Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Repair Rogue Application?


  • This topic is locked This topic is locked

#1
eevoh

eevoh

    Member

  • Member
  • PipPip
  • 31 posts
Originally, all my files were gone/hidden. I looked up system repair virus removal and came across this topic. http://www.geekstogo...-virus-removal/

I followed the first two steps and was able to retrieve my desktop and all other files but I'm still getting link redirects. Please help!

Thanks




OTL logfile created on: 7/18/2011 4:11:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\mhall1\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.71% Memory free
5.92 Gb Paging File | 4.27 Gb Available in Paging File | 72.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.11 Gb Total Space | 101.66 Gb Free Space | 73.61% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.15 Gb Free Space | 32.24% Space Free | Partition Type: NTFS

Computer Name: MHALL1-THINK | User Name: mhall1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 16:05:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mhall1\Desktop\OTL.exe
PRC - [2011/07/05 08:27:05 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/02 01:55:31 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\mhall1\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/01 14:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/03/01 14:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/03/01 14:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/02/10 18:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/12/03 04:44:42 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/21 18:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 18:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/07/18 16:05:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mhall1\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/23 17:10:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/01 14:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 14:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/10 18:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/21 18:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 18:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 14:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/08/05 00:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/06/01 06:18:04 | 000,066,048 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ax88772.sys -- (AX88772)
DRV - [2010/09/28 11:42:22 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/11/20 06:12:52 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009/09/15 15:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/08/23 14:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/07/22 01:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/02 13:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/06/29 16:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 16:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/22 23:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/04/28 22:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - Startup: C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mhall1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | --S- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3a63fa61-cb13-11df-bb94-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3a63fa61-cb13-11df-bb94-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | --S- | M] (Lenovo Group Limited)
O33 - MountPoints2\{6cc6e90d-7167-11e0-a3fa-0027136b656a}\Shell - "" = AutoRun
O33 - MountPoints2\{6cc6e90d-7167-11e0-a3fa-0027136b656a}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{6cc6e931-7167-11e0-a3fa-0027136b656a}\Shell - "" = AutoRun
O33 - MountPoints2\{6cc6e931-7167-11e0-a3fa-0027136b656a}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 16:05:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\mhall1\Desktop\OTL.exe
[2011/07/18 15:25:19 | 000,000,000 | ---D | C] -- C:\Users\mhall1\Desktop\ROUGEKILLEr
[2011/07/18 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\mhall1\Desktop\RK_Quarantine
[2011/07/14 19:17:01 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\Update
[2011/07/14 19:16:39 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\PCDr
[2011/07/14 19:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/07/14 19:11:37 | 000,000,000 | R--D | C] -- C:\Users\mhall1\Users
[2011/07/11 17:29:05 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\Malwarebytes
[2011/07/11 17:28:58 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/11 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/11 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/11 17:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/11 17:24:45 | 000,000,000 | R--D | C] -- C:\Users\mhall1\Dropbox
[2011/07/11 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/07/11 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\Dropbox
[2011/07/07 17:20:11 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 16:05:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\mhall1\Desktop\OTL.exe
[2011/07/18 15:49:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 14:23:22 | 000,012,959 | ---- | M] () -- C:\Users\mhall1\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2011/07/18 14:22:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/18 14:21:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/07/18 14:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/15 11:15:34 | 000,016,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 11:15:34 | 000,016,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 11:12:16 | 000,670,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/15 11:12:16 | 000,124,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/15 11:06:29 | 2384,470,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 19:15:57 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/07/14 03:18:00 | 000,456,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 16:17:14 | 000,001,297 | ---- | M] () -- C:\Users\mhall1\Documents\Matt Hall Calendar.ics
[2011/07/11 17:28:58 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 17:24:45 | 000,001,013 | ---- | M] () -- C:\Users\mhall1\Desktop\Dropbox.lnk
[2011/07/11 17:21:03 | 000,000,993 | ---- | M] () -- C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/07 17:20:13 | 000,000,232 | ---- | M] () -- C:\ProgramData\~26926840
[2011/07/07 17:20:13 | 000,000,176 | ---- | M] () -- C:\ProgramData\~26926840r
[2011/07/07 17:20:11 | 000,000,636 | ---- | M] () -- C:\Users\mhall1\Desktop\Windows 7 Fix.lnk
[2011/07/07 17:20:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\26926840
[2011/07/07 16:20:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ax88772_01009.Wdf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/29 14:45:49 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/27 18:07:20 | 001,023,585 | ---- | M] () -- C:\Users\mhall1\Desktop\Match.com revised 2.pdf
[2011/06/27 18:04:38 | 000,967,990 | ---- | M] () -- C:\Users\mhall1\Desktop\match revised.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 15:21:14 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/18 15:21:14 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/18 15:21:14 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/18 15:21:14 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/07/18 15:21:14 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/07/18 15:21:14 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/07/18 15:21:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/07/18 15:21:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/18 15:21:14 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
[2011/07/18 15:21:14 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2011/07/18 15:21:14 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/07/18 15:21:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/07/18 15:21:13 | 000,002,476 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
[2011/07/18 15:21:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/18 15:21:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/18 14:23:22 | 000,012,959 | ---- | C] () -- C:\Users\mhall1\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2011/07/14 19:15:57 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/07/14 19:15:57 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/07/12 16:07:09 | 000,001,297 | ---- | C] () -- C:\Users\mhall1\Documents\Matt Hall Calendar.ics
[2011/07/11 17:28:58 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 17:24:45 | 000,001,013 | ---- | C] () -- C:\Users\mhall1\Desktop\Dropbox.lnk
[2011/07/11 17:21:03 | 000,000,993 | ---- | C] () -- C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/07 17:20:13 | 000,000,176 | ---- | C] () -- C:\ProgramData\~26926840r
[2011/07/07 17:20:12 | 000,000,232 | ---- | C] () -- C:\ProgramData\~26926840
[2011/07/07 17:20:11 | 000,000,636 | ---- | C] () -- C:\Users\mhall1\Desktop\Windows 7 Fix.lnk
[2011/07/07 17:20:05 | 000,000,336 | ---- | C] () -- C:\ProgramData\26926840
[2011/07/07 16:20:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ax88772_01009.Wdf
[2011/06/27 18:07:20 | 001,023,585 | ---- | C] () -- C:\Users\mhall1\Desktop\Match.com revised 2.pdf
[2011/06/27 18:04:37 | 000,967,990 | ---- | C] () -- C:\Users\mhall1\Desktop\match revised.pdf
[2011/03/30 16:02:12 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/03/23 09:35:43 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/28 11:25:15 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/09/28 11:25:15 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/09/28 11:25:15 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/28 11:25:14 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,456,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,670,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,124,044 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/18 14:24:10 | 000,000,000 | ---D | M] -- C:\Users\mhall1\AppData\Roaming\Dropbox
[2011/07/14 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\mhall1\AppData\Roaming\PCDr
[2011/07/14 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\mhall1\AppData\Roaming\Update
[2011/06/10 10:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:53:46 | 000,009,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/18 14:21:19 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can kill them for you

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/07 17:20:11 | 000,000,000 | ---D | C] -- C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix
    [2011/07/07 17:20:13 | 000,000,232 | ---- | M] () -- C:\ProgramData\~26926840
    [2011/07/07 17:20:13 | 000,000,176 | ---- | M] () -- C:\ProgramData\~26926840r
    [2011/07/07 17:20:11 | 000,000,636 | ---- | M] () -- C:\Users\mhall1\Desktop\Windows 7 Fix.lnk
    [2011/07/07 17:20:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\26926840

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
eevoh

eevoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
All processes killed
========== OTL ==========[/size]C:\Users\mhall1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix folder moved successfully.
C:\ProgramData\~26926840 moved successfully.
C:\ProgramData\~26926840r moved successfully.
C:\Users\mhall1\Desktop\Windows 7 Fix.lnk moved successfully.
C:\ProgramData\26926840 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mhall1\Desktop\cmd.bat deleted successfully.
C:\Users\mhall1\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mhall1
->Temp folder emptied: 64749855 bytes
->Temporary Internet Files folder emptied: 606693184 bytes
->Java cache emptied: 27418 bytes
->Flash cache emptied: 67176 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 309760 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42493369 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 56614307 bytes

Total Files Cleaned = 735.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: mhall1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 07182011_164201

Files\Folders moved on Reboot...
File\Folder C:\Users\mhall1\AppData\Local\Temp\flaA0AF.tmp not found!
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HQBW0I\episode-167-infamous-2-and-hunted-the[1].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HQBW0I\fastbutton[2].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HQBW0I\like[2].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HQBW0I\xd_receiver[2].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87EOSOUC\304551-system-repair-rogue-application[1].txt moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87EOSOUC\aceUACping[1].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87EOSOUC\emily[3].html moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87EOSOUC\xd_receiver[1].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HK2B46T\emily[3].html moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HK2B46T\login_statusCAHPUJSG.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HK2B46T\search[2].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HK2B46T\xd_receiver[4].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\dk[3].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCAFGQ2GE.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCAKFPXOF.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCAOLSR3U.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCAQLQ9BZ.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCARTK886.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCAUUB7C9.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\fw-nonplayer-bannerCAWXPM8I.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\login_statusCA9QWYEM.htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\login_status[11].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\login_status[8].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\news-of-the-world-special[1].htm moved successfully.
C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GN0ZL7H\signin[1].htm moved successfully.
File move failed. C:\Users\mhall1\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...









[size="4"]aswMBR
version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 16:55:14
-----------------------------
16:55:14.150 OS Version: Windows 6.1.7600
16:55:14.151 Number of processors: 2 586 0x170A
16:55:14.153 ComputerName: MHALL1-THINK UserName: mhall1
16:55:42.973 Initialize success
17:10:33.715 AVAST engine defs: 11071800
17:13:58.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:13:58.329 Disk 0 Vendor: WDC_WD16 14.0 Size: 152627MB BusType: 3
17:13:58.369 Disk 0 MBR read successfully
17:13:58.369 Disk 0 MBR scan
17:13:58.419 Disk 0 unknown MBR code
17:13:58.429 Disk 0 scanning sectors +312578048
17:13:58.519 Disk 0 scanning C:\Windows\system32\drivers
17:14:30.201 Service scanning
17:14:31.251 Disk 0 trace - called modules:
17:14:31.301 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86cf5f16]<<
17:14:31.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cd8460]
17:14:31.321 3 CLASSPNP.SYS[8b6e059e] -> nt!IofCallDriver -> [0x8629f838]
17:14:31.331 5 ACPI.sys[832ae3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86275028]
17:14:31.351 \Driver\iaStor[0x862838f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86cf5f16
17:14:32.681 AVAST engine scan C:\Windows
17:14:34.951 AVAST engine scan C:\Windows\system32
17:16:48.373 AVAST engine scan C:\Windows\system32\drivers
17:17:02.091 AVAST engine scan C:\Users\mhall1
17:20:01.312 AVAST engine scan C:\ProgramData
17:20:35.375 Scan finished successfully
17:23:56.619 Disk 0 MBR has been saved successfully to "C:\Users\mhall1\Desktop\MBR.dat"
17:23:56.629 The log file has been saved successfully to "C:\Users\mhall1\Desktop\aswMBR1.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will need to check out your MBR now

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
eevoh

eevoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 7439BR4
Logical Drives Mask: 0x00010004

Kernel Drivers (total 195):
0x82A13000 \SystemRoot\system32\ntkrnlpa.exe
0x82E23000 \SystemRoot\system32\halmacpi.dll
0x80BBB000 \SystemRoot\system32\kdcom.dll
0x83027000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8309F000 \SystemRoot\system32\PSHED.dll
0x830B0000 \SystemRoot\system32\BOOTVID.dll
0x830B8000 \SystemRoot\system32\CLFS.SYS
0x830FA000 \SystemRoot\system32\CI.dll
0x83226000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83297000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x832A5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x832ED000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x832F6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x832FE000 \SystemRoot\system32\DRIVERS\pci.sys
0x83328000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83333000 \SystemRoot\System32\drivers\partmgr.sys
0x83344000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8334C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83357000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83367000 \SystemRoot\System32\drivers\volmgrx.sys
0x833B2000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x833E0000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B013000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B0ED000 \SystemRoot\system32\drivers\amdxata.sys
0x8B0F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B12A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B13B000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B224000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B353000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B37E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B391000 \SystemRoot\System32\Drivers\cng.sys
0x8B3EE000 \SystemRoot\System32\drivers\pcw.sys
0x8B200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B145000 \SystemRoot\system32\drivers\ndis.sys
0x831A5000 \SystemRoot\system32\drivers\NETIO.SYS
0x83200000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B423000 \SystemRoot\System32\drivers\tcpip.sys
0x8B56C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B59D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B5A6000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B5E5000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8B5EE000 \SystemRoot\System32\Drivers\spldr.sys
0x8B634000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B661000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8B681000 \SystemRoot\System32\Drivers\mup.sys
0x8B691000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B699000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B6CB000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B6DC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B61F000 \SystemRoot\System32\Drivers\Null.SYS
0x8B626000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B400000 \SystemRoot\System32\drivers\vga.sys
0x83000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B40C000 \SystemRoot\System32\drivers\watchdog.sys
0x8B419000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B5F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B209000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B211000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B000000 \SystemRoot\System32\Drivers\Npfs.SYS
0x831E3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9043D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90448000 \SystemRoot\system32\drivers\afd.sys
0x904A2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x904D4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x904DB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x904FA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x9050B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90519000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9052C000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x90533000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90543000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90584000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9058E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90598000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x9059A000 \SystemRoot\System32\drivers\discache.sys
0x90C11000 \SystemRoot\system32\drivers\csc.sys
0x90C75000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C8D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90C9B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90CBC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91626000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91C48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91CFF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91D38000 \SystemRoot\system32\DRIVERS\HECI.sys
0x91D42000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x91D7B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91D86000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91DD1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91DE0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92413000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x929F2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90CCE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x92400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90CFA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9240D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91618000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90D31000 \SystemRoot\system32\drivers\tpm.sys
0x9240F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90D3D000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x90D42000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90D4B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90D58000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90D6A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90D82000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90D8D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90DAF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90DC7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90DDE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90DF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90C00000 \SystemRoot\system32\DRIVERS\psadd.sys
0x90C07000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x929FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x905A6000 \SystemRoot\system32\DRIVERS\ks.sys
0x90400000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x905DA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93627000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9366B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9367C000 \SystemRoot\system32\drivers\CHDRT32.sys
0x936F1000 \SystemRoot\system32\drivers\portcls.sys
0x93720000 \SystemRoot\system32\drivers\drmk.sys
0x93739000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x95C2A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x95D2C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x95DE1000 \SystemRoot\system32\drivers\modem.sys
0x822F0000 \SystemRoot\System32\win32k.sys
0x95DEE000 \SystemRoot\System32\drivers\Dxapi.sys
0x95C00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B701000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95C0D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95C1E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82550000 \SystemRoot\System32\TSDDD.dll
0x82580000 \SystemRoot\System32\cdd.dll
0x825A0000 \SystemRoot\System32\ATMFD.DLL
0x93776000 \SystemRoot\system32\drivers\luafv.sys
0x93791000 \SystemRoot\system32\drivers\WudfPf.sys
0x937AB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96831000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96877000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96887000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9689A000 \SystemRoot\system32\drivers\HTTP.sys
0x9691F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96938000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9694A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9696D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x969A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x969DB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9B611000 \SystemRoot\system32\drivers\peauth.sys
0x9B6A8000 \SystemRoot\system32\drivers\regi.sys
0x9B6AA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B6B4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B6D5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B6E2000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0x9B6EA000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B739000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B600000 \??\C:\Users\mhall1\AppData\Local\Temp\aswMBR.sys
0x76E20000 \Windows\System32\ntdll.dll
0x475E0000 \Windows\System32\smss.exe
0x77060000 \Windows\System32\apisetschema.dll
0x00C50000 \Windows\System32\autochk.exe
0x77030000 \Windows\System32\sechost.dll
0x76C80000 \Windows\System32\setupapi.dll
0x76F60000 \Windows\System32\user32.dll
0x76C20000 \Windows\System32\difxapi.dll
0x76B80000 \Windows\System32\advapi32.dll
0x76B00000 \Windows\System32\comdlg32.dll
0x76A30000 \Windows\System32\msctf.dll
0x76980000 \Windows\System32\msvcrt.dll
0x768E0000 \Windows\System32\usp10.dll
0x767A0000 \Windows\System32\urlmon.dll
0x75B50000 \Windows\System32\shell32.dll
0x75B40000 \Windows\System32\lpk.dll
0x75AE0000 \Windows\System32\shlwapi.dll
0x75A00000 \Windows\System32\kernel32.dll
0x759C0000 \Windows\System32\ws2_32.dll
0x75860000 \Windows\System32\ole32.dll
0x75810000 \Windows\System32\Wldap32.dll
0x75780000 \Windows\System32\oleaut32.dll
0x75730000 \Windows\System32\gdi32.dll
0x75680000 \Windows\System32\rpcrt4.dll
0x75670000 \Windows\System32\psapi.dll
0x755E0000 \Windows\System32\clbcatq.dll
0x755B0000 \Windows\System32\imagehlp.dll
0x755A0000 \Windows\System32\nsi.dll
0x754A0000 \Windows\System32\wininet.dll
0x752A0000 \Windows\System32\iertutil.dll
0x75290000 \Windows\System32\normaliz.dll
0x75270000 \Windows\System32\imm32.dll
0x75150000 \Windows\System32\crypt32.dll
0x750C0000 \Windows\System32\comctl32.dll
0x75090000 \Windows\System32\cfgmgr32.dll
0x75040000 \Windows\System32\KernelBase.dll
0x75010000 \Windows\System32\wintrust.dll
0x74FF0000 \Windows\System32\devobj.dll
0x74FE0000 \Windows\System32\msasn1.dll

Processes (total 79):
0 System Idle Process
4 System
344 C:\Windows\System32\smss.exe
456 csrss.exe
508 C:\Windows\System32\wininit.exe
520 csrss.exe
556 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\ibmpmsvc.exe
864 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\audiodg.exe
1184 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\wlanext.exe
1496 C:\Windows\System32\conhost.exe
1568 C:\Windows\System32\spoolsv.exe
1608 C:\Windows\System32\svchost.exe
1692 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1732 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
1760 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1808 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1844 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1924 C:\Windows\System32\svchost.exe
1964 C:\Windows\System32\svchost.exe
1988 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2028 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
468 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
588 C:\Program Files\Lenovo\Access Connections\AcSvc.exe
2112 unsecapp.exe
2220 WmiPrvSE.exe
2676 C:\Windows\System32\taskhost.exe
2756 C:\Windows\System32\dwm.exe
2800 C:\Windows\explorer.exe
3120 C:\Windows\System32\svchost.exe
3496 C:\Program Files\Windows Live\Toolbar\wltuser.exe
3564 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3576 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3832 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3920 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
2616 C:\Windows\System32\SearchIndexer.exe
4016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3040 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
1000 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
1220 C:\Windows\System32\TpShocks.exe
3976 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
4036 C:\Windows\System32\hkcmd.exe
4028 C:\Windows\System32\igfxpers.exe
2520 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2452 C:\Windows\System32\rundll32.exe
3460 C:\Windows\System32\igfxsrvc.exe
564 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2600 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3100 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2888 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2992 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2948 C:\Program Files\Digital Line Detect\DLG.exe
2656 C:\Users\mhall1\AppData\Roaming\Dropbox\bin\Dropbox.exe
5344 C:\Windows\System32\svchost.exe
5416 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
5488 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
5548 C:\Program Files\Lenovo\System Update\SUService.exe
5612 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
5676 C:\Windows\System32\svchost.exe
6020 C:\Program Files\Internet Explorer\iexplore.exe
6104 C:\Program Files\Internet Explorer\iexplore.exe
4552 C:\Windows\System32\wuauclt.exe
5048 C:\Users\mhall1\Desktop\aswMBR.exe
3712 C:\Windows\System32\SearchProtocolHost.exe
4960 C:\Windows\System32\SearchFilterHost.exe
5520 dllhost.exe
4464 dllhost.exe
1264 C:\Users\mhall1\Desktop\MBRCheck.exe
5804 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the MBR is bad as suspected

Do you have the windows CD ?

If not could you create a recovery disc as shown on this page

  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here

When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit


Reboot to normal windows and run MBRcheck again please
  • 0

#7
eevoh

eevoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 7439BR4
Logical Drives Mask: 0x00010014

Kernel Drivers (total 196):
0x82A04000 \SystemRoot\system32\ntkrnlpa.exe
0x82E14000 \SystemRoot\system32\halmacpi.dll
0x80BBA000 \SystemRoot\system32\kdcom.dll
0x8AC36000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8ACAE000 \SystemRoot\system32\PSHED.dll
0x8ACBF000 \SystemRoot\system32\BOOTVID.dll
0x8ACC7000 \SystemRoot\system32\CLFS.SYS
0x8AD09000 \SystemRoot\system32\CI.dll
0x8AE03000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AE74000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AE82000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AECA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AED3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AEDB000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AF05000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AF10000 \SystemRoot\System32\drivers\partmgr.sys
0x8AF21000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AF29000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AF34000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AF44000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AF8F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8AFBD000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B002000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B0DC000 \SystemRoot\system32\drivers\amdxata.sys
0x8B0E5000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B119000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B12A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B22C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B35B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B386000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B399000 \SystemRoot\System32\Drivers\cng.sys
0x8B200000 \SystemRoot\System32\drivers\pcw.sys
0x8B20E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B134000 \SystemRoot\system32\drivers\ndis.sys
0x8ADB4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AFD3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B40D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B556000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B587000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B590000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B5CF000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8B5D8000 \SystemRoot\System32\Drivers\spldr.sys
0x8AC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B5E0000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8B217000 \SystemRoot\System32\Drivers\mup.sys
0x8B400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B605000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B637000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B648000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B765000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B784000 \SystemRoot\System32\Drivers\Null.SYS
0x8B78B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B792000 \SystemRoot\System32\drivers\vga.sys
0x8B79E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B7BF000 \SystemRoot\System32\drivers\watchdog.sys
0x8B7CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B7DC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B7E4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B7EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90203000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9021A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90225000 \SystemRoot\system32\drivers\afd.sys
0x9027F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x902B1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x902B8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x902D7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x902E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x902F6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90309000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x90310000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90320000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90361000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9036B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90375000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x90377000 \SystemRoot\System32\drivers\discache.sys
0x90383000 \SystemRoot\system32\drivers\csc.sys
0x903E7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B1EB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90801000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90822000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92400000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x92A22000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92AD9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92B12000 \SystemRoot\system32\DRIVERS\HECI.sys
0x92B1C000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x92B55000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92B60000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92BAB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92BBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x96A0F000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x96FEE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90834000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x92BD9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x96A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90860000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x96A0D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92BF1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90897000 \SystemRoot\system32\drivers\tpm.sys
0x96FF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x908A3000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x908A8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x908B1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x908BE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x908D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x908E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x908F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90915000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9092D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90944000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9095B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90965000 \SystemRoot\system32\DRIVERS\psadd.sys
0x9096C000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x96FFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90974000 \SystemRoot\system32\DRIVERS\ks.sys
0x909A8000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x909E3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93604000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93648000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93659000 \SystemRoot\system32\drivers\CHDRT32.sys
0x936CE000 \SystemRoot\system32\drivers\portcls.sys
0x936FD000 \SystemRoot\system32\drivers\drmk.sys
0x93716000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x81E33000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x81F35000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x81FEA000 \SystemRoot\system32\drivers\modem.sys
0x82030000 \SystemRoot\System32\win32k.sys
0x81E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x81E0A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82290000 \SystemRoot\System32\TSDDD.dll
0x822C0000 \SystemRoot\System32\cdd.dll
0x822E0000 \SystemRoot\System32\ATMFD.DLL
0x93753000 \SystemRoot\system32\DRIVERS\udfs.sys
0x81E15000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B66D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81E22000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93793000 \SystemRoot\system32\drivers\luafv.sys
0x937AE000 \SystemRoot\system32\drivers\WudfPf.sys
0x937C8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95A1A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95A60000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95A70000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95A83000 \SystemRoot\system32\drivers\HTTP.sys
0x95B08000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95B21000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95B33000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95B56000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95B91000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x95BC4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE414000 \SystemRoot\system32\drivers\peauth.sys
0xAE4AB000 \SystemRoot\system32\drivers\regi.sys
0xAE4AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE4B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAE4D8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE4E5000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xAE4ED000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE53C000 \SystemRoot\System32\DRIVERS\srv.sys
0x77560000 \Windows\System32\ntdll.dll
0x47C00000 \Windows\System32\smss.exe
0x777A0000 \Windows\System32\apisetschema.dll
0x00A60000 \Windows\System32\autochk.exe
0x776B0000 \Windows\System32\kernel32.dll
0x77490000 \Windows\System32\msctf.dll
0x77410000 \Windows\System32\comdlg32.dll
0x77360000 \Windows\System32\rpcrt4.dll
0x77340000 \Windows\System32\sechost.dll
0x77290000 \Windows\System32\msvcrt.dll
0x776A0000 \Windows\System32\normaliz.dll
0x771C0000 \Windows\System32\user32.dll
0x771B0000 \Windows\System32\lpk.dll
0x77070000 \Windows\System32\urlmon.dll
0x77060000 \Windows\System32\psapi.dll
0x76F00000 \Windows\System32\ole32.dll
0x76EB0000 \Windows\System32\gdi32.dll
0x76E50000 \Windows\System32\difxapi.dll
0x76200000 \Windows\System32\shell32.dll
0x761B0000 \Windows\System32\Wldap32.dll
0x761A0000 \Windows\System32\nsi.dll
0x76110000 \Windows\System32\clbcatq.dll
0x76080000 \Windows\System32\oleaut32.dll
0x76060000 \Windows\System32\imm32.dll
0x76030000 \Windows\System32\imagehlp.dll
0x75FF0000 \Windows\System32\ws2_32.dll
0x75E50000 \Windows\System32\setupapi.dll
0x75C50000 \Windows\System32\iertutil.dll
0x75B50000 \Windows\System32\wininet.dll
0x75AB0000 \Windows\System32\usp10.dll
0x75A10000 \Windows\System32\advapi32.dll
0x759B0000 \Windows\System32\shlwapi.dll
0x75990000 \Windows\System32\devobj.dll
0x75870000 \Windows\System32\crypt32.dll
0x75820000 \Windows\System32\KernelBase.dll
0x757F0000 \Windows\System32\wintrust.dll
0x757C0000 \Windows\System32\cfgmgr32.dll
0x75730000 \Windows\System32\comctl32.dll
0x75720000 \Windows\System32\msasn1.dll

Processes (total 70):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
432 csrss.exe
488 C:\Windows\System32\wininit.exe
500 csrss.exe
536 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\ibmpmsvc.exe
836 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\audiodg.exe
1164 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\wlanext.exe
1400 C:\Windows\System32\conhost.exe
1480 C:\Windows\System32\spoolsv.exe
1512 C:\Windows\System32\svchost.exe
1596 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1648 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
1696 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1740 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1772 C:\Windows\System32\taskhost.exe
1868 C:\Windows\System32\dwm.exe
1880 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1992 C:\Windows\System32\taskeng.exe
404 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\svchost.exe
732 PrintIsolationHost.exe
852 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1240 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
1752 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2092 C:\Program Files\Lenovo\Access Connections\AcSvc.exe
2544 unsecapp.exe
2552 C:\Windows\System32\svchost.exe
2624 C:\Windows\System32\rundll32.exe
2660 WmiPrvSE.exe
2736 C:\Windows\explorer.exe
2984 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3004 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
3016 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
3048 C:\Windows\System32\TpShocks.exe
3084 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
3092 C:\Windows\System32\hkcmd.exe
3156 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
3180 C:\Windows\System32\igfxsrvc.exe
3208 C:\Windows\System32\igfxpers.exe
3228 C:\Windows\System32\rundll32.exe
3236 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
3276 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3288 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3324 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3416 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3440 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3460 C:\Program Files\Digital Line Detect\DLG.exe
3528 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
3612 WmiPrvSE.exe
3892 C:\Windows\System32\SearchIndexer.exe
4004 C:\Users\mhall1\AppData\Roaming\Dropbox\bin\Dropbox.exe
4080 C:\Windows\System32\SearchProtocolHost.exe
2068 C:\Windows\System32\SearchFilterHost.exe
3356 dllhost.exe
3920 dllhost.exe
3792 C:\Users\mhall1\Desktop\MBRCheck.exe
3044 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks good - could you now let me know what the current problems are :)
  • 0

#9
eevoh

eevoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The only issue that I'm still noticing is that the sounds are weird. For example, the login sound is distorted and so are other windows sounds.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have the redirects gone though ?

Could you update Malwarebytes please, run it and post the resultant log
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP