Computer Infected Not Sure what it is

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Computer Infected Not Sure what it is

Post by MJ1 on Mon 20 Sep 2010, 12:21 pm

Hello,
I was on this site once in March and was helped with an older computer. I now have a Windows 7 64 bit computer and what is on here seems very similar to what I had on my old computer. The symptoms are almost identical. Here is the past thread for reference. [You must be registered and logged in to see this link.]

I am coming here for help much sooner than with the last computer - so the symptoms are not as yet as severe.
Symptoms:
1.Turns off antivirus - AVG will start a scan but then it turns it off - same with Malware bites and Super Antispyware and spyware doctor - won't let me run anything
2. It lights up only one program icon on my desktop and will only open that particular one - if I go into the right click menu then press open - it will open
3.firefox browser gets stuck at the bottom of the page and won't move - it just flashes when I try to move the curser up

HERE IS MY OTL SCAN:
OTL logfile created on: 9/19/2010 6:52:53 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\LA\Desktop\Documents\ABC14
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.41 Gb Total Space | 208.82 Gb Free Space | 73.17% Space Free | Partition Type: NTFS
Drive D: | 12.49 Gb Total Space | 2.08 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LA-PC
Current User Name: LA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/19 18:46:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\LA\Desktop\Documents\ABC14\OTL.exe
PRC - [2010/09/09 20:52:05 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/09 20:43:38 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2010/09/09 20:43:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/20 11:25:53 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 11:04:40 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 11:04:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 11:04:11 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/25 21:44:37 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/08/17 12:13:44 | 001,486,848 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (SafeList) ==========

MOD - [2010/09/19 18:46:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\LA\Desktop\Documents\ABC14\OTL.exe
MOD - [2010/09/09 20:44:05 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/09 20:43:37 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
MOD - [2010/09/09 20:43:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2009/07/13 19:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 19:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/20 11:25:53 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 11:04:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/24 11:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/07/15 11:04:40 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 11:04:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 09:24:06 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/11/09 12:20:10 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/20 17:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 11:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 11:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 11:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 11:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 11:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/23 18:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 22:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/03 13:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/26 06:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/08/16 14:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2010/05/30 17:09:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/30 17:09:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/30 17:09:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1QQ?МI{WyI{I{HC>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.7.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.05
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.3.8
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31
FF - prefs.js..extensions.enabledItems: searchsite@DW-dev:1.8


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 14:34:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/19 09:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 09:25:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/19 09:25:38 | 000,000,000 | ---D | M]

[2010/07/20 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Extensions
[2010/07/20 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/19 09:49:47 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/19 09:25:47 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/07/25 16:06:25 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/08/26 14:00:07 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/06/23 15:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/05/07 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\firebug@software.joehewitt.com
[2010/09/11 09:15:13 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\rankchecker@seobook.com
[2010/03/08 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\robsbacklinkbuilder@robwhisonant.com
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\searchsite@DW-dev
[2010/09/19 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\seo4firefox@seobook.com
[2010/09/05 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\seotoolbar@seobook.com
[2010/06/19 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\extensions\yslow@yahoo-inc.com
[2010/08/07 07:32:32 | 000,002,887 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\domainsbotcom.xml
[2010/08/25 11:55:05 | 000,001,635 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\firefox-add-ons.xml
[2010/09/17 06:57:10 | 000,005,090 | ---- | M] () -- C:\Users\LA\AppData\Roaming\Mozilla\Firefox\Profiles\b0bh0gur.default\searchplugins\youtube.xml
[2010/09/19 09:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/07 13:38:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/21 13:04:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 21:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/09 08:40:11 | 000,000,931 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.2 licensing.intellimon.com
O1 - Hosts: 127.0.0.2 mailserver.intellimon.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} [You must be registered and logged in to see this link.] (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/10 05:19:41 | 000,000,000 | ---D | M] - C:\Auto Blogging Software WSO $47 -- [ NTFS ]
O33 - MountPoints2\{098f22de-2632-11df-b270-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{098f22de-2632-11df-b270-001e642cddd0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1d34a1de-fcf1-11de-b741-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{1d34a1de-fcf1-11de-b741-001e642cddd0}\Shell\AutoRun\command - "" = F:\laucher.exe -- File not found
O33 - MountPoints2\{5b27dd8d-3cc4-11df-8396-001f16eb01ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5b27dd8d-3cc4-11df-8396-001f16eb01ae}\Shell\AutoRun\command - "" = G:\MediaManager.exe -- File not found
O33 - MountPoints2\{7317175c-fb42-11de-aab9-001e642cddd0}\Shell - "" = AutoRun
O33 - MountPoints2\{7317175c-fb42-11de-aab9-001e642cddd0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e268d9b-f330-11de-b68a-001f16eb01ae}\Shell - "" = AutoRun
O33 - MountPoints2\{9e268d9b-f330-11de-b68a-001f16eb01ae}\Shell\AutoRun\command - "" = F:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/09/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Dad Problems
[2010/09/09 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/09 20:43:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/09 20:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/09 20:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/09 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/09 20:43:30 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Real
[2010/09/03 01:00:02 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\QuickPlay
[2010/08/30 08:43:56 | 000,000,000 | ---D | C] -- C:\Articles ReWritten
[2010/08/29 13:24:04 | 000,000,000 | ---D | C] -- C:\2f806cd18b85ca8ab1d747b5abafb770
[2010/08/29 13:16:51 | 000,000,000 | ---D | C] -- C:\2845b24da2fd5da100
[2010/08/29 13:15:15 | 000,000,000 | ---D | C] -- C:\ee13e07ee3ddeb0500eb075b990614
[2010/08/28 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\LA\Documents\My Domain Records
[2010/08/28 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softnik Technologies
[2010/08/27 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\LA\dwhelper
[2010/08/25 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\LA\Desktop\upressv5
[2010/08/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBP 11
[2010/08/24 13:17:17 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\IBP
[2010/08/23 00:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLS Media
[2010/08/09 08:41:08 | 000,000,000 | ---D | C] -- C:\Users\LA\Documents\Micro Niche Finder
[2010/08/09 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Micro Niche Finder
[2010/08/09 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Micro Niche Finder
[2010/08/09 08:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyPHP-5.3.3
[2010/08/07 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\skypePM
[2010/08/07 13:39:36 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Skype
[2010/08/07 13:37:57 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/07 13:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/07 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/08/07 13:34:25 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/07/20 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\MozSwing
[2010/07/20 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEO PowerSuite
[2010/07/17 15:30:37 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\ccsetup233.exe
[2010/07/15 11:04:39 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/04 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incansoft
[2010/07/04 12:46:30 | 000,000,000 | ---D | C] -- C:\IS0034
[2010/07/04 02:45:05 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/07/04 02:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/07/04 02:42:51 | 002,764,720 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\RegistrarLite.exe
[2010/07/03 23:07:18 | 000,000,000 | ---D | C] -- C:\ScrubTmp
[2010/07/03 22:40:29 | 000,000,000 | ---D | C] -- C:\343870be3367ffa420e42b30e4
[2010/07/03 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\IsolatedStorage
[2010/07/02 17:59:49 | 000,000,000 | ---D | C] -- C:\WordFlood Activ code
[2010/07/02 17:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordFlood 2.0
[2010/06/28 15:43:38 | 000,740,432 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\sg20o.ocx
[2010/06/28 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Niche Research Commando
[2010/06/28 15:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Version
[2010/06/28 13:28:11 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Roaming\Affilorama
[2010/06/28 13:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traffic Travis v3
[2010/06/28 11:20:08 | 000,000,000 | ---D | C] -- C:\8f30480d3b7097bb0c5f7ef7b8467535
[2010/06/28 02:13:31 | 000,000,000 | ---D | C] -- C:\1cb88b731fdd5f4a1010254e4c
[2010/06/27 06:40:51 | 000,000,000 | ---D | C] -- C:\325f060c6272aac42ccb89
[2010/06/27 00:32:24 | 000,000,000 | ---D | C] -- C:\c6c673037c9abcea6af5a979f0bb2b
[2010/06/25 12:02:18 | 000,000,000 | ---D | C] -- C:\8bc0ebb71a6bd7f2c6b506f6
[2010/06/25 02:50:25 | 000,000,000 | ---D | C] -- C:\099c4b18e9624e2b4728
[2010/06/24 00:13:41 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\SubmissionTool
[2010/06/24 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\LA\AppData\Local\SocialSubmitter
[2010/06/23 16:38:58 | 000,000,000 | ---D | C] -- C:\Articles
[2010/06/23 15:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNV Infotech
[2010/06/23 15:20:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/06/23 14:35:50 | 000,000,000 | -HSD | C] -- C:\Users\LA\AppData\Roaming\.#
[2010/06/23 14:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/06/23 14:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Action Machine
[2010/06/23 14:35:20 | 000,000,000 | ---D | C] -- C:\theactionmachine2
[1 C:\Users\LA\*.tmp files -> C:\Users\LA\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/19 18:53:18 | 005,505,024 | -HS- | M] () -- C:\Users\LA\ntuser.dat
[2010/09/19 18:43:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 18:43:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 18:40:19 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 18:40:19 | 000,628,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 18:40:19 | 000,111,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 18:39:45 | 065,036,688 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/19 18:38:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/19 18:35:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 18:35:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/09/19 18:35:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 18:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 18:35:36 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 18:31:10 | 005,001,404 | -H-- | M] () -- C:\Users\LA\AppData\Local\IconCache.db
[2010/09/19 18:06:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/19 18:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14408874-1626793267-1475201148-1000UA.job
[2010/09/19 17:44:59 | 002,742,959 | ---- | M] () -- C:\Users\LA\.websiteauditor.properties
[2010/09/19 09:39:00 | 000,023,611 | ---- | M] () -- C:\Users\LA\Desktop\BUNCH of Downloads.odt
[2010/09/17 10:47:45 | 000,130,048 | ---- | M] () -- C:\Users\LA\Desktop\Zfindit2 .doc
[2010/09/17 07:59:24 | 001,993,420 | ---- | M] () -- C:\Launch Manager 1.00.1e.zip
[2010/09/17 07:51:24 | 000,038,691 | ---- | M] () -- C:\Users\LA\Desktop\KEYBOARD DRIVER DETAILS.JPG
[2010/09/16 11:09:35 | 000,043,028 | ---- | M] () -- C:\Users\LA\Documents\live chat.JPG
[2010/09/15 14:00:40 | 000,423,345 | ---- | M] () -- C:\Users\LA\Desktop\MEETINGList.pdf
[2010/09/14 22:49:43 | 000,083,748 | ---- | M] () -- C:\Users\LA\Documents\Site Flipping2.pdf
[2010/09/14 22:48:30 | 001,054,331 | ---- | M] () -- C:\Users\LA\Documents\Site Flipping Manual.pdf
[2010/09/14 22:39:33 | 000,171,051 | ---- | M] () -- C:\Users\LA\Documents\Awakening-the-Dream.pdf
[2010/09/13 23:01:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14408874-1626793267-1475201148-1000Core1cab6c160c20022.job
[2010/09/09 20:44:35 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/09/09 20:44:05 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/09 20:43:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/09 20:39:14 | 000,000,839 | ---- | M] () -- C:\kvno_audio.mov
[2010/09/09 18:13:56 | 000,000,063 | ---- | M] () -- C:\kvno.rm
[2010/09/03 21:32:54 | 000,099,473 | ---- | M] () -- C:\Users\LA\Desktop\ALLDomains-77278727.csv
[2010/09/01 01:01:02 | 000,003,367 | ---- | M] () -- C:\history.data
[2010/08/29 21:37:06 | 000,000,061 | ---- | M] () -- C:\Windows\s2t.ini
[2010/08/29 13:07:36 | 000,002,090 | ---- | M] () -- C:\Users\LA\Desktop\Auto Blogging - Shortcut.lnk
[2010/08/29 12:31:17 | 000,003,117 | ---- | M] () -- C:\Users\LA\Desktop\ABS-UserManual.pdf.lnk
[2010/08/28 23:37:44 | 000,022,016 | ---- | M] () -- C:\Users\LA\Desktop\ZSiteMakerDoc.doc
[2010/08/28 13:22:20 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Domain Name Analyzer v5.lnk
[2010/08/25 19:54:40 | 000,000,923 | ---- | M] () -- C:\Users\LA\Desktop\ABC14 - Shortcut.lnk
[2010/08/25 11:41:09 | 000,001,923 | ---- | M] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/25 11:41:09 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 01:36:13 | 000,006,225 | ---- | M] () -- C:\Users\LA\Desktop\ToDoList - Shortcut.lnk
[2010/08/23 00:28:49 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\BlogSlammer!.lnk
[2010/08/21 00:05:55 | 000,461,377 | ---- | M] () -- C:\Users\LA\.spyglass.properties
[2010/08/20 23:24:46 | 000,000,923 | ---- | M] () -- C:\Users\LA\Desktop\ABC11 - Shortcut.lnk
[2010/08/20 17:03:09 | 000,002,344 | ---- | M] () -- C:\Users\LA\Desktop\Google Chrome.lnk
[2010/08/20 00:20:03 | 000,001,876 | ---- | M] () -- C:\Users\LA\Desktop\ABC12 - Shortcut.lnk
[2010/08/19 17:14:34 | 000,029,184 | ---- | M] () -- C:\Users\LA\Desktop\Photoshoplinkns.doc
[2010/08/17 17:43:03 | 004,198,724 | ---- | M] () -- C:\FileZilla_3.3.4.1_win32-setup.exe
[2010/08/13 08:10:02 | 000,363,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 19:34:50 | 000,018,703 | ---- | M] () -- C:\Users\LA\Desktop\Text for Ads Odesk.odt
[2010/08/09 08:58:59 | 000,001,899 | ---- | M] () -- C:\Users\LA\Desktop\EasyPHP 5.3.3.lnk
[2010/08/09 08:37:17 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Micro Niche Finder.lnk
[2010/08/09 08:37:17 | 000,001,967 | ---- | M] () -- C:\Users\LA\Desktop\Micro Niche Finder.lnk
[2010/08/09 00:33:12 | 001,344,512 | ---- | M] () -- C:\Users\LA\Documents\writer.dsam
[2010/08/07 15:03:09 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/07 13:40:55 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/07 13:34:29 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/07/25 03:20:25 | 000,014,635 | ---- | M] () -- C:\Users\LA\Desktop\resume-sample-lawyer-legal1.gif
[2010/07/24 01:07:41 | 000,224,598 | ---- | M] () -- C:\Users\LA\Desktop\Deb FPBSC_kit.pdf
[2010/07/20 21:05:07 | 000,002,272 | ---- | M] () -- C:\Users\LA\Desktop\LinkAssistant.lnk
[2010/07/20 21:04:55 | 000,002,301 | ---- | M] () -- C:\Users\LA\Desktop\WebSite Auditor.lnk
[2010/07/20 21:04:43 | 000,002,247 | ---- | M] () -- C:\Users\LA\Desktop\Rank Tracker.lnk
[2010/07/20 21:04:27 | 000,002,247 | ---- | M] () -- C:\Users\LA\Desktop\SEO SpyGlass.lnk
[2010/07/17 15:42:55 | 000,456,306 | ---- | M] () -- C:\Users\LA\Documents\cc_20100717_154225.reg
[2010/07/17 15:37:52 | 000,000,967 | ---- | M] () -- C:\Users\LA\Desktop\CCleaner.lnk
[2010/07/17 15:31:09 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\ccsetup233.exe
[2010/07/15 11:04:40 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/15 11:04:39 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/15 11:04:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/04 13:02:12 | 000,001,853 | ---- | M] () -- C:\Users\LA\Desktop\WEB20Bot_Client - Shortcut.lnk
[2010/07/04 02:42:54 | 002,764,720 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\RegistrarLite.exe
[2010/07/03 21:40:54 | 000,005,160 | ---- | M] () -- C:\Users\LA\Desktop\ABC10 - Shortcut.lnk
[2010/07/03 21:32:48 | 000,012,416 | ---- | M] () -- C:\Users\LA\Desktop\StressDomains.csv
[2010/07/02 17:58:01 | 000,001,029 | ---- | M] () -- C:\Users\LA\Desktop\WordFlood 2.0.lnk
[2010/06/30 23:42:18 | 000,000,973 | ---- | M] () -- C:\Users\LA\Desktop\Traffic Travis.lnk
[2010/06/28 13:30:12 | 000,000,997 | ---- | M] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/06/23 16:02:56 | 000,001,744 | ---- | M] () -- C:\Users\LA\Desktop\DesktipApp - Shortcut.lnk
[2010/06/23 15:21:20 | 000,735,290 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 14:35:48 | 000,001,898 | ---- | M] () -- C:\Users\LA\Desktop\The Action Machine.lnk
[2010/06/23 11:54:37 | 005,327,844 | ---- | M] () -- C:\theactionmachine2.zip
[2010/06/22 02:17:14 | 000,163,955 | ---- | M] () -- C:\Windows\XHeader Bonus Download Uninstaller.exe
[1 C:\Users\LA\*.tmp files -> C:\Users\LA\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 17:43:49 | 002,742,959 | ---- | C] () -- C:\Users\LA\.websiteauditor.properties
[2010/09/17 07:59:20 | 001,993,420 | ---- | C] () -- C:\Launch Manager 1.00.1e.zip
[2010/09/17 07:51:24 | 000,038,691 | ---- | C] () -- C:\Users\LA\Desktop\KEYBOARD DRIVER DETAILS.JPG
[2010/09/16 11:09:35 | 000,043,028 | ---- | C] () -- C:\Users\LA\Documents\live chat.JPG
[2010/09/15 14:00:40 | 000,423,345 | ---- | C] () -- C:\Users\LA\Desktop\MEETINGList.pdf
[2010/09/14 22:49:43 | 000,083,748 | ---- | C] () -- C:\Users\LA\Documents\Site Flipping2.pdf
[2010/09/14 22:48:30 | 001,054,331 | ---- | C] () -- C:\Users\LA\Documents\Site Flipping Manual.pdf
[2010/09/14 22:39:33 | 000,171,051 | ---- | C] () -- C:\Users\LA\Documents\Awakening-the-Dream.pdf
[2010/09/09 20:44:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/09 20:44:05 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/09 20:39:14 | 000,000,839 | ---- | C] () -- C:\kvno_audio.mov
[2010/09/09 18:13:55 | 000,000,063 | ---- | C] () -- C:\kvno.rm
[2010/09/03 15:23:16 | 000,000,084 | ---- | C] () -- C:\Users\LA\AppData\Local\DVDPATH.TXT
[2010/09/03 01:00:02 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2010/08/29 13:07:36 | 000,002,090 | ---- | C] () -- C:\Users\LA\Desktop\Auto Blogging - Shortcut.lnk
[2010/08/29 12:27:43 | 000,003,117 | ---- | C] () -- C:\Users\LA\Desktop\ABS-UserManual.pdf.lnk
[2010/08/28 13:22:20 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Domain Name Analyzer v5.lnk
[2010/08/27 22:48:29 | 000,099,473 | ---- | C] () -- C:\Users\LA\Desktop\ALLDomains-77278727.csv
[2010/08/25 19:54:40 | 000,000,923 | ---- | C] () -- C:\Users\LA\Desktop\ABC14 - Shortcut.lnk
[2010/08/25 11:41:09 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 01:36:13 | 000,006,225 | ---- | C] () -- C:\Users\LA\Desktop\ToDoList - Shortcut.lnk
[2010/08/23 00:28:49 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\BlogSlammer!.lnk
[2010/08/22 11:32:45 | 000,023,611 | ---- | C] () -- C:\Users\LA\Desktop\BUNCH of Downloads.odt
[2010/08/20 00:20:03 | 000,001,876 | ---- | C] () -- C:\Users\LA\Desktop\ABC12 - Shortcut.lnk
[2010/08/19 17:14:32 | 000,029,184 | ---- | C] () -- C:\Users\LA\Desktop\Photoshoplinkns.doc
[2010/08/17 17:42:52 | 004,198,724 | ---- | C] () -- C:\FileZilla_3.3.4.1_win32-setup.exe
[2010/08/09 10:24:22 | 000,018,703 | ---- | C] () -- C:\Users\LA\Desktop\Text for Ads Odesk.odt
[2010/08/09 08:58:59 | 000,001,899 | ---- | C] () -- C:\Users\LA\Desktop\EasyPHP 5.3.3.lnk
[2010/08/09 08:40:58 | 000,001,967 | ---- | C] () -- C:\Users\LA\Desktop\Micro Niche Finder.lnk
[2010/08/09 08:37:17 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Micro Niche Finder.lnk
[2010/08/08 16:11:24 | 001,344,512 | ---- | C] () -- C:\Users\LA\Documents\writer.dsam
[2010/08/07 13:40:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/07 13:37:57 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/04 22:06:25 | 000,000,061 | ---- | C] () -- C:\Windows\s2t.ini
[2010/08/03 22:51:35 | 000,130,048 | ---- | C] () -- C:\Users\LA\Desktop\Zfindit2 .doc
[2010/07/25 03:20:25 | 000,014,635 | ---- | C] () -- C:\Users\LA\Desktop\resume-sample-lawyer-legal1.gif
[2010/07/24 01:07:41 | 000,224,598 | ---- | C] () -- C:\Users\LA\Desktop\Deb FPBSC_kit.pdf
[2010/07/20 22:12:34 | 000,461,377 | ---- | C] () -- C:\Users\LA\.spyglass.properties
[2010/07/20 21:05:07 | 000,002,272 | ---- | C] () -- C:\Users\LA\Desktop\LinkAssistant.lnk
[2010/07/20 21:04:55 | 000,002,301 | ---- | C] () -- C:\Users\LA\Desktop\WebSite Auditor.lnk
[2010/07/20 21:04:43 | 000,002,247 | ---- | C] () -- C:\Users\LA\Desktop\Rank Tracker.lnk
[2010/07/20 21:04:27 | 000,002,247 | ---- | C] () -- C:\Users\LA\Desktop\SEO SpyGlass.lnk
[2010/07/17 15:42:31 | 000,456,306 | ---- | C] () -- C:\Users\LA\Documents\cc_20100717_154225.reg
[2010/07/17 15:37:52 | 000,000,967 | ---- | C] () -- C:\Users\LA\Desktop\CCleaner.lnk
[2010/07/04 13:02:12 | 000,001,853 | ---- | C] () -- C:\Users\LA\Desktop\WEB20Bot_Client - Shortcut.lnk
[2010/07/04 02:45:01 | 000,120,376 | ---- | C] () -- C:\Windows\SysWow64\rrsec.dll
[2010/07/04 02:45:01 | 000,097,888 | ---- | C] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/07/03 21:32:48 | 000,012,416 | ---- | C] () -- C:\Users\LA\Desktop\StressDomains.csv
[2010/07/03 16:20:06 | 000,000,923 | ---- | C] () -- C:\Users\LA\Desktop\ABC11 - Shortcut.lnk
[2010/07/02 17:58:01 | 000,001,029 | ---- | C] () -- C:\Users\LA\Desktop\WordFlood 2.0.lnk
[2010/06/28 13:28:11 | 000,000,997 | ---- | C] () -- C:\Users\LA\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2010/06/28 13:28:11 | 000,000,973 | ---- | C] () -- C:\Users\LA\Desktop\Traffic Travis.lnk
[2010/06/23 16:02:56 | 000,001,744 | ---- | C] () -- C:\Users\LA\Desktop\DesktipApp - Shortcut.lnk
[2010/06/23 15:21:18 | 000,735,290 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 14:35:48 | 000,001,898 | ---- | C] () -- C:\Users\LA\Desktop\The Action Machine.lnk
[2010/06/23 11:53:38 | 005,327,844 | ---- | C] () -- C:\theactionmachine2.zip
[2010/03/26 07:22:50 | 000,001,023 | ---- | C] () -- C:\Windows\seRapid.INI
[2010/02/03 17:38:28 | 000,000,047 | ---- | C] () -- C:\Windows\s2f.ini
[2010/01/19 23:18:20 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll
[2010/01/19 23:18:20 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2010/01/18 09:35:50 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Roaming\wklnhst.dat
[2010/01/14 15:55:10 | 000,000,664 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/25 21:06:47 | 000,000,177 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\QSwitch.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\DSwitch.txt
[2009/12/25 21:06:33 | 000,000,000 | ---- | C] () -- C:\Users\LA\AppData\Local\AtStart.txt
[2009/09/20 06:37:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/09/20 06:37:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/09/20 06:36:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/09/20 06:36:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/09/20 06:35:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/09/20 06:35:23 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/21 12:55:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/21 12:51:03 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/21 12:49:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/21 12:48:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/20 02:03:59 | 000,000,000 | -HSD | M] -- C:\Users\LA\AppData\Roaming\.#
[2010/06/28 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Affilorama
[2010/02/06 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Auslogics
[2010/01/19 00:39:36 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\AVG9
[2010/03/31 22:47:36 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/19 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\FileZilla
[2009/12/27 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Hyperionics
[2010/08/24 21:51:09 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\IBP
[2010/04/30 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\IObit
[2010/06/07 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\KompoZer
[2010/02/25 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/01/01 20:44:57 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\OpenOffice.org
[2010/09/14 13:04:57 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\POP Peeper
[2010/01/18 09:35:51 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\Template
[2010/02/14 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\LA\AppData\Roaming\ubot
[2010/09/19 18:35:59 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/08/22 10:33:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon 20 Sep 2010, 3:49 pm

I realize the last part of my OTL scan is missing as the virus took over my keyboard while I was typing and started deleting my message. Wow - I guess it is pretty bad. I immediately turned off my machine.

Ir is my main computer and I hope I have a small window of opportunity to get back on it without losing my keyboard functions again.

Also if I take off a few files onto a flashdrive - will the flash drive then infect another computer?


Thanks for any and all help.


MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Mon 20 Sep 2010, 8:41 pm

Hi

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon 20 Sep 2010, 9:59 pm

It won't let me run malwarebytes. The scan starts and then disappears.

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue 21 Sep 2010, 6:37 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4657

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/09/2010 1:32:16 PM
mbam-log-2010-09-20 (13-32-16).txt

Scan type: Quick scan
Objects scanned: 146015
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue 21 Sep 2010, 8:59 am

It is allowing me to stay on but the documents and settings files and several others are showing a lock on the icons and won't let me access them

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Tue 21 Sep 2010, 8:05 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed 22 Sep 2010, 2:52 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 235):
0x0345F000 \SystemRoot\system32\ntoskrnl.exe
0x03416000 \SystemRoot\system32\hal.dll
0x00BD0000 \SystemRoot\system32\kdcom.dll
0x00CC6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0A000 \SystemRoot\system32\PSHED.dll
0x00D1E000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E46000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EEA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF9000 \SystemRoot\system32\drivers\fltmgr.sys
0x00F45000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F9C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FE2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E00000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E2A000 \SystemRoot\System32\drivers\partmgr.sys
0x00D7C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00D85000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D91000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0102F000 \SystemRoot\System32\drivers\volmgrx.sys
0x0108B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x01093000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010A3000 \SystemRoot\system32\DRIVERS\aliide.sys
0x010AA000 \SystemRoot\system32\DRIVERS\amdide.sys
0x010B1000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x010B9000 \SystemRoot\System32\drivers\mountmgr.sys
0x010D3000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010F9000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01122000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01152000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01159000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0125A000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01378000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01381000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013AB000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01161000 \SystemRoot\system32\DRIVERS\storport.sys
0x013C8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013D3000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01495000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01510000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01566000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01595000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x015B3000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01400000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0140B000 \SystemRoot\system32\DRIVERS\arc.sys
0x01424000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x016A6000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x0172D000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0173E000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0175D000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01770000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0178F000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01600000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x0179B000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x017AB000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01848000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01A48000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01AA7000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01AB5000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01ACD000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01AD7000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01B01000 \SystemRoot\system32\drivers\fileinfo.sys
0x01B15000 \SystemRoot\system32\drivers\PCTCore64.sys
0x01B4D000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01C34000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B62000 \SystemRoot\System32\Drivers\msrpc.sys
0x01DD7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01E8A000 \SystemRoot\System32\Drivers\cng.sys
0x01EFD000 \SystemRoot\System32\drivers\pcw.sys
0x01F0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x020BB000 \SystemRoot\system32\drivers\ndis.sys
0x02000000 \SystemRoot\system32\drivers\NETIO.SYS
0x02060000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02202000 \SystemRoot\System32\drivers\tcpip.sys
0x021AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x021F7000 \SystemRoot\system32\DRIVERS\wd.sys
0x01F18000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0208B000 \SystemRoot\System32\Drivers\spldr.sys
0x02093000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01F64000 \SystemRoot\System32\drivers\rdyboost.sys
0x01F9E000 \SystemRoot\System32\Drivers\mup.sys
0x020B0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01FB0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01FEA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01E0E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01E38000 \SystemRoot\System32\Drivers\Null.SYS
0x01E41000 \SystemRoot\System32\Drivers\Beep.SYS
0x01E48000 \SystemRoot\System32\drivers\vga.sys
0x01E56000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01C00000 \SystemRoot\System32\drivers\watchdog.sys
0x01E7B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01C10000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01C19000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BC0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BD1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01C24000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0143F000 \SystemRoot\System32\Drivers\avgtdia.sys
0x01A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03681000 \SystemRoot\system32\drivers\afd.sys
0x0370B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03714000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0373A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03750000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0377C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03797000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037AB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0360C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03617000 \SystemRoot\System32\drivers\discache.sys
0x03626000 \SystemRoot\System32\Drivers\dfsc.sys
0x03644000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03655000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x01800000 \SystemRoot\System32\Drivers\avgldx64.sys
0x017D6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0365D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03673000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04499000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04CF1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04C46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04CA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04CBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04B98000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05232000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05991000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0599E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x059BC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x059C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04400000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x059D7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x059E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x059ED000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04449000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05216000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04BD1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04DE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0446D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0375F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05222000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01200000 \SystemRoot\system32\DRIVERS\ks.sys
0x04CDE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00DA6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x01243000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07C00000 \SystemRoot\system32\drivers\CHDRT64.sys
0x07CAC000 \SystemRoot\system32\drivers\portcls.sys
0x07CE9000 \SystemRoot\system32\drivers\drmk.sys
0x07D0B000 \SystemRoot\system32\drivers\ksthunk.sys
0x07D11000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07E15000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x080E1000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x081AC000 \SystemRoot\system32\drivers\modem.sys
0x081BB000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x081E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08000000 \SystemRoot\System32\Drivers\usbvideo.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x0802E000 \SystemRoot\System32\drivers\Dxapi.sys
0x08048000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x08056000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00760000 \SystemRoot\System32\cdd.dll
0x08071000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0807F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08098000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x080A1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x080AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x080BC000 \SystemRoot\system32\drivers\luafv.sys
0x07F89000 \SystemRoot\system32\drivers\WudfPf.sys
0x07FAA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07D63000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07FBF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07FD2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0803A000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03284000 \SystemRoot\system32\drivers\HTTP.sys
0x0334C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0336A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03382000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x033AF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03223000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x03E55000 \SystemRoot\system32\drivers\peauth.sys
0x03EFB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03F06000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03F33000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03F45000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x03F4D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06CB7000 \SystemRoot\System32\DRIVERS\srv.sys
0x06D4D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06DEF000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x773A0000 \Windows\System32\ntdll.dll
0x47E90000 \Windows\System32\smss.exe
0xFF6C0000 \Windows\System32\apisetschema.dll
0xFF700000 \Windows\System32\autochk.exe
0xFF530000 \Windows\System32\urlmon.dll
0xFF460000 \Windows\System32\usp10.dll
0xFF410000 \Windows\System32\ws2_32.dll
0x77570000 \Windows\System32\normaliz.dll
0xFE680000 \Windows\System32\shell32.dll
0xFE670000 \Windows\System32\nsi.dll
0xFE540000 \Windows\System32\rpcrt4.dll
0x77560000 \Windows\System32\psapi.dll
0xFE430000 \Windows\System32\msctf.dll
0xFE3C0000 \Windows\System32\gdi32.dll
0xFE290000 \Windows\System32\wininet.dll
0xFE260000 \Windows\System32\imm32.dll
0xFE180000 \Windows\System32\advapi32.dll
0xFE0E0000 \Windows\System32\msvcrt.dll
0xFE0C0000 \Windows\System32\sechost.dll
0xFDEE0000 \Windows\System32\setupapi.dll
0xFDE90000 \Windows\System32\Wldap32.dll
0xFDC30000 \Windows\System32\iertutil.dll
0xFDC20000 \Windows\System32\lpk.dll
0x772A0000 \Windows\System32\user32.dll
0x77180000 \Windows\System32\kernel32.dll
0xFDA10000 \Windows\System32\ole32.dll
0xFD9F0000 \Windows\System32\imagehlp.dll
0xFD970000 \Windows\System32\difxapi.dll
0xFD8D0000 \Windows\System32\comdlg32.dll
0xFD830000 \Windows\System32\clbcatq.dll
0xFD750000 \Windows\System32\oleaut32.dll
0xFD6D0000 \Windows\System32\shlwapi.dll
0xFD6B0000 \Windows\System32\devobj.dll
0xFD670000 \Windows\System32\cfgmgr32.dll
0xFD500000 \Windows\System32\crypt32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD3F0000 \Windows\System32\KernelBase.dll
0xFD3B0000 \Windows\System32\wintrust.dll
0xFD3A0000 \Windows\System32\msasn1.dll
0x77550000 \Windows\SysWOW64\normaliz.dll

Processes (total 60):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
400 csrss.exe
460 C:\Windows\System32\wininit.exe
472 csrss.exe
480 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
488 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
532 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\winlogon.exe
648 C:\Windows\System32\lsm.exe
660 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
832 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1500 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1684 C:\Windows\System32\spoolsv.exe
1716 C:\Windows\System32\svchost.exe
1816 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1904 C:\Windows\System32\svchost.exe
1936 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1980 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1160 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
1628 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
1200 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2236 C:\Windows\System32\svchost.exe
2280 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2448 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2548 unsecapp.exe
2636 WmiPrvSE.exe
2828 C:\Windows\explorer.exe
2836 C:\Windows\System32\taskhost.exe
2860 C:\Windows\System32\dwm.exe
2672 C:\Program Files\Java\jre6\bin\jusched.exe
2732 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2924 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
2768 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
2760 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
1216 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3112 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3128 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
3952 C:\Windows\System32\SearchIndexer.exe
2320 C:\Windows\System32\svchost.exe
2604 WUDFHost.exe
704 C:\Program Files\Windows Media Player\wmpnetwk.exe
148 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3192 C:\Windows\System32\svchost.exe
3592 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
4276 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4484 C:\Windows\servicing\TrustedInstaller.exe
4784 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
2268
2544 C:\MBRCheck.exe
264 C:\Windows\System32\conhost.exe
1048 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40J

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Wed 22 Sep 2010, 6:48 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:
  • How to use the Recovery Console
  • How to fix MBR in Windows XP and Vista


If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed 22 Sep 2010, 10:20 am

Hello,
I don't have a windows CD available. My computer uses Windows 7.

I must say that I am not overly technical and feel quite nervous about trying this.

I have in the meantime run many different virus scans and my computer seems to be running fine now. Perhaps I got rid of whatever the problem was.

Perhaps I will delay and see if the problem returns.

What do you think?

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Thu 23 Sep 2010, 8:10 am

I was not aware we were working on a Windows 7 system, as your profile says "windows xp."

We have proven recovery methods here, if anything bad were to happen. Go ahead with this fix, which would be correct for Windows 7.

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive (5):
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Fri 24 Sep 2010, 4:19 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sat 25 Sep 2010, 5:41 am

So is that it? Did we get it?

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Sat 25 Sep 2010, 1:13 pm

Please re-run MBRCheck and post a log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sat 25 Sep 2010, 1:40 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sat 25 Sep 2010, 2:19 pm

Ah, just noticed the computer is still acting up

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Sun 26 Sep 2010, 3:14 pm

Hello

Is there any way to speed this process up - my computer is now getting very bad and really acting up. Please help, ASAP

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon 27 Sep 2010, 4:01 am

I am noticing that many of the exact same symptoms that happened with my other computer are happening on this one ( I referenced the thread in the opening paragraph and we got rid of the problem)

It lights up only one program icon on my desktop and will only open that particular one -I then have to right click and hit open to get them going (Any folder I finally get open - only one icon gets highlighted and opened, all others won't)

When I go online it sometimes just starts flashing and not let me do anything.
Please help, even several suggestions at once will be fine. It is my main computer and need to get back on it.
Thanks

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Mon 27 Sep 2010, 6:33 am

Because you bumped your topic repeatedly, I did not see that you replied. Please be patient. As you can see in my signature that I respond slowly on weekends.

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Mon 27 Sep 2010, 11:36 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 199):
0x0345F000 \SystemRoot\system32\ntoskrnl.exe
0x03416000 \SystemRoot\system32\hal.dll
0x00BB0000 \SystemRoot\system32\kdcom.dll
0x00CD2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D16000 \SystemRoot\system32\PSHED.dll
0x00D2A000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EE3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F87000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F96000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00FE2000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D88000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9D000 \SystemRoot\System32\drivers\volmgrx.sys
0x010CA000 \SystemRoot\system32\DRIVERS\intelide.sys
0x010D2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010E2000 \SystemRoot\system32\DRIVERS\aliide.sys
0x010E9000 \SystemRoot\system32\DRIVERS\amdide.sys
0x010F0000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x010F8000 \SystemRoot\System32\drivers\mountmgr.sys
0x01112000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01138000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01161000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01191000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01198000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0129E000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013BC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013C5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01200000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0121D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0127F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011A0000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01000000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01434000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x0148A000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x014B9000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014D7000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x0151E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01529000 \SystemRoot\system32\DRIVERS\arc.sys
0x01542000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x0155D000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015E4000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01400000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0141F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0107B000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0128A000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016D7000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x0177B000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x0178B000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01832000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019D6000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019E4000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01800000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x0180A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01689000 \SystemRoot\system32\drivers\PCTCore64.sys
0x016C1000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01A03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C1D000 \SystemRoot\System32\Drivers\msrpc.sys
0x01C7B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C95000 \SystemRoot\System32\Drivers\cng.sys
0x01D08000 \SystemRoot\System32\drivers\pcw.sys
0x01D19000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E0E000 \SystemRoot\system32\drivers\ndis.sys
0x01F00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01F8B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01FD5000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D23000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01FDD000 \SystemRoot\System32\Drivers\spldr.sys
0x01D6F000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01D8C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01FE5000 \SystemRoot\System32\Drivers\mup.sys
0x01FF7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01DC6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C00000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01E00000 \SystemRoot\System32\Drivers\Null.SYS
0x01C16000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BD0000 \SystemRoot\System32\drivers\vga.sys
0x017B6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BDE000 \SystemRoot\System32\drivers\watchdog.sys
0x01BEE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BF7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0181E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01827000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0109A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017EC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0349A000 \SystemRoot\System32\Drivers\avgtdia.sys
0x034EB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03530000 \SystemRoot\system32\drivers\afd.sys
0x035BA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x035C3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035E9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03400000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0342C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03447000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04221000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04272000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0427E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04289000 \SystemRoot\System32\drivers\discache.sys
0x04298000 \SystemRoot\System32\Drivers\dfsc.sys
0x042B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042C7000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x042CF000 \SystemRoot\System32\Drivers\avgldx64.sys
0x04316000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0433C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04352000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0441D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D3C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04D82000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04D8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04DE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04B1C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0507E000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x057DD000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05000000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0501E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x0502A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04B55000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05039000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0503B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0504A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0504F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0505F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C24000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x057EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B9E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04BCD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0435B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x057F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0437C000 \SystemRoot\system32\DRIVERS\ks.sys
0x04BE8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05AC8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05B22000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05B37000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05A00000 \SystemRoot\system32\drivers\portcls.sys
0x05A3D000 \SystemRoot\system32\drivers\drmk.sys
0x05A5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A65000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07C2C000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x07E63000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x07F2E000 \SystemRoot\system32\drivers\modem.sys
0x07F3D000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x07F72000 \SystemRoot\System32\drivers\Dxapi.sys
0x07F7E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07F9B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07FC9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07FD7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07FF0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07E0E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x07E1C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07E37000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x07DA0000 \SystemRoot\system32\drivers\luafv.sys
0x07DC3000 \SystemRoot\system32\drivers\WudfPf.sys
0x07E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E6C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02EBF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02ED2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02EEA000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02EF4000 \SystemRoot\system32\drivers\HTTP.sys
0x02FBC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02FDA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C89000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03CD7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03CFA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x03CFF000 \SystemRoot\system32\drivers\peauth.sys
0x03DA5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03DB0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03DDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03DEF000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x03C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x078CC000 \SystemRoot\System32\DRIVERS\srv.sys
0x07962000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07993000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x77490000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFF7B0000 \Windows\System32\apisetschema.dll
0xFFB60000 \Windows\System32\autochk.exe

Processes (total 63):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
392 csrss.exe
456 C:\Windows\System32\wininit.exe
472 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
480 csrss.exe
488 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
552 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\winlogon.exe
664 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
836 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1584 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1700 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1816 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1924 C:\Windows\System32\svchost.exe
1952 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2032 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1264 C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
1884 C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
1172 C:\Windows\System32\svchost.exe
2180 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2228 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2620 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2680 unsecapp.exe
2792 WmiPrvSE.exe
3020 C:\Windows\System32\taskhost.exe
2292 C:\Windows\System32\dwm.exe
2324 C:\Windows\explorer.exe
3504 C:\Windows\System32\svchost.exe
3556 C:\Program Files\Java\jre6\bin\jusched.exe
3584 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3600 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
3748 WUDFHost.exe
3768 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3784 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3952 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3968 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
4000 C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
3900 C:\Windows\System32\SearchIndexer.exe
3936 C:\Program Files\Windows Media Player\wmpnetwk.exe
1420 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
4144 C:\Windows\System32\svchost.exe
3756 C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
4284 C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
2988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
3472 C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
3764 C:\Program Files (x86)\AVG\AVG9\avgscana.exe
4356 C:\Windows\System32\conhost.exe
4532 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
1636 C:\Program Files (x86)\AVG\AVG9\avgui.exe
4596 C:\Users\LA\Desktop\MBRCheck.exe
2732 C:\Windows\System32\conhost.exe
4652 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40J

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Tue 28 Sep 2010, 7:44 am

And now, a new log please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Tue 28 Sep 2010, 3:20 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`66b00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 081931698ABD9DABC19782A342939160804017BE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Wed 29 Sep 2010, 12:20 pm

Did you ever have any recovery discs that came along with your computer?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by MJ1 on Wed 29 Sep 2010, 12:39 pm

can belazur elp me - dont want to lose data

MJ1

Rookie Surfer
Rookie Surfer

Posts : 66
Joined : 2010-01-22
Operating System : Windows 8 64 bit

View user profile

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by DragonMaster Jay on Wed 29 Sep 2010, 12:44 pm

This has nothing to do with who can help you, without a recovery or install disc, we are very limited.

Your Master Boot Record is severely infected. We need to fully disinfect it, or else this malware will never go away.

I don't want you to reformat/reinstall. We just need to do a data-safe recovery method that fixes the Master Boot Record.

Otherwise: your system will be continuously infected.

Reboot your computer, and at the boot screen, press F8 until you get a menu showing "Safe Mode, Safe Mode with Networking, etc."

Please tell me if you see an option called "Repair Your Computer."


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Computer Infected Not Sure what it is

Post by Sponsored content Today at 7:33 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum