAILS.JPG
[2010/09/16 11:09:35 | 000,043,028 | ---- | C] () -- C:\Users\LA\Documents\live chat.JPG
[2010/09/15 14:00:40 | 000,423,345 | ---- | C] () -- C:\Users\LA\Desktop\MEETINGList.pdf
[2010/09/14 22:49:43 | 000,083,748 | ---- | C] () -- C:\Users\LA\Documents\Site Flipping2.pdf
[2010/09/14 22:48:30 | 001,054,331 | ---- | C] () -- C:\Users\LA\Documents\Site Flipping Manual.pdf
[2010/09/14 22:39:33 | 000,171,051 | ---- | C] () -- C:\Users\LA\Documents\Awakening-the-Dream.pdf
[2010/09/09 20:44:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/09 20:44:05 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/09 20:39:14 | 000,000,839 | ---- | C] () -- C:\kvno_audio.mov
[2010/09/09 18:13:55 | 000,000,063 | ---- | C] () -- C:\kvno.rm
[2010/09/03 15:23:16 | 000,000,084 | ---- | C] () -- C:\Users\LA\AppData\Local\DVDPATH.TXT
[2010/09/03 01:00:02 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2010/08/29 13:07:36 | 000,002,090 | ---- | C] () -- C:\Users\LA\Desktop\Auto Blogging - Shortcut.lnk
[2010/08/29 12:27:43 | 000,003,117 | ---- | C] () -- C:\Users\LA\Desktop\ABS-UserManual.pdf.lnk
[2010/08/28 13:22:20 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Domain Name Analyzer v5.lnk
[2010/08/27 22:48:29 | 000,099,473 | ---- | C] () -- C:\Users\LA\Desktop\ALLDomains-77278727.csv
[2010/08/25 19:54:40 | 000,000,923 | ---- | C] () -- C:\Users\LA\Desktop\ABC14 - Shortcut.lnk
[2010/08/25 11:41:09 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 01:36:13 | 000,006,225 | ---- | C] () -- C:\Users\LA\Desktop\ToDoList - Shortcut.lnk
[2010/08/23 00:28:49 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\BlogSlammer!.lnk
[2010/08/22 11:32:45 | 000,023,611 | ---- | C] () -- C:\Users\LA\Desktop\BUNCH of Downloads.odt
[2010/08/20 00:20:03 | 000,001,876 | ---- | C] () -- C:\Users\LA\Desktop\ABC12 - Shortcut.lnk
[2010/08/19 17:14:32 | 000,029,184 | ---- | C] () -- C:\Users\LA\Desktop\Photoshoplinkns.doc
[2010/08/17 17:42:52 | 004,198,724 | ---- | C] () -- C:\FileZilla_3.3.4.1_win32-setup.exe
[2010/08/09 10:24:22 | 000,018,703 | ---- | C] () -- C:\Users\LA\Desktop\Text for Ads Odesk.odt
[2010/08/09 08:58:59 | 000,001,899 | ---- | C] () -- C:\Users\LA\Desktop\EasyPHP 5.3.3.lnk
[2010/08/09 08:40:58 | 000,001,967 | ---- | C] () -- C:\Users\LA\Desktop\Micro Niche Finder.lnk
[2010/08/09 08:37:17 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Micro Niche Finder.lnk
[2010/08/08 16:11:24 | 001,344,512 | ---- | C] () -- C:\Users\LA\Documents\writer.dsam
[2010/08/07 13:40:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/07 13:37:57 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/04 22:06:25 | 000,000,061 | ---- | C] () -- C:\Windows\s2t.ini
[2010/08/03 22:51:35 | 000,130,048 | ---- | C] () -- C:\Users\LA\Desktop\Zfindit2 .doc
[2010/07/25 03:20:25 | 000,014,635 | ---- | C] () -- C:\Users\LA\Desktop\resume-sample-lawyer-legal1.gif
[2010/07/24 01:07:41 | 000,224,598 | ---- | C] () -- C:\Users\LA\Desktop\Deb FPBSC_kit.pdf
[2010/07/20 22:12:34 | 000,461,377 | ---- | C] () -- C:\Users\LA\.spyglass.properties
[2010/07/20 21:05:07 | 000,002,272 | ---- | C] () -- C:\Users\LA\Desktop\LinkAssistant.lnk
[2010/07/20 21:04:55 | 000,002,301 | ---- | C] () -- C:\Users\LA\Desktop\WebSite Auditor.lnk
[2010/07/20 21:04:43 | 000,002,247 | ---- | C] () -- C:\Users\LA\Desktop\Rank Tracker.lnk
[2010/07/20 21:04:27 | 000,002,247 | ---- | C] () -- C:\Users\LA\Desktop\SEO SpyGlass.lnk
[2010/07/17 15:42:31 | 000,456,306 | ---- | C] () -- C:\Users\LA\Documents\cc_20100717_154225.reg
[2010/07/17 15:37:52 | 000,000,967 | ---- | C] () -- C:\Users\LA\Desktop\CCleaner.lnk
[2010/07/04 13:02:12 | 000,001,853 | ---- | C] () -- C:\Users\LA\Desktop\WEB20Bot_Client - Shortcut.lnk
[2010/07/04 02:45:01 | 000,120,376 | ---- | C] () -- C:\Windows\SysWow64\rrsec.dll
[2010/07/04 02:45:01 | 000,097,888 | ---- | C] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/07/03 21:32:48 | 000,012,416 | ---- | C] () -- C:\Users\LA\Desktop\StressDomains.csv
[2010/07/03 16:20:06 | 000,000,923 | ---- | C] () -- C:\Users\LA\Desktop\ABC11 - Shortcut.lnk
[2010/07/02 17:58:01 | 000,001,029 | ---- | C] () -- C:\Users\LA\Desktop\WordFlood 2.0.lnk
[2010/06/28 13:28:11 | 000,000,997 | ---- | C] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/06/28 13:28:11 | 000,000,973 | ---- | C] () -- C:\Users\LA\Desktop\Traffic Travis.lnk
[2010/06/23 16:02:56 | 000,001,744 | ---- | C] () -- C:\Users\LA\Desktop\DesktipApp - Shortcut.lnk
[2010/06/23 15:21:18 | 000,735,290 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 14:35:48 | 000,001,898 | ---- | C] () -- C:\Users\LA\Desktop\The Action Machine.lnk
[2010/06/23 11:53:38 | 005,327,844 | ---- | C] () -- C:\theactionmachine2.zip
[2010/03/26 07:22:50 | 000,001,023 | ---- | C] () -- C:\Windows\seRapid.INI
[2010/02/03 17:38:28 | 000,000,047 | ---- | C] () -- C:\Windows\s2f.ini
[2010/01/19 23:18:20 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll
[2010/01/19 23:18:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2010/01/18 09:35:50 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Roaming\wklnhst.dat
[2010/01/14 15:55:10 | 000,000,664 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/25 21:06:47 | 000,000,177 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\QSwitch.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\DSwitch.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\AtStart.txt
[2009/09/20 06:37:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/09/20 06:37:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/09/20 06:36:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/09/20 06:36:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/09/20 06:35:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/09/20 06:35:23 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/21 12:55:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/21 12:51:03 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/21 12:49:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/21 12:48:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/20 02:03:59 | 000,000,000 | -HSD | M] -- C:\Users\LA\AppData\Roaming\.#
[2010/06/28 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Affilorama
[2010/02/06 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Auslogics
[2010/01/19 00:39:36 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\AVG9
[2010/03/31 22:47:36 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/19 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\FileZilla
[2009/12/27 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Hyperionics
[2010/08/24 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\IBP
[2010/04/30 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\IObit
[2010/06/07 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\KompoZer
[2010/02/25 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/01/01 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\OpenOffice.org
[2010/09/14 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\POP Peeper
[2010/01/18 09:35:51 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Template
[2010/02/14 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\ubot
[2010/09/19 18:35:59 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/08/22 10:33:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon Sep 20, 2010 4:49 am

