Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Help Please, browser redirecting, minimizing pages


Recommended Posts

Posted

Hello im having problems with my browser redirecting me, to awful sites such as momanddaughtertrio.com ,satanismyfriend.com and tons of other commercial sites for autos everytime I click a link. If I even play a game I get minimized often. I get fake virus warnings from webpage saying me system will crash if I dont scan. I scanned with malware bytes, Spybot, and advanced system care. They have all came up empty and found nothing. Please help me. Im not great with computer technology and hoping someone can make this easy to explain to me or how to fix it in simple directions. much help is appreciated.

 

Thanks

serena

Posted

Hi serena

 

Which antivirus program do you use?

If you don't have a good one you could try ASC5 with Antivirus.

Or you can try IObit Malware fighter.

It would be interesting to see if IMF caches those baddies.

It does sound bad though so you can contact our malware fighter and ask for his assitance

 

Cheers

solbjerg

 

Hello im having problems with my browser redirecting me, to awful sites such as momanddaughtertrio.com ,satanismyfriend.com and tons of other commercial sites for autos everytime I click a link. If I even play a game I get minimized often. I get fake virus warnings from webpage saying me system will crash if I dont scan. I scanned with malware bytes, Spybot, and advanced system care. They have all came up empty and found nothing. Please help me. Im not great with computer technology and hoping someone can make this easy to explain to me or how to fix it in simple directions. much help is appreciated.

 

Thanks

serena

Posted

Hi serenanicole! Welcome to the Iobit forums.

 

If you would like assistance cleaning your computer of Malware, please follow the instructions in this link. Make sure to post both of the DDS logs.

 

Sincerely,

-Mel

Live long and prosper!

Posted

Heres the attatchments so far that was asked for

 

IObit Malware Fighter

 

OS: Windows 7

Version: 1.4.0.22

Define Version: 1140

Time Elapsed: 00:16:58

Objects Scanned: 70603

Threats Found: 1

Save Time: 6/16/2012 3:13:37 PM

 

|Name|Type|Description|ID|

Misleading.PCMightyMax2010 - Delete, FOLDER, C:\Users\Serena\AppData\Roaming\licenses, 303158

 

 

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Serena at 15:14:46 on 2012-06-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2589 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Desktop Disc Tool] c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

TCP: Interfaces\{1186169A-204B-497D-AF65-B88344C0383B} : DhcpNameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{3E769C8E-CF25-4781-A135-BB270A10954D} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

TCP: Interfaces\{42525128-34AC-4A94-95CD-53A9F2F605AB} : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

TCP: Interfaces\{F2C17581-249F-47CE-81D2-8DD4AEAB76BF} : DhcpNameServer = 68.87.75.198 68.87.64.150

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Desktop Disc Tool] c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Serena\AppData\Roaming\Mozilla\Firefox\Profiles\ld2w6zyb.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-6-8 913792]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-13 792512]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-6-16 821592]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-9-27 240232]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-6-16 21384]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-6-16 33184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-6-16 21872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-16 13336]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-27 2214504]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]

S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]

S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]

S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-16 689472]

S3 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-8 14544]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-06-16 18:55:06 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-06-16 18:55:05 -------- d-----w- C:\Program Files (x86)\IObit Toolbar

2012-06-16 18:55:05 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-06-16 01:42:20 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{440547CD-0569-417D-9FD9-C67779E516EB}\mpengine.dll

2012-06-15 00:36:09 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-13 20:21:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 20:21:10 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-13 20:21:10 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-13 20:20:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-13 20:20:51 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-13 20:20:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 20:20:10 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 20:17:51 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-13 20:17:34 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-13 20:17:34 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-13 20:17:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-13 20:17:05 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-13 20:17:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-13 20:15:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 20:15:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 20:15:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 20:15:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 20:15:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 20:15:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 20:10:59 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2012-06-13 05:42:29 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-13 01:35:29 98816 ----a-w- C:\Windows\sed.exe

2012-06-13 01:35:29 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-13 01:35:29 256000 ----a-w- C:\Windows\PEV.exe

2012-06-13 01:35:29 208896 ----a-w- C:\Windows\MBR.exe

2012-06-12 23:07:49 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{976ABB1C-C7C6-42B2-8D4C-D307B89F4675}\gapaengine.dll

2012-06-10 08:20:28 -------- d--h--w- C:\ProgramData\Common Files

2012-06-10 08:19:49 -------- d-----w- C:\ProgramData\AVG2012

2012-06-10 08:15:33 -------- d-----w- C:\ProgramData\MFAData

2012-06-08 21:33:48 -------- d-----w- C:\Users\Serena\AppData\Roaming\Babylon

2012-06-08 21:15:11 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2012-06-08 21:15:11 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2012-06-08 21:15:11 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-06-08 21:15:11 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-06-08 21:15:10 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2012-06-08 20:50:40 -------- d-----w- C:\ProgramData\IObit

2012-06-08 20:50:32 -------- d-----w- C:\Users\Serena\AppData\Roaming\IObit

2012-06-08 20:50:25 -------- d-----w- C:\Program Files (x86)\IObit

2012-05-19 09:32:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

.

==================== Find3M ====================

.

2012-06-13 20:16:39 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-13 20:16:38 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-13 20:16:38 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-13 20:16:38 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-13 20:16:38 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-13 20:16:38 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-13 20:16:38 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-13 20:16:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-13 20:16:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-13 20:16:37 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

.

============= FINISH: 15:22:29.74 ===============

 

 

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/12/2011 1:58:57 PM

System Uptime: 6/16/2012 2:48:27 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 018D1Y

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 398.15 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP264: 6/13/2012 4:14:17 PM - Windows Modules Installer

RP265: 6/13/2012 4:15:09 PM - Windows Modules Installer

RP266: 6/14/2012 8:35:38 PM - Windows Update

RP267: 6/15/2012 9:32:16 PM - Installed HiJackThis

RP268: 6/16/2012 3:08:18 AM - IObit Uninstaller restore point

RP269: 6/16/2012 3:08:42 AM - Removed HiJackThis

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1.2

Adobe Shockwave Player 11.6

Advanced SystemCare 5

Curse Client

D3DX10

Dell Communications (Support Software)

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

EVGA Precision 1.8.1

Game Booster 3

HP Deskjet 3050 J610 series Help

HP Photo Creations

HP Update

Intel® Control Center

Intel® Rapid Storage Technology

IObit Malware Fighter

IObit Toolbar v5.9

Java Auto Updater

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

Mumble 1.2.3

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Realtek High Definition Audio Driver

Roxio Burn

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Stray Souls: Dollhouse Story

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Ventrilo Client

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

World of Warcraft

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

6/16/2012 3:09:30 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .

6/16/2012 3:01:30 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/16/2012 2:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6/16/2012 2:46:52 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

6/16/2012 2:45:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

6/16/2012 2:39:50 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/16/2012 2:38:06 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/16/2012 2:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/16/2012 2:38:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/16/2012 2:38:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/16/2012 2:37:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/16/2012 2:37:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

6/16/2012 2:37:49 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

6/16/2012 2:31:14 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/16/2012 2:31:14 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.

6/15/2012 9:32:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

6/15/2012 9:28:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/15/2012 9:18:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2024.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

6/15/2012 8:51:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2024.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

6/15/2012 8:39:36 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

6/14/2012 8:38:32 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

6/14/2012 8:38:03 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).

6/13/2012 2:56:11 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{593CBC02-060B-49F0-AD90-1205CC3E0663}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:55:22 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3F2F6C3F-7F24-45B1-B056-C439F22C95F3}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:55:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{45798B59-92FC-4F9A-A46E-29E1588BD125}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:54:21 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0A3954ED-C923-4EAA-AD93-3CB7FE36B551}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:54:12 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{69422916-E214-4BBA-93FA-D23D96A30A91}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:53:20 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{AC0C7051-4C3B-47F0-B9AF-E194B3B5C6D5}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:53:11 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BA41A977-7815-41F0-84B1-BC9ACCA4F1DF}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:52:14 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C654487A-CBA7-486E-9140-2C64C6C8FFF6}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:34:05 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

6/13/2012 2:32:33 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6F41F1CF-CB05-4FAD-A948-EAB210990B99}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:31:44 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6076EB14-A09C-448F-A01F-11AF331C620B}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:31:36 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{95C0F0CE-3EF5-4F11-9A3B-BCF4AD5BB8B4}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:30:45 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8CC55425-E0CF-4D1B-9C06-E75319AFD600}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:30:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0BE4D344-A37C-407A-847A-BFE1D2AB1C04}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:29:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6BC40843-0AA1-4290-B728-C3B6E7141A94}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:29:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{47A73EBB-C6E8-4ED5-AC78-4B805151AA3E}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 2:28:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{58677B83-2965-443F-89FB-606789D4C1F6}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:27:21 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5CC19FDB-216E-45A8-BE48-A19DB6D0783A}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:26:30 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D90879AE-6639-48B4-B666-B05908E81791}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:26:21 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F21CEC3C-2F7A-4CC4-B44C-AAC58FFB9ACF}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:25:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{49BFC970-0699-47CD-8288-5C8C38C84BBB}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:25:29 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{30680853-CD4D-4EFE-B8B8-555E89819E94}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:24:40 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2B4E191D-38F9-485F-98C9-85335C34170B}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:24:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{ECBFDDEB-6A0F-4C15-81AD-832F02C6F041}' was corrupted and it has been recovered. Some data might have been lost.

6/13/2012 12:23:42 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F7818EE4-5F26-425C-ADC3-082E07360FB1}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 11:20:28 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9C5E0B18-0BB8-48D0-82A1-2344F482D912}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 11:17:09 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3040B205-F5A9-4941-872A-393986048F14}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 11:16:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A8A311FC-55B9-4996-B238-2D749C5863E9}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 11:13:56 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2B3CFB76-29AB-41BC-920B-DF5035705786}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 11:11:02 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{18FDD176-0C42-47F1-9A8E-24A0841E9A6B}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 11:07:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{a14e4366-c1ad-11df-8e62-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F121E1AE-B077-4AF8-AC9C-79C8A189F6B8}' was corrupted and it has been recovered. Some data might have been lost.

6/12/2012 10:16:50 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

6/12/2012 10:15:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/11/2012 7:21:28 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

6/11/2012 2:28:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0104: nVidia - Display, Other hardware - NVIDIA GeForce GT 220.

6/11/2012 2:22:10 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1562.0;1.127.1562.0 Engine version: 1.1.8403.0

.

==== End Of File ===========================

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

***********************************************************

This is for Vista but it's almost the same for Windows 7

 

Open the Start Menu.

 

2. Click on the Computer button.

 

3. Right click on your hard drive and click on Properties.

 

4. Click on the Tools tab.

 

5. Click on Check Now under the Error checking section. (See circled in red below)

 

http://www.vistax64.com/attachments/tutorials/173d1232211462t-check-disk-chkdsk-properties.jpg

 

. Click on Continue in the UAC prompt.

 

7. Make sure both options are checked. (See screenshot below)

NOTE: The Automatically fix file system errors box will be checked by default.

 

8. Click on the Start button.

 

http://www.vistax64.com/attachments/tutorials/174d1180977149-check-disk-chkdsk-check-now.jpg

 

9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

 

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.

 

http://www.vistax64.com/attachments/tutorials/175d1232211462t-check-disk-chkdsk-schedule.jpg

 

11. Restart your computer.

Posted

Download Combofix from any of the links below, and save it to your DESKTOP.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.
     
    You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Posted

Next logs posted

 

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

Java version out of date!

Adobe Flash Player 10 Flash Player out of date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox 11.0 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

IObit IObit Malware Fighter IMFsrv.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

 

 

 

ComboFix 12-06-16.01 - Serena 06/16/2012 20:10:38.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2563 [GMT -4:00]

Running from: c:\users\Serena\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))

.

.

2012-06-17 00:42 . 2012-06-17 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-17 00:42 . 2012-06-17 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-16 18:55 . 2012-06-16 18:55 -------- d-----w- c:\program files (x86)\Application Updater

2012-06-16 18:55 . 2012-06-16 18:55 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-06-16 18:55 . 2012-06-16 18:55 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-06-16 01:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{440547CD-0569-417D-9FD9-C67779E516EB}\mpengine.dll

2012-06-15 00:36 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-13 20:21 . 2012-06-13 20:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 20:21 . 2012-06-13 20:21 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 20:21 . 2012-06-13 20:21 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 20:20 . 2012-06-13 20:20 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-13 20:20 . 2012-06-13 20:20 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-13 20:20 . 2012-06-13 20:20 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 20:20 . 2012-06-13 20:20 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 20:17 . 2012-06-13 20:17 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 20:17 . 2012-06-13 20:17 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-13 20:17 . 2012-06-13 20:17 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 20:17 . 2012-06-13 20:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 20:17 . 2012-06-13 20:17 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 20:17 . 2012-06-13 20:17 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 20:15 . 2012-06-13 20:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 20:15 . 2012-06-13 20:15 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 20:15 . 2012-06-13 20:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 20:15 . 2012-06-13 20:15 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 20:15 . 2012-06-13 20:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 20:15 . 2012-06-13 20:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-13 20:10 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-06-12 23:07 . 2012-02-11 05:48 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{976ABB1C-C7C6-42B2-8D4C-D307B89F4675}\gapaengine.dll

2012-06-10 08:20 . 2012-06-10 08:20 -------- d--h--w- c:\programdata\Common Files

2012-06-10 08:19 . 2012-06-10 08:45 -------- d-----w- c:\programdata\AVG2012

2012-06-10 08:15 . 2012-06-10 08:39 -------- d-----w- c:\programdata\MFAData

2012-06-08 21:33 . 2012-06-08 21:33 -------- d-----w- c:\users\Serena\AppData\Roaming\Babylon

2012-06-08 21:15 . 2011-11-08 14:18 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-06-08 21:15 . 2011-11-08 14:18 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2012-06-08 21:15 . 2011-11-08 14:18 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-06-08 21:15 . 2011-11-08 14:18 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-06-08 21:15 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-06-08 20:50 . 2012-06-08 21:15 -------- d-----w- c:\programdata\IObit

2012-06-08 20:50 . 2012-06-16 18:54 -------- d-----w- c:\users\Serena\AppData\Roaming\IObit

2012-06-08 20:50 . 2012-06-16 18:54 -------- d-----w- c:\program files (x86)\IObit

2012-05-19 09:32 . 2012-06-16 07:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-30 11:35 . 2012-05-14 03:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Desktop Disc Tool"="c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe" [2009-12-16 498160]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]

.

c:\users\Serena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-5-27 0]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]

R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]

R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]

R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

R3 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-16 c:\windows\Tasks\hpwebreg_CN1593C09M05HX.job

- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-17 04:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

FF - ProfilePath - c:\users\Serena\AppData\Roaming\Mozilla\Firefox\Profiles\f73mdqrs.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

.

**************************************************************************

.

Completion time: 2012-06-16 22:29:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-17 02:29

ComboFix2.txt 2012-06-13 02:38

.

Pre-Run: 427,465,379,840 bytes free

Post-Run: 426,899,505,152 bytes free

.

- - End Of File - - 3ED8338AF307C91D4642E0F73DCACE3C

Posted

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

********************************************

Update your Adobe Reader. get.adobe.com/reader.

 

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

 

****************************************************

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

*****************************************************

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Posted

reply

 

Ive tried to run aswMBR.exe but it will not open up at all just double click and nothing tried to run as adminastrator also tried to open directly will not nothing will come up have been running rooter like you directed its been nearly two hours has it messed up or does it take that long?

Posted

Let's try something else.

 

Save these instructions so you can have access to them while in Safe Mode.

 

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
     
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

•Then click on Scan at the to right hand Corner.

•It will automatically Neutralize any objects found.

•If some objects are left un-neutralized then click the button that says Neutralize all

•If it says it cannot be neutralized then choose the delete option when prompted.

•After that is done click on the reports button at the bottom and save it to file name it Kas.

•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

 

Note: This tool will self uninstall when you close it so please save the log before closing it.

Posted

reply

 

my computer is still redirecting even though its picking nothing up with the suggestions and when i play games it is still minimizing me and giving me messages like would you like to leave or stay on this page from internet explorer, are you shure? when i had nothing open which is a new one. with shure being spelled wrong. and message from webpage with a caution sign that says thanks. not sure what else to do.

Posted

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*************************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

************************************************

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

 

Link 1

Link 2

Link 3

 

•Double-click on MBRCheck.exe to run it.

 

•It will open a black window...please do not fix anything (if it gives you an option).

 

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

 

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.

•Please copy and paste the contents of that log in your next reply.

Posted

logs

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/19/2012 at 06:27 AM

 

Application Version : 5.1.1002

 

Core Rules Database Version : 8759

Trace Rules Database Version: 6571

 

Scan type : Complete Scan

Total Scan Time : 00:21:24

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

 

Memory items scanned : 547

Memory threats detected : 0

Registry items scanned : 65911

Registry threats detected : 0

File items scanned : 41422

File threats detected : 120

 

Adware.Tracking Cookie

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\serena@doubleclick[1].txt [ /doubleclick ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\serena@doubleclick[2].txt [ /doubleclick ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\0EUZP8TF.txt [ /media.adfrontiers.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\GXVLA4BC.txt [ /tag.2bluemedia.hiro.tv ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\DMKCTNML.txt [ /ads.us.e-planning.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\TQLOVHFY.txt [ /clicks.freesearchbuddy.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\EVAZS97H.txt [ /network.realmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\6YA250ZA.txt [ /findology.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\8TWJTD6D.txt [ /ads.driverdigital.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\Y0KN545W.txt [ /clicksor.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\2PA1QPMM.txt [ /click.primosearch.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\YYGD9LZ5.txt [ /myroitracking.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\VAS9X1SZ.txt [ /openx.overadmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\JK3SPL94.txt [ /steelhousemedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\B0EWMPDY.txt [ /doufind.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\ROYFG2WG.txt [ /ghmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\6JTR0VFJ.txt [ /miva.cinomedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\WC6XJ82H.txt [ /legolas-media.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\M5KFLM91.txt [ /invitemedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\Q86UM625.txt [ /yieldmanager.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\40HY74MX.txt [ /lucidmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\VK23S4P4.txt [ /adup.rotator.hadj7.adjuggler.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\2L3XQ0W9.txt [ /advertising.ezanga.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\7OU89242.txt [ /vidasco.rotator.hadj7.adjuggler.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\C0CXN525.txt [ /ox-d.fondnessmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\X5ZKI4C1.txt [ /ads.pubmatic.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\C5VPGZ95.txt [ /ad.allvoices.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\S5AJYW5M.txt [ /adxpose.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\XQ0FI6RU.txt [ /ad.yieldmanager.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\F5UMWF24.txt [ /click.expandsearchanswers.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\86DQT11W.txt [ /ads.undertone.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\4VPJMY4U.txt [ /ads.saymedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\8PA93WDI.txt [ /ads.gamersmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\DBL3DE01.txt [ /interclick.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\J36HLXNV.txt [ /s4.trafficno.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\3LA528O5.txt [ /ads.adk2.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\RJ8PBWL3.txt [ /adserving.ezanga.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\0RSLP6J5.txt [ /ox-d.mediaforge.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\M4Y7DLGQ.txt [ /intermundomedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\KTSG1HH9.txt [ /xml.trafficengine.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\1P55E1H3.txt [ /adfarm1.adition.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\NF2DIE7B.txt [ /ads.footar.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\NL32XJ51.txt [ /mediaservices-d.openxenterprise.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\Y11EMVX9.txt [ /ads.financialcontent.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\P44AE0PO.txt [ /media6degrees.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\5F10JE6U.txt [ /adjuggler.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\KJ4XHHXS.txt [ /adserver.adtechus.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\8FPNPHA0.txt [ /clicks.gossipcenter.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\SIWM0DTC.txt [ /ad2.adfarm1.adition.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\2M78H3IS.txt [ /collective-media.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\4L5246YS.txt [ /redirect.adservesystem.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\CEZ0CSAF.txt [ /thirdage.112.2o7.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\XS3ET8HH.txt [ /mtvn.112.2o7.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\UWNL6WPU.txt [ /a1.interclick.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\SX8GP041.txt [ /nextag.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\PVOPTM8I.txt [ /openofind.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\VTUUTOSF.txt [ /adinterax.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\S36G39PG.txt [ /adnetwork.net ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\WC6QD8IJ.txt [ /realmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\V0ZNT3UO.txt [ /lokyfind.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\0P3RAUSN.txt [ /tracking893.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\C2T163I3.txt [ /goclicker.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\S6R9LT9T.txt [ /gamersmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\RTKF8EC7.txt [ /findstops.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\NRP1LGFD.txt [ /incsfind.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\DY0AARKA.txt [ /gamersmedia.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\SIURVIDV.txt [ /insideentrepreneurs.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\O55WJT47.txt [ /cleangreenfind.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\6YT9MT1E.txt [ /traveladvertising.com ]

C:\Users\Serena\AppData\Roaming\Microsoft\Windows\Cookies\3T66DMY1.txt [ /multimediadir.com ]

C:\USERS\SERENA\AppData\Roaming\Microsoft\Windows\Cookies\ES378ZPG.txt [ Cookie:serena@greatestsearchengines.com/click/ ]

C:\USERS\SERENA\AppData\Roaming\Microsoft\Windows\Cookies\E1482KT9.txt [ Cookie:serena@adsonar.com/adserving ]

C:\USERS\SERENA\Cookies\0EUZP8TF.txt [ Cookie:serena@media.adfrontiers.com/ ]

C:\USERS\SERENA\Cookies\GXVLA4BC.txt [ Cookie:serena@tag.2bluemedia.hiro.tv/ ]

C:\USERS\SERENA\Cookies\TQLOVHFY.txt [ Cookie:serena@clicks.freesearchbuddy.com/ ]

C:\USERS\SERENA\Cookies\EVAZS97H.txt [ Cookie:serena@network.realmedia.com/ ]

C:\USERS\SERENA\Cookies\6YA250ZA.txt [ Cookie:serena@findology.com/ ]

C:\USERS\SERENA\Cookies\Y0KN545W.txt [ Cookie:serena@clicksor.com/ ]

C:\USERS\SERENA\Cookies\2PA1QPMM.txt [ Cookie:serena@click.primosearch.com/ads-clicktrack/click/ ]

C:\USERS\SERENA\Cookies\YYGD9LZ5.txt [ Cookie:serena@myroitracking.com/ ]

C:\USERS\SERENA\Cookies\VAS9X1SZ.txt [ Cookie:serena@openx.overadmedia.com/ ]

C:\USERS\SERENA\Cookies\ES378ZPG.txt [ Cookie:serena@greatestsearchengines.com/click/ ]

C:\USERS\SERENA\Cookies\6JTR0VFJ.txt [ Cookie:serena@miva.cinomedia.com/ ]

C:\USERS\SERENA\Cookies\WC6XJ82H.txt [ Cookie:serena@legolas-media.com/ ]

C:\USERS\SERENA\Cookies\Q86UM625.txt [ Cookie:serena@yieldmanager.net/ ]

C:\USERS\SERENA\Cookies\40HY74MX.txt [ Cookie:serena@lucidmedia.com/ ]

C:\USERS\SERENA\Cookies\VK23S4P4.txt [ Cookie:serena@adup.rotator.hadj7.adjuggler.net/ ]

C:\USERS\SERENA\Cookies\2L3XQ0W9.txt [ Cookie:serena@advertising.ezanga.com/ ]

C:\USERS\SERENA\Cookies\7OU89242.txt [ Cookie:serena@vidasco.rotator.hadj7.adjuggler.net/ ]

C:\USERS\SERENA\Cookies\C0CXN525.txt [ Cookie:serena@ox-d.fondnessmedia.com/ ]

C:\USERS\SERENA\Cookies\E1482KT9.txt [ Cookie:serena@adsonar.com/adserving ]

C:\USERS\SERENA\Cookies\S5AJYW5M.txt [ Cookie:serena@adxpose.com/ ]

C:\USERS\SERENA\Cookies\8PA93WDI.txt [ Cookie:serena@ads.gamersmedia.com/ ]

C:\USERS\SERENA\Cookies\DBL3DE01.txt [ Cookie:serena@interclick.com/ ]

C:\USERS\SERENA\Cookies\J36HLXNV.txt [ Cookie:serena@s4.trafficno.com/ ]

C:\USERS\SERENA\Cookies\0RSLP6J5.txt [ Cookie:serena@ox-d.mediaforge.com/ ]

C:\USERS\SERENA\Cookies\KTSG1HH9.txt [ Cookie:serena@xml.trafficengine.net/ ]

C:\USERS\SERENA\Cookies\NL32XJ51.txt [ Cookie:serena@mediaservices-d.openxenterprise.com/ ]

C:\USERS\SERENA\Cookies\1P55E1H3.txt [ Cookie:serena@adfarm1.adition.com/ ]

C:\USERS\SERENA\Cookies\P44AE0PO.txt [ Cookie:serena@media6degrees.com/ ]

C:\USERS\SERENA\Cookies\KJ4XHHXS.txt [ Cookie:serena@adserver.adtechus.com/ ]

C:\USERS\SERENA\Cookies\8FPNPHA0.txt [ Cookie:serena@clicks.gossipcenter.com/ ]

C:\USERS\SERENA\Cookies\2M78H3IS.txt [ Cookie:serena@collective-media.net/ ]

C:\USERS\SERENA\Cookies\4L5246YS.txt [ Cookie:serena@redirect.adservesystem.com/ ]

C:\USERS\SERENA\Cookies\CEZ0CSAF.txt [ Cookie:serena@thirdage.112.2o7.net/ ]

C:\USERS\SERENA\Cookies\XS3ET8HH.txt [ Cookie:serena@mtvn.112.2o7.net/ ]

C:\USERS\SERENA\Cookies\UWNL6WPU.txt [ Cookie:serena@a1.interclick.com/ ]

C:\USERS\SERENA\Cookies\SX8GP041.txt [ Cookie:serena@nextag.com/ ]

C:\USERS\SERENA\Cookies\PVOPTM8I.txt [ Cookie:serena@openofind.com/ ]

C:\USERS\SERENA\Cookies\VTUUTOSF.txt [ Cookie:serena@adinterax.com/ ]

C:\USERS\SERENA\Cookies\WC6QD8IJ.txt [ Cookie:serena@realmedia.com/ ]

C:\USERS\SERENA\Cookies\V0ZNT3UO.txt [ Cookie:serena@lokyfind.com/ ]

C:\USERS\SERENA\Cookies\0P3RAUSN.txt [ Cookie:serena@tracking893.com/ ]

C:\USERS\SERENA\Cookies\C2T163I3.txt [ Cookie:serena@goclicker.com/ ]

C:\USERS\SERENA\Cookies\S6R9LT9T.txt [ Cookie:serena@gamersmedia.com/servlet/ajrotator/track/pt1231328 ]

C:\USERS\SERENA\Cookies\RTKF8EC7.txt [ Cookie:serena@findstops.com/ ]

C:\USERS\SERENA\Cookies\NRP1LGFD.txt [ Cookie:serena@incsfind.com/ ]

C:\USERS\SERENA\Cookies\DY0AARKA.txt [ Cookie:serena@gamersmedia.com/servlet/ajrotator/track/pt1220272 ]

C:\USERS\SERENA\Cookies\O55WJT47.txt [ Cookie:serena@cleangreenfind.com/click/ ]

C:\USERS\SERENA\Cookies\3T66DMY1.txt [ Cookie:serena@multimediadir.com/ ]

 

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.61.0.1400

http://www.malwarebytes.org

 

Database version: v2012.06.16.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Serena :: SERENA-PC [administrator]

 

6/19/2012 6:38:35 AM

mbam-log-2012-06-19 (06-38-35).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 323874

Time elapsed: 19 minute(s), 25 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 560

Logical Drives Mask: 0x000101ec

 

Kernel Drivers (total 186):

0x03213000 \SystemRoot\system32\ntoskrnl.exe

0x037FB000 \SystemRoot\system32\hal.dll

0x00BB5000 \SystemRoot\system32\kdcom.dll

0x00CEE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D3D000 \SystemRoot\system32\PSHED.dll

0x00D51000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00EFD000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00FA1000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00E00000 \SystemRoot\system32\drivers\ACPI.sys

0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E6A000 \SystemRoot\system32\drivers\pci.sys

0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys

0x00EBF000 \SystemRoot\system32\drivers\volmgr.sys

0x01055000 \SystemRoot\System32\drivers\volmgrx.sys

0x010B1000 \SystemRoot\System32\drivers\mountmgr.sys

0x010CB000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x011E7000 \SystemRoot\system32\drivers\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x00ED4000 \SystemRoot\system32\drivers\fileinfo.sys

0x00FB0000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x011F2000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x0122D000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0148C000 \SystemRoot\System32\Drivers\msrpc.sys

0x014EA000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01505000 \SystemRoot\System32\Drivers\cng.sys

0x01577000 \SystemRoot\System32\drivers\pcw.sys

0x01588000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0164F000 \SystemRoot\system32\drivers\ndis.sys

0x01742000 \SystemRoot\system32\drivers\NETIO.SYS

0x017A2000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01883000 \SystemRoot\System32\drivers\tcpip.sys

0x01A86000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01AD0000 \SystemRoot\system32\drivers\volsnap.sys

0x01B1C000 \SystemRoot\System32\Drivers\spldr.sys

0x01B24000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B5E000 \SystemRoot\System32\Drivers\mup.sys

0x01B70000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01B79000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01BB3000 \SystemRoot\system32\DRIVERS\disk.sys

0x01BC9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03D8C000 \SystemRoot\system32\drivers\cdrom.sys

0x03DB6000 \SystemRoot\System32\Drivers\Null.SYS

0x03DBF000 \SystemRoot\System32\Drivers\Beep.SYS

0x03DC6000 \SystemRoot\System32\drivers\vga.sys

0x03DD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03C00000 \SystemRoot\System32\drivers\watchdog.sys

0x03C10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03C19000 \SystemRoot\system32\drivers\rdpencdd.sys

0x03C22000 \SystemRoot\system32\drivers\rdprefmp.sys

0x03C2B000 \SystemRoot\System32\Drivers\Msfs.SYS

0x03C36000 \SystemRoot\System32\Drivers\Npfs.SYS

0x0180E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03C47000 \SystemRoot\System32\DRIVERS\TDI.SYS

0x01400000 \SystemRoot\system32\drivers\afd.sys

0x01853000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01875000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x03C54000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x017CD000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01600000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x01616000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01625000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x01592000 \SystemRoot\system32\drivers\termdd.sys

0x01640000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x017F3000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x015A6000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x013D0000 \SystemRoot\system32\drivers\nsiproxy.sys

0x013DC000 \SystemRoot\system32\drivers\mssmbios.sys

0x013E7000 \SystemRoot\System32\drivers\discache.sys

0x01200000 \SystemRoot\System32\Drivers\dfsc.sys

0x00FE5000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x00CC0000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x00DAF000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0F2DB000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FFF9000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x03EB4000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03FA8000 \SystemRoot\System32\drivers\dxgmms1.sys

0x03E00000 \SystemRoot\system32\drivers\HDAudBus.sys

0x03E24000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03E31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03E87000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0F200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x03E98000 \SystemRoot\system32\drivers\CompositeBus.sys

0x0F285000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x0F29B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03EA8000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x00DC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0F2BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x04283000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x042A4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x042BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x042CD000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x042DC000 \SystemRoot\system32\DRIVERS\serscan.sys

0x042E4000 \SystemRoot\system32\drivers\ksthunk.sys

0x042EA000 \SystemRoot\system32\drivers\ks.sys

0x0432D000 \SystemRoot\system32\drivers\swenum.sys

0x0432F000 \SystemRoot\system32\drivers\umbus.sys

0x04341000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0439B000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x043B0000 \SystemRoot\system32\drivers\nvhda64v.sys

0x04200000 \SystemRoot\system32\drivers\portcls.sys

0x0423D000 \SystemRoot\system32\drivers\drmk.sys

0x05210000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x000A0000 \SystemRoot\System32\win32k.sys

0x05200000 \SystemRoot\System32\drivers\Dxapi.sys

0x0425F000 \SystemRoot\System32\Drivers\crashdmp.sys

0x03C5D000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x0426D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x043C8000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x043D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x043EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x0520C000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03FEE000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x028F2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x0290D000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004C0000 \SystemRoot\System32\TSDDD.dll

0x00680000 \SystemRoot\System32\cdd.dll

0x0291B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x02938000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x02946000 \SystemRoot\system32\drivers\luafv.sys

0x02969000 \SystemRoot\system32\DRIVERS\Sftvollh.sys

0x02974000 \SystemRoot\system32\drivers\WudfPf.sys

0x02995000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x029AA000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x02800000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x02813000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04850000 \SystemRoot\system32\drivers\HTTP.sys

0x04919000 \SystemRoot\system32\DRIVERS\bowser.sys

0x04937000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0494F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0497C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x049CA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0282B000 \SystemRoot\system32\drivers\peauth.sys

0x049EE000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06E39000 \SystemRoot\system32\DRIVERS\Sftfslh.sys

0x06EFA000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys

0x06F47000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06F78000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06F8A000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07CC8000 \SystemRoot\System32\DRIVERS\srv.sys

0x07D60000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys

0x07D6B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x07D9C000 \SystemRoot\System32\Drivers\fastfat.SYS

0x07C00000 \SystemRoot\system32\drivers\spsys.sys

0x77B70000 \Windows\System32\ntdll.dll

0x475D0000 \Windows\System32\smss.exe

0xFFE90000 \Windows\System32\apisetschema.dll

0xFF5B0000 \Windows\System32\autochk.exe

0xFFE30000 \Windows\System32\ws2_32.dll

0x77A50000 \Windows\System32\kernel32.dll

0xFFDB0000 \Windows\System32\shlwapi.dll

0xFFDA0000 \Windows\System32\lpk.dll

0xFFD70000 \Windows\System32\imm32.dll

0x778F0000 \Windows\System32\wininet.dll

0x776E0000 \Windows\System32\iertutil.dll

0xFFB90000 \Windows\System32\setupapi.dll

0x77D40000 \Windows\System32\psapi.dll

0xFFB20000 \Windows\System32\gdi32.dll

0xFFA80000 \Windows\System32\clbcatq.dll

0xFFA00000 \Windows\System32\difxapi.dll

0xFF9E0000 \Windows\System32\imagehlp.dll

0xFF8B0000 \Windows\System32\rpcrt4.dll

0x77590000 \Windows\System32\urlmon.dll

0xFEB20000 \Windows\System32\shell32.dll

0xFEA80000 \Windows\System32\msvcrt.dll

0xFE9A0000 \Windows\System32\advapi32.dll

0xFE900000 \Windows\System32\comdlg32.dll

0xFE8A0000 \Windows\System32\Wldap32.dll

0x77490000 \Windows\System32\user32.dll

0xFE890000 \Windows\System32\nsi.dll

0xFE680000 \Windows\System32\ole32.dll

0xFE660000 \Windows\System32\sechost.dll

0xFE580000 \Windows\System32\oleaut32.dll

0xFE4B0000 \Windows\System32\usp10.dll

0x77D30000 \Windows\System32\normaliz.dll

0xFE3A0000 \Windows\System32\msctf.dll

0xFE300000 \Windows\System32\comctl32.dll

0xFE290000 \Windows\System32\KernelBase.dll

0xFE250000 \Windows\System32\wintrust.dll

0xFE210000 \Windows\System32\cfgmgr32.dll

0xFE0A0000 \Windows\System32\crypt32.dll

0xFE080000 \Windows\System32\devobj.dll

0xFE070000 \Windows\System32\msasn1.dll

0x75490000 \Windows\SysWOW64\normaliz.dll

 

Processes (total 62):

0 System Idle Process

4 System

304 C:\Windows\System32\smss.exe

460 csrss.exe

520 C:\Windows\System32\wininit.exe

536 csrss.exe

580 C:\Windows\System32\services.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

648 C:\Windows\System32\winlogon.exe

748 C:\Windows\System32\svchost.exe

804 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

848 C:\Windows\System32\nvvsvc.exe

888 C:\Windows\System32\svchost.exe

940 C:\Program Files\Microsoft Security Client\MsMpEng.exe

316 C:\Windows\System32\svchost.exe

480 C:\Windows\System32\svchost.exe

712 C:\Windows\System32\svchost.exe

1048 C:\Windows\System32\audiodg.exe

1092 C:\Windows\System32\svchost.exe

1188 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1200 C:\Windows\System32\nvvsvc.exe

1248 C:\Windows\System32\svchost.exe

1556 C:\Windows\System32\spoolsv.exe

1604 C:\Windows\System32\svchost.exe

1700 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

1724 C:\Windows\System32\svchost.exe

2044 C:\Windows\System32\taskhost.exe

1424 C:\Windows\explorer.exe

1720 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

1336 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

2092 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

2584 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

2840 C:\Windows\System32\svchost.exe

2900 WUDFHost.exe

2180 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

1736 C:\Windows\System32\vds.exe

3112 WmiPrvSE.exe

3248 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3268 C:\Windows\System32\igfxtray.exe

3304 C:\Program Files\Microsoft Security Client\msseces.exe

3312 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

3516 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

3552 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

3560 C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

3576 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

3604 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

4092 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3184 C:\Windows\System32\SearchIndexer.exe

3456 C:\Program Files\Windows Media Player\wmpnetwk.exe

972 C:\Windows\System32\svchost.exe

4164 WmiPrvSE.exe

4528 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

4744 dllhost.exe

2400 C:\Windows\System32\sppsvc.exe

3620 C:\Windows\System32\svchost.exe

2956 C:\Windows\System32\SearchProtocolHost.exe

692 C:\Windows\System32\SearchFilterHost.exe

1220 dllhost.exe

2380 dllhost.exe

4948 C:\Users\Serena\Downloads\MBRCheck.exe

3700 C:\Windows\System32\conhost.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`04600000 (NTFS)

\\.\Q: --> error 5

 

PhysicalDrive0 Model Number: WDCWD5000AAKS-75V0A0, Rev: 05.01D05

 

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

 

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Done!

Posted

The program downloads directly to my desktop like instructed but it will not open. It there and i can double click on it but nothing appears I tried numerous times. Even tried to troubleshoot, made sure I was running as administrator and everything nothing, I just double click and it acts like it is going to open it then nothing. Its like im just clicking on nothing.

Posted

Im not sure how else to word it the program will not open, no errors no nothing. just double click and nothing happens. Yes I have rebooted but I can not leave it running because it will not open.. Ive even tried safe mode.

Posted
Im not sure how else to word it the program will not open, no errors no nothing. just double click and nothing happens. Yes I have rebooted but I can not leave it running because it will not open.. Ive even tried safe mode.

 

What happens when you right-click on the program?

Posted

When I double click it makes an hour glass like it is going to load then dissapears and nothing opens. It gives me the option to open, run as administrator etc when I right click but none of that will work. It just acts like it is going to load then nothing ever comes up and the loading icon dissapears.

Posted

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

Save Rkill to your desktop.

 

There are 7 different versions. If one of them won't run then download and try to run the other one.

 

Vista and Win7 users need to right click Rkill and choose Run as Administrator

 

 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

 

* Rkill.exe

* Rkill.com

* Rkill.scr

* WiNlOgOn.exe

* uSeRiNiT.exe

* iExplore.exe

* eXplorer.exe

Once you've gotten one of them to run then try to immediately run the following.

 

Now, please try to run aswMBR.exe again.

Posted

This is the log from rkill, still would not open aswmbr... Does same thing acts like it will load and does not. Tried it several times the way you instructed still does not work

 

Processes terminated by Rkill or while it was running:

 

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

 

 

Rkill completed on 06/20/2012 at 21:17:53.

Posted

Ok. We'll try another way to fix the MBR.

 

Please Boot to the System Recovery Options

If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).

It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

 

On the System Recovery Options menu you will get the following options:

 

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

 

Choose Command Prompt

You should see X:\SOURCES>...

 

Execute the following commands in bold.

Press Enter after every one of them.

 

bootrec /fixmbr (<--- there is a "space" after "bootrec")

 

bootrec /fixboot (<--- there is a "space" after "bootrec")

 

exit

 

Restart computer.

Posted

not sure if this matters but i ran trouble shooting again once it wouldnt open and this showed up

Program Compatibility Publisher details

 

Issues found

Incompatible ApplicationIncompatible Application

aswMBR(1) is incompatible. Detected

Fix application aswMBR(1) Completed

 

 

Issues found Detection details

 

6 Incompatible Application Detected

 

aswMBR(1) is incompatible.

Fix application aswMBR(1) Completed

 

Provides steps to fix the incompatible application.

 

 

Detection details

 

Collection information

Computer Name: SERENA-PC

Windows Version: 6.1

Architecture: amd64

Time: Wednesday, June 20, 2012 9:44:53 PM

 

Publisher details

 

Program Compatibility

Make older programs run in this version of Windows.

Package Version: 1.5

Publisher: Microsoft Windows

Program Compatibility

Make older programs run in this version of Windows.

Package Version: 1.0

Publisher: Microsoft Corporation

 

 

 

says it is not compatible

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...