Announcement

Announcement Module
Collapse
No announcement yet.

Help Please, browser redirecting, minimizing pages

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help Please, browser redirecting, minimizing pages

    Hello im having problems with my browser redirecting me, to awful sites such as momanddaughtertrio.com ,satanismyfriend.com and tons of other commercial sites for autos everytime I click a link. If I even play a game I get minimized often. I get fake virus warnings from webpage saying me system will crash if I dont scan. I scanned with malware bytes, Spybot, and advanced system care. They have all came up empty and found nothing. Please help me. Im not great with computer technology and hoping someone can make this easy to explain to me or how to fix it in simple directions. much help is appreciated.

    Thanks
    serena

  • #2
    Hi serena

    Which antivirus program do you use?
    If you don't have a good one you could try ASC5 with Antivirus.
    Or you can try IObit Malware fighter.
    It would be interesting to see if IMF caches those baddies.
    It does sound bad though so you can contact our malware fighter and ask for his assitance

    Cheers
    solbjerg

    Originally posted by serenanicole View Post
    Hello im having problems with my browser redirecting me, to awful sites such as momanddaughtertrio.com ,satanismyfriend.com and tons of other commercial sites for autos everytime I click a link. If I even play a game I get minimized often. I get fake virus warnings from webpage saying me system will crash if I dont scan. I scanned with malware bytes, Spybot, and advanced system care. They have all came up empty and found nothing. Please help me. Im not great with computer technology and hoping someone can make this easy to explain to me or how to fix it in simple directions. much help is appreciated.

    Thanks
    serena
    太阳山 (solbjerg)
    Ceterum censeo Usage of IObit Products esse legendum
    (Furthermore I think that Usage of IObit Products must be read)
    Itemized subjects Table of content
    In relation to defragmentation Think about defragmentation
    Clean Install concept Clean Install
    Introduction to the Forum Forum Guidelines

    Comment


    • #3
      Hi serenanicole! Welcome to the Iobit forums.

      If you would like assistance cleaning your computer of Malware, please follow the instructions in this link. Make sure to post both of the DDS logs.

      Sincerely,
      -Mel
      Live long and prosper!


      Comment


      • #4
        Heres the attatchments so far that was asked for

        IObit Malware Fighter

        OS: Windows 7
        Version: 1.4.0.22
        Define Version: 1140
        Time Elapsed: 00:16:58
        Objects Scanned: 70603
        Threats Found: 1
        Save Time: 6/16/2012 3:13:37 PM

        |Name|Type|Description|ID|
        Misleading.PCMightyMax2010 - Delete, FOLDER, C:\Users\Serena\AppData\Roaming\licenses, 303158



        .
        DDS (Ver_2011-08-26.01) - NTFSAMD64
        Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
        Run by Serena at 15:14:46 on 2012-06-16
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2589 [GMT -4:00]
        .
        AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
        SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
        SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\wininit.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
        C:\Windows\system32\nvvsvc.exe
        C:\Windows\system32\svchost.exe -k RPCSS
        c:\Program Files\Microsoft Security Client\MsMpEng.exe
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        C:\Windows\system32\nvvsvc.exe
        C:\Windows\Explorer.EXE
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\taskhost.exe
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
        C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
        C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
        C:\Windows\system32\WUDFHost.exe
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        C:\Windows\System32\igfxtray.exe
        C:\Program Files\Microsoft Security Client\msseces.exe
        C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
        C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
        C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
        C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
        C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        C:\Windows\system32\DllHost.exe
        C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
        C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
        C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
        C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
        C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
        C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\REGSVR32.exe
        C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\conhost.exe
        C:\Windows\SysWOW64\cscript.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
        BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
        BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
        BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
        TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
        TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
        TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
        uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
        mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
        mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
        mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
        mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun: [Desktop Disc Tool] c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe
        mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
        mRun: [<NO NAME>]
        mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
        mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
        StartupFolder: C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
        mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
        mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
        IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
        DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
        TCP: Interfaces\{1186169A-204B-497D-AF65-B88344C0383B} : DhcpNameServer = 68.87.75.198 68.87.64.150
        TCP: Interfaces\{3E769C8E-CF25-4781-A135-BB270A10954D} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
        TCP: Interfaces\{42525128-34AC-4A94-95CD-53A9F2F605AB} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
        TCP: Interfaces\{F2C17581-249F-47CE-81D2-8DD4AEAB76BF} : DhcpNameServer = 68.87.75.198 68.87.64.150
        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
        BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
        BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        BHO-X64: AcroIEHelperStub - No File
        BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
        BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
        TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
        TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
        TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
        mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
        mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
        mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
        mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
        mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun-x64: [Desktop Disc Tool] c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe
        mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
        mRun-x64: [(Default)]
        mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
        mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - C:\Users\Serena\AppData\Roaming\Mozilla\Firefox\Profiles\ld2w6zyb.default\
        FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
        FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
        FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
        FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
        FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
        FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
        R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
        R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
        R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-6-8 913792]
        R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-13 792512]
        R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
        R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-6-16 821592]
        R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
        R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-9-27 240232]
        R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-6-16 21384]
        R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
        R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-6-16 33184]
        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
        R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
        R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
        R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
        R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
        R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
        R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-6-16 21872]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
        S3 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
        S3 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-16 13336]
        S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
        S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
        S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
        S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
        S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-27 2214504]
        S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
        S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
        S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
        S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-16 689472]
        S3 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
        S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
        S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-8 14544]
        S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
        .
        =============== Created Last 30 ================
        .
        2012-06-16 18:55:06 -------- d-----w- C:\Program Files (x86)\Application Updater
        2012-06-16 18:55:05 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
        2012-06-16 18:55:05 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
        2012-06-16 01:42:20 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{440547CD-0569-417D-9FD9-C67779E516EB}\mpengine.dll
        2012-06-15 00:36:09 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
        2012-06-13 20:21:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
        2012-06-13 20:21:10 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
        2012-06-13 20:21:10 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
        2012-06-13 20:20:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
        2012-06-13 20:20:51 366592 ----a-w- C:\Windows\System32\qdvd.dll
        2012-06-13 20:20:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
        2012-06-13 20:20:10 3146752 ----a-w- C:\Windows\System32\win32k.sys
        2012-06-13 20:17:51 209920 ----a-w- C:\Windows\System32\profsvc.dll
        2012-06-13 20:17:34 3216384 ----a-w- C:\Windows\System32\msi.dll
        2012-06-13 20:17:34 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
        2012-06-13 20:17:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
        2012-06-13 20:17:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
        2012-06-13 20:17:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
        2012-06-13 20:15:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
        2012-06-13 20:15:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll
        2012-06-13 20:15:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
        2012-06-13 20:15:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
        2012-06-13 20:15:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
        2012-06-13 20:15:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
        2012-06-13 20:10:59 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
        2012-06-13 05:42:29 -------- d-sh--w- C:\$RECYCLE.BIN
        2012-06-13 01:35:29 98816 ----a-w- C:\Windows\sed.exe
        2012-06-13 01:35:29 518144 ----a-w- C:\Windows\SWREG.exe
        2012-06-13 01:35:29 256000 ----a-w- C:\Windows\PEV.exe
        2012-06-13 01:35:29 208896 ----a-w- C:\Windows\MBR.exe
        2012-06-12 23:07:49 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{976ABB1C-C7C6-42B2-8D4C-D307B89F4675}\gapaengine.dll
        2012-06-10 08:20:28 -------- d--h--w- C:\ProgramData\Common Files
        2012-06-10 08:19:49 -------- d-----w- C:\ProgramData\AVG2012
        2012-06-10 08:15:33 -------- d-----w- C:\ProgramData\MFAData
        2012-06-08 21:33:48 -------- d-----w- C:\Users\Serena\AppData\Roaming\Babylon
        2012-06-08 21:15:11 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
        2012-06-08 21:15:11 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
        2012-06-08 21:15:11 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
        2012-06-08 21:15:11 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
        2012-06-08 21:15:10 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
        2012-06-08 20:50:40 -------- d-----w- C:\ProgramData\IObit
        2012-06-08 20:50:32 -------- d-----w- C:\Users\Serena\AppData\Roaming\IObit
        2012-06-08 20:50:25 -------- d-----w- C:\Program Files (x86)\IObit
        2012-05-19 09:32:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
        .
        ==================== Find3M ====================
        .
        2012-06-13 20:16:39 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
        2012-06-13 20:16:38 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2012-06-13 20:16:38 2311680 ----a-w- C:\Windows\System32\jscript9.dll
        2012-06-13 20:16:38 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
        2012-06-13 20:16:38 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
        2012-06-13 20:16:38 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
        2012-06-13 20:16:38 1392128 ----a-w- C:\Windows\System32\wininet.dll
        2012-06-13 20:16:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
        2012-06-13 20:16:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
        2012-06-13 20:16:37 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
        2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
        2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
        2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
        .
        ============= FINISH: 15:22:29.74 ===============





        .
        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT
        .
        DDS (Ver_2011-08-26.01)
        .
        Microsoft Windows 7 Home Premium
        Boot Device: \Device\HarddiskVolume2
        Install Date: 1/12/2011 1:58:57 PM
        System Uptime: 6/16/2012 2:48:27 PM (1 hours ago)
        .
        Motherboard: Dell Inc. | | 018D1Y
        Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/200mhz
        .
        ==== Disk Partitions =========================
        .
        C: is FIXED (NTFS) - 454 GiB total, 398.15 GiB free.
        D: is CDROM ()
        F: is Removable
        G: is Removable
        H: is Removable
        I: is Removable
        .
        ==== Disabled Device Manager Items =============
        .
        ==== System Restore Points ===================
        .
        RP264: 6/13/2012 4:14:17 PM - Windows Modules Installer
        RP265: 6/13/2012 4:15:09 PM - Windows Modules Installer
        RP266: 6/14/2012 8:35:38 PM - Windows Update
        RP267: 6/15/2012 9:32:16 PM - Installed HiJackThis
        RP268: 6/16/2012 3:08:18 AM - IObit Uninstaller restore point
        RP269: 6/16/2012 3:08:42 AM - Removed HiJackThis
        .
        ==== Installed Programs ======================
        .
        Adobe Flash Player 10 ActiveX
        Adobe Flash Player 11 Plugin
        Adobe Reader 9.1.2
        Adobe Shockwave Player 11.6
        Advanced SystemCare 5
        Curse Client
        D3DX10
        Dell Communications (Support Software)
        Dell DataSafe Local Backup
        Dell DataSafe Local Backup - Support Software
        Dell DataSafe Online
        Dell Dock
        EVGA Precision 1.8.1
        Game Booster 3
        HP Deskjet 3050 J610 series Help
        HP Photo Creations
        HP Update
        Intel(R) Control Center
        Intel(R) Rapid Storage Technology
        IObit Malware Fighter
        IObit Toolbar v5.9
        Java Auto Updater
        Java(TM) 6 Update 31
        Java(TM) SE Runtime Environment 6 Update 1
        Malwarebytes Anti-Malware version 1.61.0.1400
        Microsoft Office 2010
        Microsoft Office Click-to-Run 2010
        Microsoft Office Starter 2010 - English
        Microsoft Silverlight
        Microsoft SQL Server 2005 Compact Edition [ENU]
        Microsoft Visual C++ 2005 Redistributable
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
        Mozilla Firefox 11.0 (x86 en-US)
        MSVCRT
        Mumble 1.2.3
        NVIDIA PhysX
        NVIDIA Stereoscopic 3D Driver
        Realtek High Definition Audio Driver
        Roxio Burn
        Security Update for CAPICOM (KB931906)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
        Stray Souls: Dollhouse Story
        Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
        Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
        Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
        Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
        Ventrilo Client
        Windows Live Communications Platform
        Windows Live Essentials
        Windows Live Installer
        Windows Live Movie Maker
        Windows Live Photo Common
        Windows Live Photo Gallery
        Windows Live PIMT Platform
        Windows Live SOXE
        Windows Live SOXE Definitions
        Windows Live UX Platform
        Windows Live UX Platform Language Pack
        World of Warcraft
        Yahoo! Detect
        .
        ==== Event Viewer Messages From Past Week ========
        .
        6/16/2012 3:09:30 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
        6/16/2012 3:01:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
        6/16/2012 2:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
        6/16/2012 2:46:52 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
        6/16/2012 2:45:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
        6/16/2012 2:39:50 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
        6/16/2012 2:38:06 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
        6/16/2012 2:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
        6/16/2012 2:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
        6/16/2012 2:38:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
        6/16/2012 2:37:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
        6/16/2012 2:37:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
        6/16/2012 2:37:49 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
        6/16/2012 2:31:14 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
        6/16/2012 2:31:14 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
        6/15/2012 9:32:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
        6/15/2012 9:28:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
        6/15/2012 9:18:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2024.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
        6/15/2012 8:51:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2024.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
        6/15/2012 8:39:36 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
        6/14/2012 8:38:32 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
        6/14/2012 8:38:03 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
        6/13/2012 2:56:11 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{593CBC02-060B-49F0-AD90-1205CC3E0663}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:55:22 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3F2F6C3F-7F24-45B1-B056-C439F22C95F3}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:55:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{45798B59-92FC-4F9A-A46E-29E1588BD125}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:54:21 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0A3954ED-C923-4EAA-AD93-3CB7FE36B551}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:54:12 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{69422916-E214-4BBA-93FA-D23D96A30A91}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:53:20 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AC0C7051-4C3B-47F0-B9AF-E194B3B5C6D5}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:53:11 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BA41A977-7815-41F0-84B1-BC9ACCA4F1DF}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:52:14 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C654487A-CBA7-486E-9140-2C64C6C8FFF6}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:34:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
        6/13/2012 2:32:33 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6F41F1CF-CB05-4FAD-A948-EAB210990B99}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:31:44 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6076EB14-A09C-448F-A01F-11AF331C620B}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:31:36 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{95C0F0CE-3EF5-4F11-9A3B-BCF4AD5BB8B4}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:30:45 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8CC55425-E0CF-4D1B-9C06-E75319AFD600}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:30:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0BE4D344-A37C-407A-847A-BFE1D2AB1C04}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:29:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6BC40843-0AA1-4290-B728-C3B6E7141A94}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:29:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{47A73EBB-C6E8-4ED5-AC78-4B805151AA3E}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 2:28:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{58677B83-2965-443F-89FB-606789D4C1F6}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:27:21 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5CC19FDB-216E-45A8-BE48-A19DB6D0783A}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:26:30 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D90879AE-6639-48B4-B666-B05908E81791}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:26:21 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F21CEC3C-2F7A-4CC4-B44C-AAC58FFB9ACF}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:25:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{49BFC970-0699-47CD-8288-5C8C38C84BBB}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:25:29 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{30680853-CD4D-4EFE-B8B8-555E89819E94}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:24:40 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2B4E191D-38F9-485F-98C9-85335C34170B}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:24:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{ECBFDDEB-6A0F-4C15-81AD-832F02C6F041}' was corrupted and it has been recovered. Some data might have been lost.
        6/13/2012 12:23:42 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F7818EE4-5F26-425C-ADC3-082E07360FB1}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 11:20:28 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9C5E0B18-0BB8-48D0-82A1-2344F482D912}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 11:17:09 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3040B205-F5A9-4941-872A-393986048F14}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 11:16:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A8A311FC-55B9-4996-B238-2D749C5863E9}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 11:13:56 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2B3CFB76-29AB-41BC-920B-DF5035705786}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 11:11:02 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{18FDD176-0C42-47F1-9A8E-24A0841E9A6B}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 11:07:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F121E1AE-B077-4AF8-AC9C-79C8A189F6B8}' was corrupted and it has been recovered. Some data might have been lost.
        6/12/2012 10:16:50 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
        6/12/2012 10:15:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
        6/11/2012 7:21:28 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
        6/11/2012 2:28:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0104: nVidia - Display, Other hardware - NVIDIA GeForce GT 220.
        6/11/2012 2:22:10 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1562.0;1.127.1562.0 Engine version: 1.1.8403.0
        .
        ==== End Of File ===========================

        Comment


        • #5
          Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

          1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
          2. The fixes are specific to your problem and should only be used for this issue on this machine.
          3. If you don't know or understand something, please don't hesitate to ask.
          4. Please DO NOT run any other tools or scans while I am helping you.
          5. It is important that you reply to this thread. Do not start a new topic.
          6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
          7. Absence of symptoms does not mean that everything is clear.

          If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
          *************************************************************
          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
          ***********************************************************
          This is for Vista but it's almost the same for Windows 7

          Open the Start Menu.

          2. Click on the Computer button.

          3. Right click on your hard drive and click on Properties.

          4. Click on the Tools tab.

          5. Click on Check Now under the Error checking section. (See circled in red below)



          . Click on Continue in the UAC prompt.

          7. Make sure both options are checked. (See screenshot below)
          NOTE: The Automatically fix file system errors box will be checked by default.

          8. Click on the Start button.



          9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

          10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



          11. Restart your computer.

          Comment


          • #6
            Download Combofix from any of the links below, and save it to your DESKTOP.

            Link 1
            Link 2
            Link 3

            To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
            • Close any open windows and double click ComboFix.exe to run it.

              You will see the following image:


            Click I Agree to start the program.

            ComboFix will then extract the necessary files and you will see this:



            As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

            It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

            If you did not have it installed, you will see the prompt below. Choose YES.



            Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

            **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

            Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



            Click on Yes, to continue scanning for malware.

            When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

            Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

            Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

            Comment


            • #7
              Next logs posted

              Results of screen317's Security Check version 0.99.41
              Windows 7 Service Pack 1 x64 (UAC is enabled)
              Internet Explorer 9
              ``````````````Antivirus/Firewall Check:``````````````
              Windows Firewall Enabled!
              Microsoft Security Essentials
              Antivirus up to date!
              `````````Anti-malware/Other Utilities Check:`````````
              Malwarebytes Anti-Malware version 1.61.0.1400
              Java(TM) 6 Update 31
              Java(TM) SE Runtime Environment 6 Update 1
              Java version out of date!
              Adobe Flash Player 10 Flash Player out of date!
              Adobe Reader 9 Adobe Reader out of date!
              Mozilla Firefox 11.0 Firefox out of Date!
              ````````Process Check: objlist.exe by Laurent````````
              Microsoft Security Essentials MSMpEng.exe
              Microsoft Security Essentials msseces.exe
              IObit IObit Malware Fighter IMFsrv.exe
              `````````````````System Health check`````````````````
              Total Fragmentation on Drive C: 2%
              ````````````````````End of Log``````````````````````



              ComboFix 12-06-16.01 - Serena 06/16/2012 20:10:38.2.2 - x64
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2563 [GMT -4:00]
              Running from: c:\users\Serena\Downloads\ComboFix.exe
              AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
              SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
              SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
              SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              .
              ((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
              .
              .
              2012-06-17 00:42 . 2012-06-17 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
              2012-06-17 00:42 . 2012-06-17 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
              2012-06-16 18:55 . 2012-06-16 18:55 -------- d-----w- c:\program files (x86)\Application Updater
              2012-06-16 18:55 . 2012-06-16 18:55 -------- d-----w- c:\program files (x86)\IObit Toolbar
              2012-06-16 18:55 . 2012-06-16 18:55 -------- d-----w- c:\program files (x86)\Common Files\Spigot
              2012-06-16 01:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{440547CD-0569-417D-9FD9-C67779E516EB}\mpengine.dll
              2012-06-15 00:36 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
              2012-06-13 20:21 . 2012-06-13 20:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
              2012-06-13 20:21 . 2012-06-13 20:21 77312 ----a-w- c:\windows\system32\rdpwsx.dll
              2012-06-13 20:21 . 2012-06-13 20:21 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
              2012-06-13 20:20 . 2012-06-13 20:20 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
              2012-06-13 20:20 . 2012-06-13 20:20 366592 ----a-w- c:\windows\system32\qdvd.dll
              2012-06-13 20:20 . 2012-06-13 20:20 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
              2012-06-13 20:20 . 2012-06-13 20:20 3146752 ----a-w- c:\windows\system32\win32k.sys
              2012-06-13 20:17 . 2012-06-13 20:17 209920 ----a-w- c:\windows\system32\profsvc.dll
              2012-06-13 20:17 . 2012-06-13 20:17 3216384 ----a-w- c:\windows\system32\msi.dll
              2012-06-13 20:17 . 2012-06-13 20:17 2342400 ----a-w- c:\windows\SysWow64\msi.dll
              2012-06-13 20:17 . 2012-06-13 20:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
              2012-06-13 20:17 . 2012-06-13 20:17 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
              2012-06-13 20:17 . 2012-06-13 20:17 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
              2012-06-13 20:15 . 2012-06-13 20:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
              2012-06-13 20:15 . 2012-06-13 20:15 1462272 ----a-w- c:\windows\system32\crypt32.dll
              2012-06-13 20:15 . 2012-06-13 20:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
              2012-06-13 20:15 . 2012-06-13 20:15 140288 ----a-w- c:\windows\system32\cryptnet.dll
              2012-06-13 20:15 . 2012-06-13 20:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
              2012-06-13 20:15 . 2012-06-13 20:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
              2012-06-13 20:10 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
              2012-06-12 23:07 . 2012-02-11 05:48 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{976ABB1C-C7C6-42B2-8D4C-D307B89F4675}\gapaengine.dll
              2012-06-10 08:20 . 2012-06-10 08:20 -------- d--h--w- c:\programdata\Common Files
              2012-06-10 08:19 . 2012-06-10 08:45 -------- d-----w- c:\programdata\AVG2012
              2012-06-10 08:15 . 2012-06-10 08:39 -------- d-----w- c:\programdata\MFAData
              2012-06-08 21:33 . 2012-06-08 21:33 -------- d-----w- c:\users\Serena\AppData\Roaming\Babylon
              2012-06-08 21:15 . 2011-11-08 14:18 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
              2012-06-08 21:15 . 2011-11-08 14:18 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
              2012-06-08 21:15 . 2011-11-08 14:18 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
              2012-06-08 21:15 . 2011-11-08 14:18 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
              2012-06-08 21:15 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
              2012-06-08 20:50 . 2012-06-08 21:15 -------- d-----w- c:\programdata\IObit
              2012-06-08 20:50 . 2012-06-16 18:54 -------- d-----w- c:\users\Serena\AppData\Roaming\IObit
              2012-06-08 20:50 . 2012-06-16 18:54 -------- d-----w- c:\program files (x86)\IObit
              2012-05-19 09:32 . 2012-06-16 07:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
              .
              .
              .
              (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2012-03-30 11:35 . 2012-05-14 03:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
              2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
              2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
              .
              .
              ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
              "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
              "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
              "DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
              "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
              "Desktop Disc Tool"="c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe" [2009-12-16 498160]
              "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
              "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
              "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
              .
              c:\users\Serena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              CurseClientStartup.ccip [2011-5-27 0]
              .
              c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
              "aux3"=wdmaud.drv
              .
              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
              @="Service"
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
              @="Service"
              .
              R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
              R3 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
              R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
              R3 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
              R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
              R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
              R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
              R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
              R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
              R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
              R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
              R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
              R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
              R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
              R3 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
              R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
              R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
              R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
              R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [x]
              R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
              S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
              S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
              S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
              S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]
              S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
              S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
              S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
              S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
              S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
              S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
              S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
              S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
              S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
              S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
              S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
              .
              .
              Contents of the 'Scheduled Tasks' folder
              .
              2012-06-16 c:\windows\Tasks\hpwebreg_CN1593C09M05HX.job
              - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-17 04:29]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
              "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
              .
              ------- Supplementary Scan -------
              .
              uLocal Page = c:\windows\system32\blank.htm
              mLocal Page = c:\windows\SysWOW64\blank.htm
              IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
              TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
              FF - ProfilePath - c:\users\Serena\AppData\Roaming\Mozilla\Firefox\Profiles\f73mdqrs.default\
              FF - prefs.js: browser.search.selectedEngine - Yahoo
              FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=
              .
              - - - - ORPHANS REMOVED - - - -
              .
              Toolbar-Locked - (no file)
              WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
              .
              .
              .
              --------------------- LOCKED REGISTRY KEYS ---------------------
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.10"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker4"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
              .
              **************************************************************************
              .
              Completion time: 2012-06-16 22:29:27 - machine was rebooted
              ComboFix-quarantined-files.txt 2012-06-17 02:29
              ComboFix2.txt 2012-06-13 02:38
              .
              Pre-Run: 427,465,379,840 bytes free
              Post-Run: 426,899,505,152 bytes free
              .
              - - End Of File - - 3ED8338AF307C91D4642E0F73DCACE3C

              Comment


              • #8
                Update Your Java (JRE)

                Old versions of Java have vulnerabilities that malware can use to infect your system.


                First Verify your Java Version

                If there are any other version(s) installed then update now.

                Get the new version (if needed)

                If your version is out of date install the newest version of the Sun Java Runtime Environment.

                Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

                Be sure to close ALL open web browsers before starting the installation.

                Remove any old versions

                1. Download JavaRa and unzip the file to your Desktop.
                2. Open JavaRA.exe and choose Remove Older Versions
                3. Once complete exit JavaRA.

                Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
                ********************************************
                Update your Adobe Reader. get.adobe.com/reader.

                Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

                ****************************************************
                Please download aswMBR.exe ( 511KB ) to your desktop.

                Double click the aswMBR.exe to run it



                Click the "Scan" button to start scan

                Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



                On completion of the scan click save log, save it to your desktop and post in your next reply
                *****************************************************
                Please download Rooter and Save it to your desktop.
                • Double click it to start the tool.Vista and Windows7 run as administrator.
                • Click Scan.
                • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

                Comment


                • #9
                  reply

                  Ive tried to run aswMBR.exe but it will not open up at all just double click and nothing tried to run as adminastrator also tried to open directly will not nothing will come up have been running rooter like you directed its been nearly two hours has it messed up or does it take that long?

                  Comment


                  • #10
                    Let's try something else.

                    Save these instructions so you can have access to them while in Safe Mode.

                    Please click here to download AVP Tool by Kaspersky.
                    • Save it to your desktop.
                    • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
                    • Double click the setup file to run it.
                    • Click Next to continue.
                    • Accept the License agreement and click on next.
                    • It will, by default, install it to your desktop folder. Click Next.
                    • It will then open a box There will be a tab that says Automatic scan.
                    • Under Automatic scan make sure these are checked.
                    • Hidden Startup Objects
                    • System Memory
                    • Disk Boot Sectors.
                    • My Computer.
                    • Also any other drives (Removable that you may have)
                    Leave the rest of the settings as they appear as default.
                    •Then click on Scan at the to right hand Corner.
                    •It will automatically Neutralize any objects found.
                    •If some objects are left un-neutralized then click the button that says Neutralize all
                    •If it says it cannot be neutralized then choose the delete option when prompted.
                    •After that is done click on the reports button at the bottom and save it to file name it Kas.
                    •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

                    Note: This tool will self uninstall when you close it so please save the log before closing it.

                    Comment


                    • #11
                      reply

                      It detected nothing it will not let me open it to copy and paste keeps not responding. will not even let me attach the log to this message.

                      Comment


                      • #12
                        reply

                        my computer is still redirecting even though its picking nothing up with the suggestions and when i play games it is still minimizing me and giving me messages like would you like to leave or stay on this page from internet explorer, are you shure? when i had nothing open which is a new one. with shure being spelled wrong. and message from webpage with a caution sign that says thanks. not sure what else to do.

                        Comment


                        • #13
                          SUPERAntiSpyware

                          If you already have SUPERAntiSpyware be sure to check for updates before scanning!

                          Download SuperAntispyware Free Edition (SAS)
                          * Double-click the icon on your desktop to run the installer.
                          * When asked to Update the program definitions, click Yes
                          * If you encounter any problems while downloading the updates, manually download and unzip them from here
                          * Next click the Preferences button.

                          •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
                          * Click the Scanning Control tab.
                          * Under Scanner Options make sure only the following are checked:

                          •Close browsers before scanning
                          •Scan for tracking cookies
                          •Terminate memory threats before quarantining
                          Please leave the others unchecked

                          •Click the Close button to leave the control center screen.

                          * On the main screen click Scan your computer
                          * On the left check the box for the drive you are scanning.
                          * On the right choose Perform Complete Scan
                          * Click Next to start the scan. Please be patient while it scans your computer.
                          * After the scan is complete a summary box will appear. Click OK
                          * Make sure everything in the white box has a check next to it, then click Next
                          * It will quarantine what it found and if it asks if you want to reboot, click Yes

                          •To retrieve the removal information please do the following:
                          •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
                          •Click Preferences. Click the Statistics/Logs tab.

                          •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

                          •It will open in your default text editor (preferably Notepad).
                          •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

                          * Save the log somewhere you can easily find it. (normally the desktop)
                          * Click close and close again to exit the program.
                          *Copy and Paste the log in your post.
                          *************************************************


                          Please download Malwarebytes Anti-Malware from here.
                          Double Click mbam-setup.exe to install the application.
                          • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
                          • If an update is found, it will download and install the latest version.
                          • Once the program has loaded, select "Perform Full Scan", then click Scan.
                          • The scan may take some time to finish,so please be patient.
                          • When the scan is complete, click OK, then Show Results to view the results.
                          • Make sure that everything is checked, and click Remove Selected.
                          • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
                          • Please save the log to a location you will remember.
                          • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
                          • Copy and paste the entire report in your next reply.
                          Extra Note:

                          If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
                          ************************************************
                          Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

                          Link 1
                          Link 2
                          Link 3

                          •Double-click on MBRCheck.exe to run it.

                          •It will open a black window...please do not fix anything (if it gives you an option).

                          •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

                          •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
                          •Please copy and paste the contents of that log in your next reply.

                          Comment


                          • #14
                            logs

                            SUPERAntiSpyware Scan Log
                            http://www.superantispyware.com

                            Generated 06/19/2012 at 06:27 AM

                            Application Version : 5.1.1002

                            Core Rules Database Version : 8759
                            Trace Rules Database Version: 6571

                            Scan type : Complete Scan
                            Total Scan Time : 00:21:24

                            Operating System Information
                            Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
                            UAC On - Limited User

                            Memory items scanned : 547
                            Memory threats detected : 0
                            Registry items scanned : 65911
                            Registry threats detected : 0
                            File items scanned : 41422
                            File threats detected : 120

                            Adware.Tracking Cookie
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\serena@doubleclick[1].txt [ /doubleclick ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\serena@doubleclick[2].txt [ /doubleclick ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\0EUZP8TF.txt [ /media.adfrontiers.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\GXVLA4BC.txt [ /tag.2bluemedia.hiro.tv ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\DMKCTNML.txt [ /ads.us.e-planning.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\TQLOVHFY.txt [ /clicks.freesearchbuddy.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\EVAZS97H.txt [ /network.realmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\6YA250ZA.txt [ /findology.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\8TWJTD6D.txt [ /ads.driverdigital.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\Y0KN545W.txt [ /clicksor.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\2PA1QPMM.txt [ /click.primosearch.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\YYGD9LZ5.txt [ /myroitracking.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\VAS9X1SZ.txt [ /openx.overadmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\JK3SPL94.txt [ /steelhousemedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\B0EWMPDY.txt [ /doufind.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\ROYFG2WG.txt [ /ghmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\6JTR0VFJ.txt [ /miva.cinomedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\WC6XJ82H.txt [ /legolas-media.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\M5KFLM91.txt [ /invitemedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\Q86UM625.txt [ /yieldmanager.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\40HY74MX.txt [ /lucidmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\VK23S4P4.txt [ /adup.rotator.hadj7.adjuggler.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\2L3XQ0W9.txt [ /advertising.ezanga.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\7OU89242.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\C0CXN525.txt [ /ox-d.fondnessmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\X5ZKI4C1.txt [ /ads.pubmatic.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\C5VPGZ95.txt [ /ad.allvoices.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\S5AJYW5M.txt [ /adxpose.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\XQ0FI6RU.txt [ /ad.yieldmanager.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\F5UMWF24.txt [ /click.expandsearchanswers.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\86DQT11W.txt [ /ads.undertone.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\4VPJMY4U.txt [ /ads.saymedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\8PA93WDI.txt [ /ads.gamersmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\DBL3DE01.txt [ /interclick.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\J36HLXNV.txt [ /s4.trafficno.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\3LA528O5.txt [ /ads.adk2.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\RJ8PBWL3.txt [ /adserving.ezanga.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\0RSLP6J5.txt [ /ox-d.mediaforge.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\M4Y7DLGQ.txt [ /intermundomedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\KTSG1HH9.txt [ /xml.trafficengine.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\1P55E1H3.txt [ /adfarm1.adition.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\NF2DIE7B.txt [ /ads.footar.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\NL32XJ51.txt [ /mediaservices-d.openxenterprise.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\Y11EMVX9.txt [ /ads.financialcontent.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\P44AE0PO.txt [ /media6degrees.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\5F10JE6U.txt [ /adjuggler.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\KJ4XHHXS.txt [ /adserver.adtechus.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\8FPNPHA0.txt [ /clicks.gossipcenter.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\SIWM0DTC.txt [ /ad2.adfarm1.adition.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\2M78H3IS.txt [ /collective-media.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\4L5246YS.txt [ /redirect.adservesystem.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\CEZ0CSAF.txt [ /thirdage.112.2o7.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\XS3ET8HH.txt [ /mtvn.112.2o7.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\UWNL6WPU.txt [ /a1.interclick.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\SX8GP041.txt [ /nextag.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\PVOPTM8I.txt [ /openofind.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\VTUUTOSF.txt [ /adinterax.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\S36G39PG.txt [ /adnetwork.net ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\WC6QD8IJ.txt [ /realmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\V0ZNT3UO.txt [ /lokyfind.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\0P3RAUSN.txt [ /tracking893.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\C2T163I3.txt [ /goclicker.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\S6R9LT9T.txt [ /gamersmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\RTKF8EC7.txt [ /findstops.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\NRP1LGFD.txt [ /incsfind.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\DY0AARKA.txt [ /gamersmedia.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\SIURVIDV.txt [ /insideentrepreneurs.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\O55WJT47.txt [ /cleangreenfind.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\6YT9MT1E.txt [ /traveladvertising.com ]
                            C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\3T66DMY1.txt [ /multimediadir.com ]
                            C:\USERS\SERENA\AppData\Roaming\Microsoft\Windows\Cookies\ES378ZPG.txt [ Cookie:serena@greatestsearchengines.com/click/ ]
                            C:\USERS\SERENA\AppData\Roaming\Microsoft\Windows\Cookies\E1482KT9.txt [ Cookie:serena@adsonar.com/adserving ]
                            C:\USERS\SERENA\Cookies\0EUZP8TF.txt [ Cookie:serena@media.adfrontiers.com/ ]
                            C:\USERS\SERENA\Cookies\GXVLA4BC.txt [ Cookie:serena@tag.2bluemedia.hiro.tv/ ]
                            C:\USERS\SERENA\Cookies\TQLOVHFY.txt [ Cookie:serena@clicks.freesearchbuddy.com/ ]
                            C:\USERS\SERENA\Cookies\EVAZS97H.txt [ Cookie:serena@network.realmedia.com/ ]
                            C:\USERS\SERENA\Cookies\6YA250ZA.txt [ Cookie:serena@findology.com/ ]
                            C:\USERS\SERENA\Cookies\Y0KN545W.txt [ Cookie:serena@clicksor.com/ ]
                            C:\USERS\SERENA\Cookies\2PA1QPMM.txt [ Cookie:serena@click.primosearch.com/ads-clicktrack/click/ ]
                            C:\USERS\SERENA\Cookies\YYGD9LZ5.txt [ Cookie:serena@myroitracking.com/ ]
                            C:\USERS\SERENA\Cookies\VAS9X1SZ.txt [ Cookie:serena@openx.overadmedia.com/ ]
                            C:\USERS\SERENA\Cookies\ES378ZPG.txt [ Cookie:serena@greatestsearchengines.com/click/ ]
                            C:\USERS\SERENA\Cookies\6JTR0VFJ.txt [ Cookie:serena@miva.cinomedia.com/ ]
                            C:\USERS\SERENA\Cookies\WC6XJ82H.txt [ Cookie:serena@legolas-media.com/ ]
                            C:\USERS\SERENA\Cookies\Q86UM625.txt [ Cookie:serena@yieldmanager.net/ ]
                            C:\USERS\SERENA\Cookies\40HY74MX.txt [ Cookie:serena@lucidmedia.com/ ]
                            C:\USERS\SERENA\Cookies\VK23S4P4.txt [ Cookie:serena@adup.rotator.hadj7.adjuggler.net/ ]
                            C:\USERS\SERENA\Cookies\2L3XQ0W9.txt [ Cookie:serena@advertising.ezanga.com/ ]
                            C:\USERS\SERENA\Cookies\7OU89242.txt [ Cookie:serena@vidasco.rotator.hadj7.adjuggler.net/ ]
                            C:\USERS\SERENA\Cookies\C0CXN525.txt [ Cookie:serena@ox-d.fondnessmedia.com/ ]
                            C:\USERS\SERENA\Cookies\E1482KT9.txt [ Cookie:serena@adsonar.com/adserving ]
                            C:\USERS\SERENA\Cookies\S5AJYW5M.txt [ Cookie:serena@adxpose.com/ ]
                            C:\USERS\SERENA\Cookies\8PA93WDI.txt [ Cookie:serena@ads.gamersmedia.com/ ]
                            C:\USERS\SERENA\Cookies\DBL3DE01.txt [ Cookie:serena@interclick.com/ ]
                            C:\USERS\SERENA\Cookies\J36HLXNV.txt [ Cookie:serena@s4.trafficno.com/ ]
                            C:\USERS\SERENA\Cookies\0RSLP6J5.txt [ Cookie:serena@ox-d.mediaforge.com/ ]
                            C:\USERS\SERENA\Cookies\KTSG1HH9.txt [ Cookie:serena@xml.trafficengine.net/ ]
                            C:\USERS\SERENA\Cookies\NL32XJ51.txt [ Cookie:serena@mediaservices-d.openxenterprise.com/ ]
                            C:\USERS\SERENA\Cookies\1P55E1H3.txt [ Cookie:serena@adfarm1.adition.com/ ]
                            C:\USERS\SERENA\Cookies\P44AE0PO.txt [ Cookie:serena@media6degrees.com/ ]
                            C:\USERS\SERENA\Cookies\KJ4XHHXS.txt [ Cookie:serena@adserver.adtechus.com/ ]
                            C:\USERS\SERENA\Cookies\8FPNPHA0.txt [ Cookie:serena@clicks.gossipcenter.com/ ]
                            C:\USERS\SERENA\Cookies\2M78H3IS.txt [ Cookie:serena@collective-media.net/ ]
                            C:\USERS\SERENA\Cookies\4L5246YS.txt [ Cookie:serena@redirect.adservesystem.com/ ]
                            C:\USERS\SERENA\Cookies\CEZ0CSAF.txt [ Cookie:serena@thirdage.112.2o7.net/ ]
                            C:\USERS\SERENA\Cookies\XS3ET8HH.txt [ Cookie:serena@mtvn.112.2o7.net/ ]
                            C:\USERS\SERENA\Cookies\UWNL6WPU.txt [ Cookie:serena@a1.interclick.com/ ]
                            C:\USERS\SERENA\Cookies\SX8GP041.txt [ Cookie:serena@nextag.com/ ]
                            C:\USERS\SERENA\Cookies\PVOPTM8I.txt [ Cookie:serena@openofind.com/ ]
                            C:\USERS\SERENA\Cookies\VTUUTOSF.txt [ Cookie:serena@adinterax.com/ ]
                            C:\USERS\SERENA\Cookies\WC6QD8IJ.txt [ Cookie:serena@realmedia.com/ ]
                            C:\USERS\SERENA\Cookies\V0ZNT3UO.txt [ Cookie:serena@lokyfind.com/ ]
                            C:\USERS\SERENA\Cookies\0P3RAUSN.txt [ Cookie:serena@tracking893.com/ ]
                            C:\USERS\SERENA\Cookies\C2T163I3.txt [ Cookie:serena@goclicker.com/ ]
                            C:\USERS\SERENA\Cookies\S6R9LT9T.txt [ Cookie:serena@gamersmedia.com/servlet/ajrotator/track/pt1231328 ]
                            C:\USERS\SERENA\Cookies\RTKF8EC7.txt [ Cookie:serena@findstops.com/ ]
                            C:\USERS\SERENA\Cookies\NRP1LGFD.txt [ Cookie:serena@incsfind.com/ ]
                            C:\USERS\SERENA\Cookies\DY0AARKA.txt [ Cookie:serena@gamersmedia.com/servlet/ajrotator/track/pt1220272 ]
                            C:\USERS\SERENA\Cookies\O55WJT47.txt [ Cookie:serena@cleangreenfind.com/click/ ]
                            C:\USERS\SERENA\Cookies\3T66DMY1.txt [ Cookie:serena@multimediadir.com/ ]







                            Malwarebytes Anti-Malware 1.61.0.1400
                            www.malwarebytes.org

                            Database version: v2012.06.16.01

                            Windows 7 Service Pack 1 x64 NTFS
                            Internet Explorer 9.0.8112.16421
                            Serena :: SERENA-PC [administrator]

                            6/19/2012 6:38:35 AM
                            mbam-log-2012-06-19 (06-38-35).txt

                            Scan type: Full scan
                            Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
                            Scan options disabled: P2P
                            Objects scanned: 323874
                            Time elapsed: 19 minute(s), 25 second(s)

                            Memory Processes Detected: 0
                            (No malicious items detected)

                            Memory Modules Detected: 0
                            (No malicious items detected)

                            Registry Keys Detected: 0
                            (No malicious items detected)

                            Registry Values Detected: 0
                            (No malicious items detected)

                            Registry Data Items Detected: 0
                            (No malicious items detected)

                            Folders Detected: 0
                            (No malicious items detected)

                            Files Detected: 0
                            (No malicious items detected)

                            (end)



                            MBRCheck, version 1.2.3
                            (c) 2010, AD

                            Command-line:
                            Windows Version: Windows 7 Home Premium Edition
                            Windows Information: Service Pack 1 (build 7601), 64-bit
                            Base Board Manufacturer: Dell Inc.
                            BIOS Manufacturer: Dell Inc.
                            System Manufacturer: Dell Inc.
                            System Product Name: Inspiron 560
                            Logical Drives Mask: 0x000101ec

                            Kernel Drivers (total 186):
                            0x03213000 \SystemRoot\system32\ntoskrnl.exe
                            0x037FB000 \SystemRoot\system32\hal.dll
                            0x00BB5000 \SystemRoot\system32\kdcom.dll
                            0x00CEE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
                            0x00D3D000 \SystemRoot\system32\PSHED.dll
                            0x00D51000 \SystemRoot\system32\CLFS.SYS
                            0x00C00000 \SystemRoot\system32\CI.dll
                            0x00EFD000 \SystemRoot\system32\drivers\Wdf01000.sys
                            0x00FA1000 \SystemRoot\system32\drivers\WDFLDR.SYS
                            0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
                            0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
                            0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
                            0x00E6A000 \SystemRoot\system32\drivers\pci.sys
                            0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
                            0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
                            0x00EBF000 \SystemRoot\system32\drivers\volmgr.sys
                            0x01055000 \SystemRoot\System32\drivers\volmgrx.sys
                            0x010B1000 \SystemRoot\System32\drivers\mountmgr.sys
                            0x010CB000 \SystemRoot\system32\DRIVERS\iaStor.sys
                            0x011E7000 \SystemRoot\system32\drivers\amdxata.sys
                            0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
                            0x00ED4000 \SystemRoot\system32\drivers\fileinfo.sys
                            0x00FB0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
                            0x011F2000 \SystemRoot\System32\Drivers\PxHlpa64.sys
                            0x0122D000 \SystemRoot\System32\Drivers\Ntfs.sys
                            0x0148C000 \SystemRoot\System32\Drivers\msrpc.sys
                            0x014EA000 \SystemRoot\System32\Drivers\ksecdd.sys
                            0x01505000 \SystemRoot\System32\Drivers\cng.sys
                            0x01577000 \SystemRoot\System32\drivers\pcw.sys
                            0x01588000 \SystemRoot\System32\Drivers\Fs_Rec.sys
                            0x0164F000 \SystemRoot\system32\drivers\ndis.sys
                            0x01742000 \SystemRoot\system32\drivers\NETIO.SYS
                            0x017A2000 \SystemRoot\System32\Drivers\ksecpkg.sys
                            0x01883000 \SystemRoot\System32\drivers\tcpip.sys
                            0x01A86000 \SystemRoot\System32\drivers\fwpkclnt.sys
                            0x01AD0000 \SystemRoot\system32\drivers\volsnap.sys
                            0x01B1C000 \SystemRoot\System32\Drivers\spldr.sys
                            0x01B24000 \SystemRoot\System32\drivers\rdyboost.sys
                            0x01B5E000 \SystemRoot\System32\Drivers\mup.sys
                            0x01B70000 \SystemRoot\System32\drivers\hwpolicy.sys
                            0x01B79000 \SystemRoot\System32\DRIVERS\fvevol.sys
                            0x01BB3000 \SystemRoot\system32\DRIVERS\disk.sys
                            0x01BC9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
                            0x03D8C000 \SystemRoot\system32\drivers\cdrom.sys
                            0x03DB6000 \SystemRoot\System32\Drivers\Null.SYS
                            0x03DBF000 \SystemRoot\System32\Drivers\Beep.SYS
                            0x03DC6000 \SystemRoot\System32\drivers\vga.sys
                            0x03DD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
                            0x03C00000 \SystemRoot\System32\drivers\watchdog.sys
                            0x03C10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
                            0x03C19000 \SystemRoot\system32\drivers\rdpencdd.sys
                            0x03C22000 \SystemRoot\system32\drivers\rdprefmp.sys
                            0x03C2B000 \SystemRoot\System32\Drivers\Msfs.SYS
                            0x03C36000 \SystemRoot\System32\Drivers\Npfs.SYS
                            0x0180E000 \SystemRoot\System32\DRIVERS\netbt.sys
                            0x03C47000 \SystemRoot\System32\DRIVERS\TDI.SYS
                            0x01400000 \SystemRoot\system32\drivers\afd.sys
                            0x01853000 \SystemRoot\system32\DRIVERS\tdx.sys
                            0x01875000 \SystemRoot\system32\drivers\ws2ifsl.sys
                            0x03C54000 \SystemRoot\system32\DRIVERS\wfplwf.sys
                            0x017CD000 \SystemRoot\system32\DRIVERS\pacer.sys
                            0x01600000 \SystemRoot\system32\DRIVERS\vwififlt.sys
                            0x01616000 \SystemRoot\system32\DRIVERS\netbios.sys
                            0x01625000 \SystemRoot\system32\DRIVERS\wanarp.sys
                            0x01592000 \SystemRoot\system32\drivers\termdd.sys
                            0x01640000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
                            0x017F3000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
                            0x015A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
                            0x013D0000 \SystemRoot\system32\drivers\nsiproxy.sys
                            0x013DC000 \SystemRoot\system32\drivers\mssmbios.sys
                            0x013E7000 \SystemRoot\System32\drivers\discache.sys
                            0x01200000 \SystemRoot\System32\Drivers\dfsc.sys
                            0x00FE5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
                            0x00CC0000 \SystemRoot\system32\DRIVERS\tunnel.sys
                            0x00DAF000 \SystemRoot\system32\DRIVERS\intelppm.sys
                            0x0F2DB000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
                            0x0FFF9000 \SystemRoot\System32\Drivers\nvBridge.kmd
                            0x03EB4000 \SystemRoot\System32\drivers\dxgkrnl.sys
                            0x03FA8000 \SystemRoot\System32\drivers\dxgmms1.sys
                            0x03E00000 \SystemRoot\system32\drivers\HDAudBus.sys
                            0x03E24000 \SystemRoot\system32\DRIVERS\usbuhci.sys
                            0x03E31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
                            0x03E87000 \SystemRoot\system32\DRIVERS\usbehci.sys
                            0x0F200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
                            0x03E98000 \SystemRoot\system32\drivers\CompositeBus.sys
                            0x0F285000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
                            0x0F29B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
                            0x03EA8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
                            0x00DC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
                            0x0F2BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
                            0x04283000 \SystemRoot\system32\DRIVERS\raspptp.sys
                            0x042A4000 \SystemRoot\system32\DRIVERS\rassstp.sys
                            0x042BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
                            0x042CD000 \SystemRoot\system32\DRIVERS\mouclass.sys
                            0x042DC000 \SystemRoot\system32\DRIVERS\serscan.sys
                            0x042E4000 \SystemRoot\system32\drivers\ksthunk.sys
                            0x042EA000 \SystemRoot\system32\drivers\ks.sys
                            0x0432D000 \SystemRoot\system32\drivers\swenum.sys
                            0x0432F000 \SystemRoot\system32\drivers\umbus.sys
                            0x04341000 \SystemRoot\system32\DRIVERS\usbhub.sys
                            0x0439B000 \SystemRoot\System32\Drivers\NDProxy.SYS
                            0x043B0000 \SystemRoot\system32\drivers\nvhda64v.sys
                            0x04200000 \SystemRoot\system32\drivers\portcls.sys
                            0x0423D000 \SystemRoot\system32\drivers\drmk.sys
                            0x05210000 \SystemRoot\system32\drivers\RTKVHD64.sys
                            0x000A0000 \SystemRoot\System32\win32k.sys
                            0x05200000 \SystemRoot\System32\drivers\Dxapi.sys
                            0x0425F000 \SystemRoot\System32\Drivers\crashdmp.sys
                            0x03C5D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
                            0x0426D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
                            0x043C8000 \SystemRoot\system32\DRIVERS\hidusb.sys
                            0x043D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
                            0x043EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
                            0x0520C000 \SystemRoot\system32\DRIVERS\USBD.SYS
                            0x03FEE000 \SystemRoot\system32\DRIVERS\mouhid.sys
                            0x028F2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
                            0x0290D000 \SystemRoot\system32\DRIVERS\monitor.sys
                            0x004C0000 \SystemRoot\System32\TSDDD.dll
                            0x00680000 \SystemRoot\System32\cdd.dll
                            0x0291B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
                            0x02938000 \SystemRoot\system32\DRIVERS\kbdhid.sys
                            0x02946000 \SystemRoot\system32\drivers\luafv.sys
                            0x02969000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
                            0x02974000 \SystemRoot\system32\drivers\WudfPf.sys
                            0x02995000 \SystemRoot\system32\DRIVERS\lltdio.sys
                            0x029AA000 \SystemRoot\system32\DRIVERS\nwifi.sys
                            0x02800000 \SystemRoot\system32\DRIVERS\ndisuio.sys
                            0x02813000 \SystemRoot\system32\DRIVERS\rspndr.sys
                            0x04850000 \SystemRoot\system32\drivers\HTTP.sys
                            0x04919000 \SystemRoot\system32\DRIVERS\bowser.sys
                            0x04937000 \SystemRoot\System32\drivers\mpsdrv.sys
                            0x0494F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
                            0x0497C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
                            0x049CA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
                            0x0282B000 \SystemRoot\system32\drivers\peauth.sys
                            0x049EE000 \SystemRoot\System32\Drivers\secdrv.SYS
                            0x06E39000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
                            0x06EFA000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
                            0x06F47000 \SystemRoot\System32\DRIVERS\srvnet.sys
                            0x06F78000 \SystemRoot\System32\drivers\tcpipreg.sys
                            0x06F8A000 \SystemRoot\System32\DRIVERS\srv2.sys
                            0x07CC8000 \SystemRoot\System32\DRIVERS\srv.sys
                            0x07D60000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
                            0x07D6B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
                            0x07D9C000 \SystemRoot\System32\Drivers\fastfat.SYS
                            0x07C00000 \SystemRoot\system32\drivers\spsys.sys
                            0x77B70000 \Windows\System32\ntdll.dll
                            0x475D0000 \Windows\System32\smss.exe
                            0xFFE90000 \Windows\System32\apisetschema.dll
                            0xFF5B0000 \Windows\System32\autochk.exe
                            0xFFE30000 \Windows\System32\ws2_32.dll
                            0x77A50000 \Windows\System32\kernel32.dll
                            0xFFDB0000 \Windows\System32\shlwapi.dll
                            0xFFDA0000 \Windows\System32\lpk.dll
                            0xFFD70000 \Windows\System32\imm32.dll
                            0x778F0000 \Windows\System32\wininet.dll
                            0x776E0000 \Windows\System32\iertutil.dll
                            0xFFB90000 \Windows\System32\setupapi.dll
                            0x77D40000 \Windows\System32\psapi.dll
                            0xFFB20000 \Windows\System32\gdi32.dll
                            0xFFA80000 \Windows\System32\clbcatq.dll
                            0xFFA00000 \Windows\System32\difxapi.dll
                            0xFF9E0000 \Windows\System32\imagehlp.dll
                            0xFF8B0000 \Windows\System32\rpcrt4.dll
                            0x77590000 \Windows\System32\urlmon.dll
                            0xFEB20000 \Windows\System32\shell32.dll
                            0xFEA80000 \Windows\System32\msvcrt.dll
                            0xFE9A0000 \Windows\System32\advapi32.dll
                            0xFE900000 \Windows\System32\comdlg32.dll
                            0xFE8A0000 \Windows\System32\Wldap32.dll
                            0x77490000 \Windows\System32\user32.dll
                            0xFE890000 \Windows\System32\nsi.dll
                            0xFE680000 \Windows\System32\ole32.dll
                            0xFE660000 \Windows\System32\sechost.dll
                            0xFE580000 \Windows\System32\oleaut32.dll
                            0xFE4B0000 \Windows\System32\usp10.dll
                            0x77D30000 \Windows\System32\normaliz.dll
                            0xFE3A0000 \Windows\System32\msctf.dll
                            0xFE300000 \Windows\System32\comctl32.dll
                            0xFE290000 \Windows\System32\KernelBase.dll
                            0xFE250000 \Windows\System32\wintrust.dll
                            0xFE210000 \Windows\System32\cfgmgr32.dll
                            0xFE0A0000 \Windows\System32\crypt32.dll
                            0xFE080000 \Windows\System32\devobj.dll
                            0xFE070000 \Windows\System32\msasn1.dll
                            0x75490000 \Windows\SysWOW64\normaliz.dll

                            Processes (total 62):
                            0 System Idle Process
                            4 System
                            304 C:\Windows\System32\smss.exe
                            460 csrss.exe
                            520 C:\Windows\System32\wininit.exe
                            536 csrss.exe
                            580 C:\Windows\System32\services.exe
                            588 C:\Windows\System32\lsass.exe
                            596 C:\Windows\System32\lsm.exe
                            648 C:\Windows\System32\winlogon.exe
                            748 C:\Windows\System32\svchost.exe
                            804 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
                            848 C:\Windows\System32\nvvsvc.exe
                            888 C:\Windows\System32\svchost.exe
                            940 C:\Program Files\Microsoft Security Client\MsMpEng.exe
                            316 C:\Windows\System32\svchost.exe
                            480 C:\Windows\System32\svchost.exe
                            712 C:\Windows\System32\svchost.exe
                            1048 C:\Windows\System32\audiodg.exe
                            1092 C:\Windows\System32\svchost.exe
                            1188 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                            1200 C:\Windows\System32\nvvsvc.exe
                            1248 C:\Windows\System32\svchost.exe
                            1556 C:\Windows\System32\spoolsv.exe
                            1604 C:\Windows\System32\svchost.exe
                            1700 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
                            1724 C:\Windows\System32\svchost.exe
                            2044 C:\Windows\System32\taskhost.exe
                            1424 C:\Windows\explorer.exe
                            1720 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
                            1336 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                            2092 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
                            2584 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
                            2840 C:\Windows\System32\svchost.exe
                            2900 WUDFHost.exe
                            2180 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
                            1736 C:\Windows\System32\vds.exe
                            3112 WmiPrvSE.exe
                            3248 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                            3268 C:\Windows\System32\igfxtray.exe
                            3304 C:\Program Files\Microsoft Security Client\msseces.exe
                            3312 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
                            3516 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                            3552 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
                            3560 C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
                            3576 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
                            3604 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
                            4092 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                            3184 C:\Windows\System32\SearchIndexer.exe
                            3456 C:\Program Files\Windows Media Player\wmpnetwk.exe
                            972 C:\Windows\System32\svchost.exe
                            4164 WmiPrvSE.exe
                            4528 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                            4744 dllhost.exe
                            2400 C:\Windows\System32\sppsvc.exe
                            3620 C:\Windows\System32\svchost.exe
                            2956 C:\Windows\System32\SearchProtocolHost.exe
                            692 C:\Windows\System32\SearchFilterHost.exe
                            1220 dllhost.exe
                            2380 dllhost.exe
                            4948 C:\Users\Serena\Downloads\MBRCheck.exe
                            3700 C:\Windows\System32\conhost.exe

                            \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`04600000 (NTFS)
                            \\.\Q: --> error 5

                            PhysicalDrive0 Model Number: WDCWD5000AAKS-75V0A0, Rev: 05.01D05

                            Size Device Name MBR Status
                            --------------------------------------------
                            465 GB \\.\PhysicalDrive0 MBR Code Faked!
                            SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


                            Found non-standard or infected MBR.
                            Enter 'Y' and hit ENTER for more options, or 'N' to exit:

                            Done!

                            Comment


                            • #15
                              Please try running aswMBR.exe again as instructed in Reply # 8. We need to fix the MBR.

                              Comment

                              Working...
                              X