I realize the last part of my OTL scan is missing as the virus took over my keyboard while I was typing and started deleting my message. Wow - I guess it is pretty bad. I immediately turned off my machine.

Ir is my main computer and I hope I have a small window of opportunity to get back on it without losing my keyboard functions again.

Also if I take off a few files onto a flashdrive - will the flash drive then infect another computer?


Thanks for any and all help.


MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Mon Sep 20, 2010 9:41 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon Sep 20, 2010 10:59 am

It won't let me run malwarebytes. The scan starts and then disappears.

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon Sep 20, 2010 7:37 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4657

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/09/2010 1:32:16 PM
mbam-log-2010-09-20 (13-32-16).txt

Scan type: Quick scan
Objects scanned: 146015
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon Sep 20, 2010 9:59 pm

It is allowing me to stay on but the documents and settings files and several others are showing a lock on the icons and won't let me access them

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Tue Sep 21, 2010 9:05 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue Sep 21, 2010 3:52 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 235):
0x0345F000 \SystemRoot\system32\ntoskrnl.exe
0x03416000 \SystemRoot\system32\hal.dll
0x00BD0000 \SystemRoot\system32\kdcom.dll
0x00CC6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0A000 \SystemRoot\system32\PSHED.dll
0x00D1E000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E46000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EEA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF9000 \SystemRoot\system32\drivers\fltmgr.sys
0x00F45000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F9C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FE2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E00000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E2A000 \SystemRoot\System32\drivers\partmgr.sys
0x00D7C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00D85000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D91000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0102F000 \SystemRoot\System32\drivers\volmgrx.sys
0x0108B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x01093000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010A3000 \SystemRoot\system32\DRIVERS\aliide.sys
0x010AA000 \SystemRoot\system32\DRIVERS\amdide.sys
0x010B1000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x010B9000 \SystemRoot\System32\drivers\mountmgr.sys
0x010D3000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010F9000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01122000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01152000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01159000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0125A000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01378000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01381000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013AB000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01161000 \SystemRoot\system32\DRIVERS\storport.sys
0x013C8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013D3000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01495000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01510000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01566000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01595000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x015B3000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01400000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0140B000 \SystemRoot\system32\DRIVERS\arc.sys
0x01424000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x016A6000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x0172D000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0173E000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0175D000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01770000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0178F000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01600000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x0179B000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x017AB000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01848000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01A48000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01AA7000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01AB5000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01ACD000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01AD7000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01B01000 \SystemRoot\system32\drivers\fileinfo.sys
0x01B15000 \SystemRoot\system32\drivers\PCTCore64.sys
0x01B4D000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01C34000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B62000 \SystemRoot\System32\Drivers\msrpc.sys
0x01DD7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01E8A000 \SystemRoot\System32\Drivers\cng.sys
0x01EFD000 \SystemRoot\System32\drivers\pcw.sys
0x01F0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x020BB000 \SystemRoot\system32\drivers\ndis.sys
0x02000000 \SystemRoot\system32\drivers\NETIO.SYS
0x02060000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02202000 \SystemRoot\System32\drivers\tcpip.sys
0x021AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x021F7000 \SystemRoot\system32\DRIVERS\wd.sys
0x01F18000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0208B000 \SystemRoot\System32\Drivers\spldr.sys
0x02093000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01F64000 \SystemRoot\System32\drivers\rdyboost.sys
0x01F9E000 \SystemRoot\System32\Drivers\mup.sys
0x020B0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01FB0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01FEA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01E0E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01E38000 \SystemRoot\System32\Drivers\Null.SYS
0x01E41000 \SystemRoot\System32\Drivers\Beep.SYS
0x01E48000 \SystemRoot\System32\drivers\vga.sys
0x01E56000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01C00000 \SystemRoot\System32\drivers\watchdog.sys
0x01E7B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01C10000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01C19000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BC0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BD1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01C24000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0143F000 \SystemRoot\System32\Drivers\avgtdia.sys
0x01A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03681000 \SystemRoot\system32\drivers\afd.sys
0x0370B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03714000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0373A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03750000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0377C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03797000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037AB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0360C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03617000 \SystemRoot\System32\drivers\discache.sys
0x03626000 \SystemRoot\System32\Drivers\dfsc.sys
0x03644000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03655000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x01800000 \SystemRoot\System32\Drivers\avgldx64.sys
0x017D6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0365D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03673000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04499000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04CF1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04C46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04CA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04CBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04B98000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05232000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05991000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0599E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x059BC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x059C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04400000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x059D7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x059E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x059ED000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04449000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05216000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04BD1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04DE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0446D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0375F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05222000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01200000 \SystemRoot\system32\DRIVERS\ks.sys
0x04CDE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00DA6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x01243000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07C00000 \SystemRoot\system32\drivers\CHDRT64.sys
0x07CAC000 \SystemRoot\system32\drivers\portcls.sys
0x07CE9000 \SystemRoot\system32\drivers\drmk.sys
0x07D0B000 \SystemRoot\system32\drivers\ksthunk.sys
0x07D11000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07E15000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x080E1000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x081AC000 \SystemRoot\system32\drivers\modem.sys
0x081BB000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x081E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08000000 \SystemRoot\System32\Drivers\usbvideo.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x0802E000 \SystemRoot\System32\drivers\Dxapi.sys
0x08048000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x08056000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00760000 \SystemRoot\System32\cdd.dll
0x08071000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0807F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08098000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x080A1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x080AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x080BC000 \SystemRoot\system32\drivers\luafv.sys
0x07F89000 \SystemRoot\system32\drivers\WudfPf.sys
0x07FAA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07D63000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07FBF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07FD2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0803A000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03284000 \SystemRoot\system32\drivers\HTTP.sys
0x0334C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0336A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03382000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x033AF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03223000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x03E55000 \SystemRoot\system32\drivers\peauth.sys
0x03EFB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03F06000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03F33000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03F45000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x03F4D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06CB7000 \SystemRoot\System32\DRIVERS\srv.sys
0x06D4D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06DEF000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x773A0000 \Windows\System32\ntdll.dll
0x47E90000 \Windows\System32\smss.exe
0xFF6C0000 \Windows\System32\apisetschema.dll
0xFF700000 \Windows\System32\autochk.exe
0xFF530000 \Windows\System32\urlmon.dll
0xFF460000 \Windows\System32\usp10.dll
0xFF410000 \Windows\System32\ws2_32.dll
0x77570000 \Windows\System32\normaliz.dll
0xFE680000 \Windows\System32\shell32.dll
0xFE670000 \Windows\System32\nsi.dll
0xFE540000 \Windows\System32\rpcrt4.dll
0x77560000 \Windows\System32\psapi.dll
0xFE430000 \Windows\System32\msctf.dll
0xFE3C0000 \Windows\System32\gdi32.dll
0xFE290000 \Windows\System32\wininet.dll
0xFE260000 \Windows\System32\imm32.dll
0xFE180000 \Windows\System32\advapi32.dll
0xFE0E0000 \Windows\System32\msvcrt.dll
0xFE0C0000 \Windows\System32\sechost.dll
0xFDEE0000 \Windows\System32\setupapi.dll
0xFDE90000 \Windows\System32\Wldap32.dll
0xFDC30000 \Windows\System32\iertutil.dll
0xFDC20000 \Windows\System32\lpk.dll
0x772A0000 \Windows\System32\user32.dll
0x77180000 \Windows\System32\kernel32.dll
0xFDA10000 \Windows\System32\ole32.dll
0xFD9F0000 \Windows\System32\imagehlp.dll
0xFD970000 \Windows\System32\difxapi.dll
0xFD8D0000 \Windows\System32\comdlg32.dll
0xFD830000 \Windows\System32\clbcatq.dll
0xFD750000 \Windows\System32\oleaut32.dll
0xFD6D0000 \Windows\System32\shlwapi.dll
0xFD6B0000 \Windows\System32\devobj.dll
0xFD670000 \Windows\System32\cfgmgr32.dll
0xFD500000 \Windows\System32\crypt32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD3F0000 \Windows\System32\KernelBase.dll
0xFD3B0000 \Windows\System32\wintrust.dll
0xFD3A0000 \Windows\System32\msasn1.dll
0x77550000 \Windows\SysWOW64\normaliz.dll

Processes (total 60):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
400 csrss.exe
460 C:\Windows\System32\wininit.exe
472 csrss.exe
480 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
488 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
532 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\winlogon.exe
648 C:\Windows\System32\lsm.exe
660 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
832 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1500 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1684 C:\Windows\System32\spoolsv.exe
1716 C:\Windows\System32\svchost.exe
1816 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1904 C:\Windows\System32\svchost.exe
1936 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1980 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1160 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
1628 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
1200 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2236 C:\Windows\System32\svchost.exe
2280 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2448 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2548 unsecapp.exe
2636 WmiPrvSE.exe
2828 C:\Windows\explorer.exe
2836 C:\Windows\System32\taskhost.exe
2860 C:\Windows\System32\dwm.exe
2672 C:\Program Files\Java\jre6\bin\jusched.exe
2732 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2924 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
2768 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
2760 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
1216 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3112 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3128 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
3952 C:\Windows\System32\SearchIndexer.exe
2320 C:\Windows\System32\svchost.exe
2604 WUDFHost.exe
704 C:\Program Files\Windows Media Player\wmpnetwk.exe
148 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3192 C:\Windows\System32\svchost.exe
3592 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
4276 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4484 C:\Windows\servicing\TrustedInstaller.exe
4784 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
2268
2544 C:\MBRCheck.exe
264 C:\Windows\System32\conhost.exe
1048 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40J

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Tue Sep 21, 2010 7:48 pm

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [You must be registered and logged in to see this link.] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [You must be registered and logged in to see this link.] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue Sep 21, 2010 11:20 pm

Hello,
I don't have a windows CD available. My computer uses Windows 7.

I must say that I am not overly technical and feel quite nervous about trying this.

I have in the meantime run many different virus scans and my computer seems to be running fine now. Perhaps I got rid of whatever the problem was.

Perhaps I will delay and see if the problem returns.

What do you think?

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Wed Sep 22, 2010 9:10 pm

I was not aware we were working on a Windows 7 system, as your profile says "windows xp."

We have proven recovery methods here, if anything bad were to happen. Go ahead with this fix, which would be correct for Windows 7.

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive (5):
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Fri Sep 24, 2010 5:19 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Fri Sep 24, 2010 6:41 pm

So is that it? Did we get it?

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Sat Sep 25, 2010 2:13 am

Please re-run MBRCheck and post a log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sat Sep 25, 2010 2:40 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sat Sep 25, 2010 3:19 am

Ah, just noticed the computer is still acting up

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sun Sep 26, 2010 4:14 am

Hello

Is there any way to speed this process up - my computer is now getting very bad and really acting up. Please help, ASAP

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sun Sep 26, 2010 5:01 pm

I am noticing that many of the exact same symptoms that happened with my other computer are happening on this one ( I referenced the thread in the opening paragraph and we got rid of the problem)

It lights up only one program icon on my desktop and will only open that particular one -I then have to right click and hit open to get them going (Any folder I finally get open - only one icon gets highlighted and opened, all others won't)

When I go online it sometimes just starts flashing and not let me do anything.
Please help, even several suggestions at once will be fine. It is my main computer and need to get back on it.
Thanks

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Sun Sep 26, 2010 7:33 pm

Because you bumped your topic repeatedly, I did not see that you replied. Please be patient. As you can see in my signature that I respond slowly on weekends.

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon Sep 27, 2010 12:36 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 199):
0x0345F000 \SystemRoot\system32\ntoskrnl.exe
0x03416000 \SystemRoot\system32\hal.dll
0x00BB0000 \SystemRoot\system32\kdcom.dll
0x00CD2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D16000 \SystemRoot\system32\PSHED.dll
0x00D2A000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EE3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F87000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F96000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00FE2000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D88000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9D000 \SystemRoot\System32\drivers\volmgrx.sys
0x010CA000 \SystemRoot\system32\DRIVERS\intelide.sys
0x010D2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010E2000 \SystemRoot\system32\DRIVERS\aliide.sys
0x010E9000 \SystemRoot\system32\DRIVERS\amdide.sys
0x010F0000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x010F8000 \SystemRoot\System32\drivers\mountmgr.sys
0x01112000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01138000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01161000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01191000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01198000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0129E000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013BC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013C5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01200000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0121D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0127F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011A0000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01000000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01434000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x0148A000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x014B9000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014D7000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x0151E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01529000 \SystemRoot\system32\DRIVERS\arc.sys
0x01542000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x0155D000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015E4000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01400000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0141F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0107B000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0128A000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016D7000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x0177B000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x0178B000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01832000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019D6000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019E4000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01800000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x0180A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01689000 \SystemRoot\system32\drivers\PCTCore64.sys
0x016C1000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01A03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C1D000 \SystemRoot\System32\Drivers\msrpc.sys
0x01C7B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C95000 \SystemRoot\System32\Drivers\cng.sys
0x01D08000 \SystemRoot\System32\drivers\pcw.sys
0x01D19000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E0E000 \SystemRoot\system32\drivers\ndis.sys
0x01F00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01F8B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01FD5000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D23000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01FDD000 \SystemRoot\System32\Drivers\spldr.sys
0x01D6F000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01D8C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01FE5000 \SystemRoot\System32\Drivers\mup.sys
0x01FF7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01DC6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C00000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01E00000 \SystemRoot\System32\Drivers\Null.SYS
0x01C16000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BD0000 \SystemRoot\System32\drivers\vga.sys
0x017B6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BDE000 \SystemRoot\System32\drivers\watchdog.sys
0x01BEE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BF7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0181E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01827000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0109A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017EC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0349A000 \SystemRoot\System32\Drivers\avgtdia.sys
0x034EB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03530000 \SystemRoot\system32\drivers\afd.sys
0x035BA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x035C3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035E9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03400000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0342C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03447000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04221000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04272000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0427E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04289000 \SystemRoot\System32\drivers\discache.sys
0x04298000 \SystemRoot\System32\Drivers\dfsc.sys
0x042B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042C7000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x042CF000 \SystemRoot\System32\Drivers\avgldx64.sys
0x04316000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0433C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04352000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0441D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D3C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04D82000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04D8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04DE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04B1C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0507E000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x057DD000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05000000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0501E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x0502A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04B55000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05039000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0503B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0504A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0504F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0505F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C24000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x057EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B9E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04BCD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0435B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x057F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0437C000 \SystemRoot\system32\DRIVERS\ks.sys
0x04BE8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05AC8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05B22000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05B37000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05A00000 \SystemRoot\system32\drivers\portcls.sys
0x05A3D000 \SystemRoot\system32\drivers\drmk.sys
0x05A5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A65000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07C2C000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x07E63000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x07F2E000 \SystemRoot\system32\drivers\modem.sys
0x07F3D000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x07F72000 \SystemRoot\System32\drivers\Dxapi.sys
0x07F7E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07F9B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07FC9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07FD7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07FF0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07E0E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x07E1C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07E37000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x07DA0000 \SystemRoot\system32\drivers\luafv.sys
0x07DC3000 \SystemRoot\system32\drivers\WudfPf.sys
0x07E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E6C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02EBF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02ED2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02EEA000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02EF4000 \SystemRoot\system32\drivers\HTTP.sys
0x02FBC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02FDA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C89000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03CD7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03CFA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x03CFF000 \SystemRoot\system32\drivers\peauth.sys
0x03DA5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03DB0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03DDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03DEF000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x03C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x078CC000 \SystemRoot\System32\DRIVERS\srv.sys
0x07962000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07993000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x77490000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFF7B0000 \Windows\System32\apisetschema.dll
0xFFB60000 \Windows\System32\autochk.exe

Processes (total 63):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
392 csrss.exe
456 C:\Windows\System32\wininit.exe
472 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
480 csrss.exe
488 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
552 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\winlogon.exe
664 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
836 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1584 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1700 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1816 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1924 C:\Windows\System32\svchost.exe
1952 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2032 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1264 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
1884 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
1172 C:\Windows\System32\svchost.exe
2180 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2228 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2620 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2680 unsecapp.exe
2792 WmiPrvSE.exe
3020 C:\Windows\System32\taskhost.exe
2292 C:\Windows\System32\dwm.exe
2324 C:\Windows\explorer.exe
3504 C:\Windows\System32\svchost.exe
3556 C:\Program Files\Java\jre6\bin\jusched.exe
3584 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3600 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
3748 WUDFHost.exe
3768 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3784 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3952 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3968 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
4000 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
3900 C:\Windows\System32\SearchIndexer.exe
3936 C:\Program Files\Windows Media Player\wmpnetwk.exe
1420 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
4144 C:\Windows\System32\svchost.exe
3756 C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
4284 C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
2988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
3472 C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
3764 C:\Program Files (x86)\AVG\AVG9\avgscana.exe
4356 C:\Windows\System32\conhost.exe
4532 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
1636 C:\Program Files (x86)\AVG\AVG9\avgui.exe
4596 C:\Users\LA\Desktop\MBRCheck.exe
2732 C:\Windows\System32\conhost.exe
4652 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40J

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Mon Sep 27, 2010 8:44 pm

And now, a new log please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue Sep 28, 2010 4:20 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Wed Sep 29, 2010 1:20 am

Did you ever have any recovery discs that came along with your computer?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed Sep 29, 2010 1:39 am

can belazur elp me - dont want to lose data

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Wed Sep 29, 2010 1:44 am

This has nothing to do with who can help you, without a recovery or install disc, we are very limited.

Your Master Boot Record is severely infected. We need to fully disinfect it, or else this malware will never go away.

I don't want you to reformat/reinstall. We just need to do a data-safe recovery method that fixes the Master Boot Record.

Otherwise: your system will be continuously infected.

Reboot your computer, and at the boot screen, press F8 until you get a menu showing "Safe Mode, Safe Mode with Networking, etc."

Please tell me if you see an option called "Repair Your Computer."


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed Sep 29, 2010 3:00 am

Yes, there seems to be a Repair your computer option.
And I can find disc 1 and 2 of recovery discs that I made but there is a third missing (should I be looking for that one? ). I'm not even sure if recovery discs and bootable discs are the same thing?

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Thu Sep 30, 2010 9:48 am

When booting, select the Repair your computer option.

Then, select Command Prompt.

Type in bootrec.exe /FixMbr and press Enter.

Once done, type in exit and it should reboot your computer.

When you have finished that, please post a new MBRCheck log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Thu Sep 30, 2010 3:42 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 236):
0x0341B000 \SystemRoot\system32\ntoskrnl.exe
0x039F7000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00CB3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF7000 \SystemRoot\system32\PSHED.dll
0x00D0B000 \SystemRoot\system32\CLFS.SYS
0x00EA2000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F62000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F71000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00D69000 \SystemRoot\System32\drivers\partmgr.sys
0x00D7E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00D87000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D93000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010CA000 \SystemRoot\System32\drivers\volmgrx.sys
0x01126000 \SystemRoot\system32\DRIVERS\intelide.sys
0x0112E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0113E000 \SystemRoot\system32\DRIVERS\aliide.sys
0x01145000 \SystemRoot\system32\DRIVERS\amdide.sys
0x0114C000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x01154000 \SystemRoot\System32\drivers\mountmgr.sys
0x0116E000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01194000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x011BD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011ED000 \SystemRoot\system32\drivers\pavboot64.sys
0x011F8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01000000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01265000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01383000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0138C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013B6000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
0x013D3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013DE000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01008000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x00DA8000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01083000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x014AC000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014CA000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01511000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0151C000 \SystemRoot\system32\DRIVERS\arc.sys
0x01535000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01550000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015D7000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01400000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0141F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01432000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01451000 \SystemRoot\system32\DRIVERS\megasas.sys
0x0167F000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01723000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01733000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0181B000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x0175E000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019BF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019CD000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019E5000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017BD000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
0x01600000 \SystemRoot\system32\drivers\PCTCore64.sys
0x01638000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01A33000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C83000 \SystemRoot\System32\Drivers\msrpc.sys
0x01CE1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01CFB000 \SystemRoot\System32\Drivers\cng.sys
0x01D6E000 \SystemRoot\System32\drivers\pcw.sys
0x01D7F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EE9000 \SystemRoot\system32\drivers\ndis.sys
0x01E00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02001000 \SystemRoot\System32\drivers\tcpip.sys
0x01E8B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ED5000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D89000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01EDD000 \SystemRoot\System32\Drivers\spldr.sys
0x01FDB000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C3A000 \SystemRoot\System32\Drivers\mup.sys
0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0145D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C55000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DD5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01C6B000 \SystemRoot\System32\Drivers\Null.SYS
0x01FF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x01C74000 \SystemRoot\System32\drivers\vga.sys
0x01BD6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A00000 \SystemRoot\System32\drivers\watchdog.sys
0x01A10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01A19000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01A22000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0164D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0165E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03472000 \SystemRoot\System32\Drivers\avgtdia.sys
0x034C3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03508000 \SystemRoot\system32\drivers\afd.sys
0x03592000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0359B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035C1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x035D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0341D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03438000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0423A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0428B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04297000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x042A2000 \SystemRoot\System32\drivers\discache.sys
0x042B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x042CF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042E0000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x042E8000 \SystemRoot\System32\Drivers\avgldx64.sys
0x0432F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04355000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0436B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x044A3000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C91000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D85000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04DCB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04BA2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05051000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x057B0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x057BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x057DB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x057E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05000000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05049000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04DD8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0504B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04DE7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04BDB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04424000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04430000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0445F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0447A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04374000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x057F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0438E000 \SystemRoot\system32\DRIVERS\ks.sys
0x043D1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A64000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05ABE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05AD3000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05B7F000 \SystemRoot\system32\drivers\portcls.sys
0x05BBC000 \SystemRoot\system32\drivers\drmk.sys
0x05BDE000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A00000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07C4F000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x07EAF000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x07F7A000 \SystemRoot\system32\drivers\modem.sys
0x07F89000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x07FB0000 \SystemRoot\System32\drivers\Dxapi.sys
0x07FCA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07E00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07E2E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07E49000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07E57000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07E70000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07E79000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07E87000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07E94000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x07DC3000 \SystemRoot\system32\drivers\luafv.sys
0x07C00000 \SystemRoot\system32\drivers\WudfPf.sys
0x07FE7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E6D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02EC0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02ED3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02EEB000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02EF5000 \SystemRoot\system32\drivers\HTTP.sys
0x02FBD000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02E1E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02E36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0324B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03299000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x032BC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x032C1000 \SystemRoot\system32\drivers\peauth.sys
0x03367000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03372000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0339F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x033B1000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x04E49000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04EB1000 \SystemRoot\System32\DRIVERS\srv.sys
0x04F47000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x76FC0000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0xFF2E0000 \Windows\System32\apisetschema.dll
0xFF650000 \Windows\System32\autochk.exe
0x76EA0000 \Windows\System32\kernel32.dll
0xFF150000 \Windows\System32\urlmon.dll
0xFF070000 \Windows\System32\oleaut32.dll
0xFF020000 \Windows\System32\Wldap32.dll
0x76DA0000 \Windows\System32\user32.dll
0x77190000 \Windows\System32\normaliz.dll
0xFEEF0000 \Windows\System32\wininet.dll
0xFEED0000 \Windows\System32\sechost.dll
0xFEEB0000 \Windows\System32\imagehlp.dll
0xFEDE0000 \Windows\System32\usp10.dll
0xFED60000 \Windows\System32\shlwapi.dll
0x77180000 \Windows\System32\psapi.dll
0xFED10000 \Windows\System32\ws2_32.dll
0xFEC00000 \Windows\System32\msctf.dll
0xFEBF0000 \Windows\System32\lpk.dll
0xFEB10000 \Windows\System32\advapi32.dll
0xFEA70000 \Windows\System32\msvcrt.dll
0xFEA60000 \Windows\System32\nsi.dll
0xFE9C0000 \Windows\System32\clbcatq.dll
0xFE760000 \Windows\System32\iertutil.dll
0xFE6F0000 \Windows\System32\gdi32.dll
0xFE5C0000 \Windows\System32\rpcrt4.dll
0xFE590000 \Windows\System32\imm32.dll
0xFE380000 \Windows\System32\ole32.dll
0xFE1A0000 \Windows\System32\setupapi.dll
0xFD410000 \Windows\System32\shell32.dll
0xFD390000 \Windows\System32\difxapi.dll
0xFD2F0000 \Windows\System32\comdlg32.dll
0xFD250000 \Windows\System32\comctl32.dll
0xFD0E0000 \Windows\System32\crypt32.dll
0xFD0A0000 \Windows\System32\cfgmgr32.dll
0xFD080000 \Windows\System32\devobj.dll
0xFD040000 \Windows\System32\wintrust.dll
0xFCFD0000 \Windows\System32\KernelBase.dll
0xFCFC0000 \Windows\System32\msasn1.dll
0x75FA0000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
400 csrss.exe
484 C:\Windows\System32\wininit.exe
492 csrss.exe
504 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
512 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
592 C:\Windows\System32\services.exe
612 C:\Windows\System32\winlogon.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
704 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
800 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1512 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1676 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\svchost.exe
1840 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1936 C:\Windows\System32\svchost.exe
1984 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1260 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1412 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
1888 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
2052 C:\Windows\System32\svchost.exe
2340 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2396 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2480 unsecapp.exe
2540 WmiPrvSE.exe
2676 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3048 C:\Windows\System32\taskhost.exe
2148 C:\Windows\System32\dwm.exe
1192 C:\Windows\explorer.exe
2120 C:\Program Files\Java\jre6\bin\jusched.exe
2476 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2620 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
3204 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3244 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3260 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3300 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3316 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
3916 C:\Windows\System32\SearchIndexer.exe
4052 C:\Windows\System32\svchost.exe
2468 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
3980 WUDFHost.exe
3752 C:\Program Files\Windows Media Player\wmpnetwk.exe
1216 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1500 C:\Windows\System32\svchost.exe
4420 C:\Windows\System32\SearchProtocolHost.exe
1664 C:\Windows\System32\SearchFilterHost.exe
1420 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
4120 C:\Users\LA\Desktop\MBRCheck.exe
4528 C:\Windows\System32\conhost.exe
4488 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40J

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Fri Oct 01, 2010 2:58 am

Hooray! Yay!

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sun Oct 03, 2010 6:19 pm

Sorry for the delay, I ran the scan and everything came out clean. I think we got it!!:-) So can probably close off.

Thanks for all your expert help!

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Tue Oct 05, 2010 1:45 am

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Tue Oct 19, 2010 5:20 am

Still with us?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed Oct 20, 2010 5:25 am

Hi,

I am very sorry. Had a problem getting back onto this site. I did all of the above. So here is the log

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Eusing Free Registry Cleaner
Auslogics Registry Cleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 16
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3
Adobe Reader 9.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Wed Oct 20, 2010 8:36 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon Oct 25, 2010 7:10 pm

Thanks very much. I do have windows firewall so do I need to also put on another firewall? If I use a different firewall should I then turn off windows firewall?

Also am having a small problem and ran all anti-spyware and only gmer found a problem which I am posting below. Is it a problem and if so how do I fix it?

GMER 1.0.15.15477 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-25 12:38:23
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@LeaseObtainedTime 1288027595
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@T1 1288027649
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@T2 1288027694
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B1BDBB9-CA66-4A0A-BAF2-CAC9E292D1DB}@LeaseTerminatesTime 1288027715

---- EOF - GMER 1.0.15 ----

thanks

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 25986
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Dr Jay on Mon Oct 25, 2010 8:40 pm

That is no problem. Looks safe.

Not everything GMER finds (luckily) is bad. Wink

Also, choosing a different firewall from the list will be better, because Windows Firewall is a bit lacking, it seems. A third party firewall will be stronger.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum