Kenny94 Posted November 12, 2011 ID:494052 Share Posted November 12, 2011 Okay. I need to run, but I'll have a fix for you on Sunday.... Link to post Share on other sites More sharing options...
DianeD Posted November 13, 2011 Author ID:494222 Share Posted November 13, 2011 Good Morning.. Awaiting your next post. Thanks,Diane. Link to post Share on other sites More sharing options...
Kenny94 Posted November 13, 2011 ID:494274 Share Posted November 13, 2011 We need to fix this manually Diane.Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. To access the System Recovery Environment in Windows 7, simply boot your PC,just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":Type the following into the "Command Prompt Window": and press Enterbootrec.exe /fixmbrNote:If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enterbootrec.exe /fixboot Link to post Share on other sites More sharing options...
DianeD Posted November 13, 2011 Author ID:494281 Share Posted November 13, 2011 Hi Kenny,Following the instructions provided, there is no operating system listed in the 'System Recovery Options' dialog box.. Thanks,Diane. Link to post Share on other sites More sharing options...
Kenny94 Posted November 13, 2011 ID:494290 Share Posted November 13, 2011 Windows 7 is not listed there, or it is blank go ahead and Click on Next anyway. Then move on to the next step. Link to post Share on other sites More sharing options...
DianeD Posted November 13, 2011 Author ID:494322 Share Posted November 13, 2011 Hi Kenny,Performed the tasks as directed.. Command completed successfully and rebooted normally. Redirects are still occurring. Link to post Share on other sites More sharing options...
Kenny94 Posted November 13, 2011 ID:494326 Share Posted November 13, 2011 This Dell PC is giving us a hard time. Well, there is more than one way to skin a cat, as we say.Please download the latest version of Hitman Pro from one of the following locations:For 32-Bit Operating SystemsAfter the download completes please double click the program to run it.Accept the terms of the license agreement and click NextLet the scan run. It will not take longWhen the scan finishes, and all the files have been uploaded to the Scan Cloud, click NextClick Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient locationUpload log.xml here for review please Link to post Share on other sites More sharing options...
DianeD Posted November 13, 2011 Author ID:494330 Share Posted November 13, 2011 I'm running 64-bit. I assume its OK to download the 64bit version and run as instructed. Link to post Share on other sites More sharing options...
DianeD Posted November 13, 2011 Author ID:494332 Share Posted November 13, 2011 The scan log from HitmanPro 64bit follows:- <Log computer="DAVIS-PC" scan="Normal" version="3.5.9.131" date="2011-11-13T15:47:17" timeSpentInSecs="247" filesProcessed="66173">- <Item type="Malware" malwareName="Bootkit" score="0.0" status="None">- <Scanners> <Scanner id="Other" name="Win32/Bootkit" /> </Scanners> <File path="C:$MBR" hash="62E529B8A900B2FCF10C11579BC5461370D484DDC1DE0628E01833194B67FACD" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\07DOXW5Y.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\07QF7GTO.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\0CK04PNE.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\0DHCKD0R.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\0QDJCONQ.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\2NJKCZ21.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\2SSK7VAV.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\3DT71QSG.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\41GH404S.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\43CF2NU8.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\4RCS0BVG.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\6KNFWVME.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\7019XAC7.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\89TNQXEN.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\8RFTKBHZ.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\974FYSJR.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\A0EGD2KM.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\A9STY7TA.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\DL92MRCF.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\EMVW3O9G.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\EZ2HUERS.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\F4ETFBJU.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\G9PF99CD.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\GIANZG1C.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\GWM1TFA8.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\HURLG0QA.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\HWV72A6T.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\IH2J3AS4.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\JB7H5NRQ.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\JT4RS325.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\KIRLJCVV.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\KL3S4K02.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\LAM9A8NU.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\LVC3S4B7.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\M1X0V5MW.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\M2R8VS74.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\OLM7AOUC.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\PVLICY5Y.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\PZ2J6IC4.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\QGP1E0XD.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\QHRT6NR2.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\R7LK1CCH.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\RPPDM4WS.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\S2XLMASW.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\S3RVIYNE.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\SA80OLGX.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\SL5NI4YD.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\T2JU193L.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\T2SSE7FU.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\TTH2873M.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\U3YBO3OW.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\UPSPB1YE.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\V1KQW14F.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\VFPUA7PC.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\W1J6KWOM.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\W3Y6LRR5.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\X10S2W0V.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\X5OUYO2K.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\XIT2QCIY.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\XYE4GJYH.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\YBYSX79M.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\YQVD83KQ.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\Z9Y6LHVV.txt" /> </Item>- <Item type="Repair" score="0.0" status="Deleted"> <File path="C:\Users\DAVIS\AppData\Roaming\Microsoft\Windows\Cookies\ZFE1MIFF.txt" /> </Item>- <Item type="Malware" malwareName="Malware" score="108.0" status="Deleted">- <Scanners> <Scanner id="DrWeb" name="Infected" /> </Scanners> <File path="C:\Users\DAVIS\Desktop\SoftonicDownloader_for_kaspersky-tdsskiller.exe" hash="943270A42353E407AF1B2AAE1F6D0A22CA3ECAD26A9897FE7772C49D4321C921" /> </Item>- <Item type="Suspicious" score="27.0" status="None"> <File path="C:\Windows\system32\4E6.tmp" hash="7A55FB58425F2E59B5D400E85E1B271B84295548B8EDA865F7B8C804CB94563C" /> - <Startup> <Key path="HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2\" /> </Startup> </Item>- <Item type="Suspicious" score="44.0" status="None"> <File path="C:\Windows\system32\winsflt.dll" hash="E4ECE14DC89931F8407B65EB50A9FD95F49FC2BC19B2FEAC0A88AE273E62715D" /> </Item>- <Item type="Suspicious" score="42.0" status="None"> <File path="C:\Windows\SysWOW64\winsflt.dll" hash="775074B29B0298590F348CE7E4CCC9723C66440097CC4B5ACC7A1859F29564EA" /> </Item> </Log> Link to post Share on other sites More sharing options...
Kenny94 Posted November 13, 2011 ID:494367 Share Posted November 13, 2011 Yes that's fine. I left out the HitmanPro 64bit link off by mistake. Okay, Drag ComboFix icon into the Recycle Bin. We need to run it again. Download ComboFix from below and run it as you did the first time.Combofix download* IMPORTANT !!! Place combofix.exe on your Desktop Link to post Share on other sites More sharing options...
DianeD Posted November 14, 2011 Author ID:494393 Share Posted November 14, 2011 Hi Kenny,The combofix log follows:=========================================================ComboFix 11-11-13.03 - DAVIS 11/13/2011 19:01:01.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2269 [GMT -5:00]Running from: c:\users\DAVIS\Desktop\ComboFix.exeAV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))..2011-11-14 01:03 . 2011-11-14 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-13 23:51 . 2011-11-13 23:51 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS2011-11-13 20:52 . 2011-11-13 20:52 12872 ----a-w- c:\windows\system32\bootdelete.exe2011-11-13 20:47 . 2011-11-13 20:47 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2011-11-13 20:40 . 2011-11-13 20:52 -------- d-----w- c:\programdata\Hitman Pro2011-11-09 16:31 . 2011-11-09 16:31 -------- d-----w- c:\program files (x86)\ESET2011-11-09 15:06 . 2011-11-09 15:06 -------- d-----w- c:\programdata\Applications2011-11-09 03:32 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-09 03:32 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-09 03:32 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-09 03:32 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys2011-11-09 03:32 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll2011-11-09 03:32 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll2011-11-05 14:11 . 2011-11-05 14:11 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys2011-11-02 02:42 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\4E6.tmp2011-11-02 02:42 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\8D46.tmp2011-11-01 00:59 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\B940.tmp2011-10-31 23:53 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\96D5.tmp2011-10-31 23:53 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\F8A3.tmp2011-10-31 02:18 . 2011-05-12 18:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys2011-10-31 00:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\2B57.tmp2011-10-31 00:41 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C6D9.tmp2011-10-31 00:41 . 2011-10-31 00:41 -------- d-----w- c:\program files (x86)\Sophos2011-10-30 20:53 . 2011-10-30 20:53 -------- d-----w- c:\users\DAVIS\AppData\Roaming\Malwarebytes2011-10-30 20:52 . 2011-10-30 20:52 -------- d-----w- c:\programdata\Malwarebytes2011-10-30 20:52 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-30 20:52 . 2011-10-30 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-10-30 19:03 . 2011-10-30 19:02 99024 ----a-w- c:\windows\system32\drivers\KmxFilter.sys2011-10-30 19:03 . 2011-10-30 19:02 143824 ----a-w- c:\windows\system32\drivers\KmxFw.sys2011-10-30 19:03 . 2011-10-30 19:02 202320 ----a-w- c:\windows\system32\drivers\KmxCF.sys2011-10-30 18:41 . 2011-07-02 05:30 1422672 ----a-w- c:\windows\SysWow64\cfgmig32.dll2011-10-30 18:41 . 2011-07-02 05:30 1422672 ----a-w- c:\windows\system32\cfgmig32.dll2011-10-30 18:41 . 2011-07-02 05:30 263504 ----a-w- c:\windows\SysWow64\cfgmig32.exe2011-10-30 18:41 . 2011-05-30 08:12 257872 ----a-w- c:\windows\system32\isafprod64.dll2011-10-30 18:41 . 2011-05-30 08:12 206160 ----a-w- c:\windows\SysWow64\Isafprod.dll2011-10-30 18:41 . 2011-05-30 08:12 95568 ----a-w- c:\windows\SysWow64\Vetredir.dll2011-10-30 18:41 . 2011-05-30 08:12 103760 ----a-w- c:\windows\system32\Vetredir64.dll2011-10-30 18:41 . 2011-05-30 08:12 141136 ----a-w- c:\windows\system32\Isafeif64.dll2011-10-30 18:41 . 2011-05-30 08:12 128336 ----a-w- c:\windows\SysWow64\Isafeif.dll2011-10-30 18:41 . 2011-10-30 18:41 -------- d-----w- c:\program files (x86)\CA2011-10-30 18:40 . 2011-06-29 18:20 3207184 ----a-w- c:\windows\system32\mdmcls32.exe2011-10-30 18:40 . 2011-10-30 18:40 2524176 ----a-w- c:\windows\system32\winsflt.dll2011-10-30 18:40 . 2011-10-30 18:40 1744912 ----a-w- c:\windows\SysWow64\winsflt.dll2011-10-30 18:40 . 2011-06-29 18:27 2760720 ----a-w- c:\windows\SysWow64\svcprs32.exe2011-10-30 18:40 . 2011-06-29 18:22 4108304 ----a-w- c:\windows\SysWow64\win32cpr.dll2011-10-30 18:40 . 2011-06-29 18:23 289296 ----a-w- c:\windows\system32\winsfinst.exe2011-10-30 18:40 . 2011-06-29 18:23 98320 ----a-w- c:\windows\SysWow64\winsfinst.exe2011-10-30 18:40 . 2011-06-29 18:20 3207184 ----a-w- c:\windows\SysWow64\mdmcls32.exe2011-10-30 18:40 . 2011-06-29 17:53 2990096 ----a-w- c:\windows\SysWow64\winsflte.dll2011-10-30 18:40 . 2011-10-30 18:40 -------- d-----w- c:\windows\rnapxs2011-10-30 18:40 . 2002-01-01 18:02 7440 ----a-w- c:\windows\SysWow64\sporder.dll2011-10-30 18:40 . 2011-10-30 18:40 -------- d-----w- c:\program files\ISSThirdParty2011-10-30 18:39 . 2011-10-30 18:41 -------- d-----w- c:\program files\CA2011-10-30 18:38 . 2011-10-30 19:47 -------- d-----w- c:\programdata\CA2011-10-30 18:31 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8AB455D-00D4-40F0-82EB-FAA9310E9FC8}\mpengine.dll2011-10-30 17:44 . 2011-10-30 17:44 -------- d-----we c:\windows\system642011-10-22 23:07 . 2011-10-30 18:25 -------- d-----w- c:\users\DAVIS\AppData\Local\HandBrake2011-10-22 23:07 . 2011-10-23 01:13 -------- d-----w- c:\users\DAVIS\AppData\Roaming\HandBrake2011-10-22 23:07 . 2011-10-30 18:25 -------- d-----w- c:\program files (x86)\Handbrake2011-10-21 11:48 . 2011-10-21 11:48 -------- d-----w- c:\windows\Sun2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll2011-10-17 22:33 . 2011-10-30 18:25 -------- d-----w- c:\program files (x86)\QuickTime2011-10-16 23:55 . 2011-10-16 23:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL2011-10-16 19:55 . 2011-10-16 19:55 -------- d-----w- c:\users\DAVIS\AppData\Local\PhotoChannel2011-10-16 18:28 . 2011-10-16 18:28 -------- d-----w- c:\users\DAVIS\AppData\Local\LEGO Software2011-10-16 18:14 . 2011-10-16 18:14 -------- d-----w- c:\users\DAVIS\AppData\Local\Chromium2011-10-16 18:13 . 2011-10-30 18:12 -------- d-----w- c:\program files (x86)\LEGO Software2011-10-16 16:25 . 2011-10-16 16:27 -------- d-----w- c:\programdata\xml_param2011-10-16 15:59 . 2010-11-19 22:04 892928 ----a-w- c:\windows\SysWow64\iconv.dll2011-10-16 15:59 . 2010-11-19 22:04 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax2011-10-16 15:59 . 2010-11-19 22:04 496640 ----a-w- c:\windows\SysWow64\xvid.ax2011-10-16 15:59 . 2011-10-16 16:35 -------- d-----w- c:\program files (x86)\Aimersoft2011-10-16 15:58 . 2011-10-30 18:26 -------- d-----w- c:\users\DAVIS\AppData\Roaming\GetRightToGo2011-10-15 15:46 . 2011-10-30 18:25 -------- d-----w- c:\program files (x86)\Apple Software Update...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-01 03:21 . 2011-10-12 22:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-10-01 02:59 . 2011-10-12 22:08 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2011-08-27 05:40 . 2011-10-12 22:07 861184 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 05:40 . 2011-10-12 22:07 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 04:43 . 2011-10-12 22:07 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:43 . 2011-10-12 22:07 233472 ----a-w- c:\windows\SysWow64\oleacc.dll2011-08-20 05:45 . 2011-10-12 22:08 1197568 ----a-w- c:\windows\system32\wininet.dll2011-08-20 05:41 . 2011-10-12 22:08 57856 ----a-w- c:\windows\system32\licmgr10.dll2011-08-20 04:38 . 2011-10-12 22:08 981504 ----a-w- c:\windows\SysWow64\wininet.dll2011-08-20 04:35 . 2011-10-12 22:08 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll2011-08-20 04:20 . 2011-10-12 22:08 482816 ----a-w- c:\windows\system32\html.iec2011-08-20 03:26 . 2011-10-12 22:08 386048 ----a-w- c:\windows\SysWow64\html.iec2011-08-17 05:32 . 2011-10-12 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll2011-08-17 05:27 . 2011-10-12 22:07 75776 ----a-w- c:\windows\system32\MSDvbNP.ax2011-08-17 05:27 . 2011-10-12 22:07 288256 ----a-w- c:\windows\system32\MSNP.ax2011-08-17 05:27 . 2011-10-12 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax2011-08-17 05:27 . 2011-10-12 22:07 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-08-17 04:26 . 2011-10-12 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll2011-08-17 04:22 . 2011-10-12 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax2011-08-17 04:22 . 2011-10-12 22:07 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax2011-08-17 04:22 . 2011-10-12 22:07 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax2011-08-17 04:22 . 2011-10-12 22:07 204288 ----a-w- c:\windows\SysWow64\MSNP.ax..((((((((((((((((((((((((((((( SnapShot@2011-11-09_03.14.12 ))))))))))))))))))))))))))))))))))))))))).+ 2011-06-11 06:58 . 2011-06-11 06:58 51024 c:\windows\SysWOW64\vcomp100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 51024 c:\windows\SysWOW64\vcomp100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 81744 c:\windows\SysWOW64\mfcm100u.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100u.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 81744 c:\windows\SysWOW64\mfcm100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 60752 c:\windows\SysWOW64\mfc100rus.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 60752 c:\windows\SysWOW64\mfc100rus.dll- 2011-02-20 03:03 . 2011-02-20 03:03 43344 c:\windows\SysWOW64\mfc100kor.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 43344 c:\windows\SysWOW64\mfc100kor.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 43856 c:\windows\SysWOW64\mfc100jpn.dll- 2011-02-20 03:03 . 2011-02-20 03:03 43856 c:\windows\SysWOW64\mfc100jpn.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 62288 c:\windows\SysWOW64\mfc100ita.dll- 2011-02-20 03:03 . 2011-02-20 03:03 62288 c:\windows\SysWOW64\mfc100ita.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100fra.dll- 2011-02-20 03:03 . 2011-02-20 03:03 64336 c:\windows\SysWOW64\mfc100fra.dll- 2011-02-20 03:03 . 2011-02-20 03:03 63824 c:\windows\SysWOW64\mfc100esn.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 63824 c:\windows\SysWOW64\mfc100esn.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 55120 c:\windows\SysWOW64\mfc100enu.dll- 2011-02-20 03:03 . 2011-02-20 03:03 55120 c:\windows\SysWOW64\mfc100enu.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100deu.dll- 2011-02-20 03:03 . 2011-02-20 03:03 64336 c:\windows\SysWOW64\mfc100deu.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100cht.dll- 2011-02-20 03:03 . 2011-02-20 03:03 36176 c:\windows\SysWOW64\mfc100cht.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100chs.dll- 2011-02-20 03:03 . 2011-02-20 03:03 36176 c:\windows\SysWOW64\mfc100chs.dll- 2009-07-14 04:54 . 2011-11-08 01:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2011-11-13 15:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2011-11-13 15:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-11-08 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-13 15:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2011-11-08 01:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-05-11 22:32 . 2011-11-13 15:11 49306 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2011-11-13 15:11 29520 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-05-21 01:16 . 2011-11-13 15:11 16414 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1758657375-272815811-3335950887-1001_UserData.bin+ 2011-11-13 23:51 . 2011-11-13 23:51 16712 c:\windows\system64\drivers\PROCEXP113.SYS+ 2011-11-13 20:47 . 2011-11-13 20:47 25160 c:\windows\system64\drivers\hitmanpro35.sys- 2010-05-20 20:44 . 2011-11-08 22:40 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-05-20 20:44 . 2011-11-13 08:00 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-05-20 20:44 . 2011-11-08 22:40 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-05-20 20:44 . 2011-11-13 08:00 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-11-08 22:40 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-13 08:00 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-11-13 20:52 . 2011-11-13 20:52 12872 c:\windows\system64\bootdelete.exe+ 2010-05-11 22:32 . 2011-11-13 15:11 49306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2011-11-13 15:11 29520 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-05-21 01:16 . 2011-11-13 15:11 16414 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1758657375-272815811-3335950887-1001_UserData.bin+ 2010-05-20 20:44 . 2011-11-13 08:00 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-05-20 20:44 . 2011-11-08 22:40 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-05-20 20:44 . 2011-11-13 08:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-05-20 20:44 . 2011-11-08 22:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-13 08:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2011-11-08 22:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-05-21 01:17 . 2011-11-08 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-05-21 01:17 . 2011-11-13 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:46 . 2011-11-13 20:43 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat- 2011-10-30 17:48 . 2011-11-08 01:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat+ 2011-10-30 17:48 . 2011-11-13 15:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat+ 2011-10-30 17:48 . 2011-11-13 15:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat- 2011-10-30 17:48 . 2011-11-08 01:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat+ 2011-10-30 17:48 . 2011-11-13 15:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat- 2011-10-30 17:48 . 2011-11-08 01:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat+ 2010-05-21 01:17 . 2011-11-13 15:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-05-21 01:17 . 2011-11-08 01:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-05-21 01:17 . 2011-11-08 00:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-05-21 01:17 . 2011-11-13 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-05-20 21:55 . 2011-11-14 00:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-05-20 21:55 . 2011-10-30 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-05-20 21:55 . 2011-11-14 00:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-05-20 21:55 . 2011-10-30 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-05-22 12:34 . 2011-11-09 13:35 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe- 2011-05-22 12:34 . 2011-09-16 07:03 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe- 2011-05-22 12:34 . 2011-09-16 07:03 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe- 2011-05-22 12:34 . 2011-09-16 07:03 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe- 2011-11-04 20:12 . 2011-11-08 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-13 15:09 . 2011-11-13 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-13 15:09 . 2011-11-13 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-11-04 20:12 . 2011-11-08 00:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-02-19 04:40 . 2011-02-19 04:40 773968 c:\windows\SysWOW64\msvcr100.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 773968 c:\windows\SysWOW64\msvcr100.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\SysWOW64\msvcp100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 421200 c:\windows\SysWOW64\msvcp100.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 138056 c:\windows\SysWOW64\atl100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 138056 c:\windows\SysWOW64\atl100.dll+ 2010-05-25 21:03 . 2011-11-13 17:21 451348 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin+ 2009-07-14 02:36 . 2011-11-13 20:14 623940 c:\windows\system64\perfh009.dat- 2009-07-14 02:36 . 2011-11-08 01:03 623940 c:\windows\system64\perfh009.dat- 2009-07-14 02:36 . 2011-11-08 01:03 106316 c:\windows\system64\perfc009.dat+ 2009-07-14 02:36 . 2011-11-13 20:14 106316 c:\windows\system64\perfc009.dat+ 2009-07-14 04:45 . 2011-11-09 15:28 377928 c:\windows\system64\FNTCACHE.DAT- 2009-07-14 04:45 . 2011-10-13 07:23 377928 c:\windows\system64\FNTCACHE.DAT+ 2010-05-25 21:03 . 2011-11-13 17:21 451348 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin- 2009-07-14 02:36 . 2011-11-08 01:03 623940 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-13 20:14 623940 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2011-11-08 01:03 106316 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2011-11-13 20:14 106316 c:\windows\system32\perfc009.dat+ 2009-07-14 04:45 . 2011-11-09 15:28 377928 c:\windows\system32\FNTCACHE.DAT- 2009-07-14 04:45 . 2011-10-13 07:23 377928 c:\windows\system32\FNTCACHE.DAT+ 2009-07-14 05:01 . 2011-11-13 16:07 350980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2011-10-30 17:55 350980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\506e4.msp+ 2011-10-27 03:51 . 2011-10-27 03:51 592896 c:\windows\Installer\506dc.msp- 2011-05-22 12:31 . 2011-05-22 12:31 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe+ 2011-11-09 13:35 . 2011-11-09 13:35 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe- 2011-05-22 12:34 . 2011-09-16 07:03 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe- 2011-05-22 12:34 . 2011-09-16 07:03 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe- 2011-05-22 12:34 . 2011-09-16 07:03 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe- 2011-05-22 12:34 . 2011-09-16 07:03 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe+ 2010-02-28 08:41 . 2010-02-28 08:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL+ 2010-02-28 08:41 . 2010-02-28 08:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL+ 2010-03-30 00:26 . 2010-03-30 00:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEM.EXE+ 2010-02-28 08:41 . 2010-02-28 08:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL+ 2010-02-28 08:41 . 2010-02-28 08:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL+ 2010-03-01 09:19 . 2010-03-01 09:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL+ 2010-03-16 06:58 . 2010-03-16 06:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOUC.EXE+ 2010-03-16 06:58 . 2010-03-16 06:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOSYNC.EXE+ 2010-02-28 08:41 . 2010-02-28 08:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE+ 2011-06-11 06:58 . 2011-06-11 06:58 4422992 c:\windows\SysWOW64\mfc100u.dll- 2011-02-20 03:03 . 2011-02-20 03:03 4422992 c:\windows\SysWOW64\mfc100u.dll+ 2011-06-11 06:58 . 2011-06-11 06:58 4397384 c:\windows\SysWOW64\mfc100.dll- 2011-02-20 03:03 . 2011-02-20 03:03 4397384 c:\windows\SysWOW64\mfc100.dll+ 2011-11-09 03:32 . 2011-09-29 04:09 3141120 c:\windows\system64\win32k.sys+ 2011-11-09 03:32 . 2011-09-29 16:24 1897328 c:\windows\system64\drivers\tcpip.sys+ 2009-07-14 04:45 . 2011-11-13 17:28 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat- 2009-07-14 04:45 . 2011-10-30 19:12 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat+ 2011-04-16 05:14 . 2011-04-16 05:14 3186176 c:\windows\Installer\6a95a81.msi+ 2011-06-29 02:27 . 2011-06-29 02:27 4028928 c:\windows\Installer\50746.msp+ 2011-10-22 20:21 . 2011-10-22 20:21 3463168 c:\windows\Installer\5072e.msp+ 2011-10-27 03:45 . 2011-10-27 03:45 9177600 c:\windows\Installer\50711.msp+ 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\506f9.msp- 2011-05-22 12:34 . 2011-09-16 07:03 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe- 2011-05-22 12:34 . 2011-09-16 07:03 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe- 2011-05-22 12:34 . 2011-09-16 07:03 4520288 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 4520288 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe- 2011-05-22 12:34 . 2011-09-16 07:03 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe+ 2011-05-22 12:34 . 2011-11-09 13:35 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe- 2011-05-22 12:34 . 2011-09-16 07:03 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe+ 2010-03-30 12:29 . 2010-03-30 12:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTE.EXE- 2009-07-14 02:34 . 2011-11-09 01:41 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat+ 2009-07-14 02:34 . 2011-11-13 20:26 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat+ 2010-09-07 02:06 . 2011-11-09 08:01 52174280 c:\windows\system64\MRT.exe- 2009-07-14 02:34 . 2011-11-09 01:41 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat+ 2009-07-14 02:34 . 2011-11-13 20:26 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat+ 2010-09-07 02:06 . 2011-11-09 08:01 52174280 c:\windows\system32\MRT.exe+ 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\6a95aa1.msp+ 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\6a95a9f.msp+ 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\6a95a7b.msp+ 2011-10-22 20:21 . 2011-10-22 20:21 21515264 c:\windows\Installer\6a95a66.msp+ 2011-11-09 15:06 . 2011-11-09 15:06 15815168 c:\windows\Installer\5b92a2.msi+ 2010-03-23 00:36 . 2010-03-23 00:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSORES.DLL.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]"Upromise Update"="c:\program files (x86)\Upromise\dca-ua.exe" [2011-08-04 267584]"Upromise Tray"="c:\program files (x86)\Upromise\UpromiseTray.exe" [2011-09-02 279896].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"GrpConv"="grpconv -o" [X]"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184].c:\users\DAVIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]2011-02-24 18:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 136176]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 136176]R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4E6.tmp [x]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x]S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x]S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x]S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x]S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-10-30 291656]S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-07-02 286032]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x]S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 14:23].2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 14:23].2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1758657375-272815811-3335950887-1001Core.job- c:\users\DAVIS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 15:23].2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1758657375-272815811-3335950887-1001UA.job- c:\users\DAVIS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 15:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 2307448]"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-07-02 2658128].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-01-22 18240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\VetRedir.dllTCP: DhcpNameServer = 209.18.47.61 209.18.47.62.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\4E6.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-11-13 20:24:15ComboFix-quarantined-files.txt 2011-11-14 01:24ComboFix2.txt 2011-11-09 03:35.Pre-Run: 213,212,065,792 bytes freePost-Run: 212,840,779,776 bytes free.- - End Of File - - 6BC0734625D798DC5AE167F02ED0E2FB Link to post Share on other sites More sharing options...
Kenny94 Posted November 14, 2011 ID:494568 Share Posted November 14, 2011 Hi Diane,I'm going to ask others to see what else we can try to remove/repair this rootkit. So, it might take a few days. Do you have a Windows 7 installation disc. In case we need to use it? Link to post Share on other sites More sharing options...
DianeD Posted November 14, 2011 Author ID:494587 Share Posted November 14, 2011 Hi Kenny,I don't have an installation disc. I believe that I can get something online from Dell if needed, but will have to check that out.Is there any harm in using the PC in the meantime?Thanks,Diane. Link to post Share on other sites More sharing options...
Kenny94 Posted November 15, 2011 ID:494758 Share Posted November 15, 2011 You can use this PC, but I wouldn't use it for any financial transactions on the PC. Until we clean this PC. To be on the safe side. Link to post Share on other sites More sharing options...
Kenny94 Posted November 15, 2011 ID:494910 Share Posted November 15, 2011 Hi Diane,We are going to use a older tool to see if it finds this MBR rootkit. To get a ideal if this is one of the newer infections. Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1Link 2Link 3Double-click on MBRCheck.exe to run it.It will open a black window...please do not fix anything (if it gives you an option).When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.Please copy and paste the contents of that log in your next reply. Link to post Share on other sites More sharing options...
DianeD Posted November 16, 2011 Author ID:495050 Share Posted November 16, 2011 Hi Kenny.The MBRCheck log follows:===========================================================================MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows 7 Home Premium EditionWindows Information: (build 7600), 64-bitBase Board Manufacturer: Dell Inc.BIOS Manufacturer: Dell Inc.System Manufacturer: Dell Inc.System Product Name: Inspiron 580Logical Drives Mask: 0x020001ecKernel Drivers (total 194): 0x0324B000 \SystemRoot\system32\ntoskrnl.exe 0x03202000 \SystemRoot\system32\hal.dll 0x00BA8000 \SystemRoot\system32\kdcom.dll 0x00C22000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C66000 \SystemRoot\system32\PSHED.dll 0x00C7A000 \SystemRoot\system32\CLFS.SYS 0x00CD8000 \SystemRoot\system32\CI.dll 0x00E77000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F1B000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F2A000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F81000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F8A000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F94000 \SystemRoot\system32\DRIVERS\pci.sys 0x00FC7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00FD4000 \SystemRoot\System32\drivers\partmgr.sys 0x00FE9000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00D98000 \SystemRoot\System32\drivers\mountmgr.sys 0x00DB2000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00DBB000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00DE5000 \SystemRoot\system32\drivers\amdxata.sys 0x010DE000 \SystemRoot\system32\drivers\fltmgr.sys 0x0112A000 \SystemRoot\system32\drivers\fileinfo.sys 0x0113E000 \SystemRoot\system32\DRIVERS\KmxAMRT.sys 0x0117D000 \SystemRoot\System32\DRIVERS\kmxfw.sys 0x0119F000 \SystemRoot\System32\DRIVERS\msrpc.sys 0x01000000 \SystemRoot\System32\DRIVERS\NETIO.SYS 0x01202000 \SystemRoot\System32\DRIVERS\NDIS.SYS 0x012F4000 \SystemRoot\System32\DRIVERS\TDI.SYS 0x01301000 \SystemRoot\System32\DRIVERS\fwpkclnt.sys 0x0134B000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x01451000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01357000 \SystemRoot\System32\Drivers\cng.sys 0x0141A000 \SystemRoot\System32\drivers\pcw.sys 0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x013CA000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x01060000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01435000 \SystemRoot\System32\Drivers\spldr.sys 0x0188E000 \SystemRoot\System32\drivers\rdyboost.sys 0x018C8000 \SystemRoot\System32\Drivers\mup.sys 0x018DA000 \SystemRoot\System32\drivers\hwpolicy.sys 0x018E3000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0191D000 \SystemRoot\system32\DRIVERS\disk.sys 0x01933000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01999000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x019C3000 \SystemRoot\System32\DRIVERS\KmxFile.sys 0x019DD000 \SystemRoot\System32\DRIVERS\kmxagent.sys 0x01800000 \SystemRoot\System32\DRIVERS\kmxcfg.sys 0x0185D000 \SystemRoot\System32\Drivers\Null.SYS 0x01866000 \SystemRoot\System32\Drivers\Beep.SYS 0x0186D000 \SystemRoot\System32\drivers\vga.sys 0x010AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x0187B000 \SystemRoot\System32\drivers\watchdog.sys 0x0143D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01446000 \SystemRoot\system32\drivers\rdpencdd.sys 0x015F3000 \SystemRoot\system32\drivers\rdprefmp.sys 0x013F5000 \SystemRoot\System32\Drivers\Msfs.SYS 0x00C00000 \SystemRoot\System32\Drivers\Npfs.SYS 0x02CD0000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02CEE000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D33000 \SystemRoot\system32\drivers\afd.sys 0x02DBC000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02DC5000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02C00000 \SystemRoot\system32\DRIVERS\KmxFilter.sys 0x02C17000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02C26000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02C41000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C55000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02CA6000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02CB2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02CBD000 \SystemRoot\System32\drivers\discache.sys 0x03E20000 \SystemRoot\System32\Drivers\dfsc.sys 0x03E3E000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03E4F000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03E75000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x048EF000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x03E8B000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0530E000 \SystemRoot\System32\drivers\dxgmms1.sys 0x05354000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x05365000 \SystemRoot\system32\drivers\usbehci.sys 0x05376000 \SystemRoot\system32\drivers\USBPORT.SYS 0x053CC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04800000 \SystemRoot\system32\DRIVERS\k57nd60a.sys 0x04851000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0485E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x0486E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04884000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x048A8000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x048B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03F7F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x03F9A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03FBB000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x053F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03FD5000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x048E3000 \SystemRoot\system32\DRIVERS\swenum.sys 0x040FA000 \SystemRoot\system32\DRIVERS\ks.sys 0x0413D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0414F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x041A9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04414000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x041BE000 \SystemRoot\system32\drivers\portcls.sys 0x04000000 \SystemRoot\system32\drivers\drmk.sys 0x04400000 \SystemRoot\system32\drivers\ksthunk.sys 0x04022000 \SystemRoot\system32\drivers\HdAudio.sys 0x0407E000 \SystemRoot\system32\drivers\USBSTOR.SYS 0x04406000 \SystemRoot\system32\drivers\USBD.SYS 0x04099000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x040B6000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x04408000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x040C8000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x040D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x03FE4000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x03FF2000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x03E00000 \SystemRoot\system32\DRIVERS\point64.sys 0x03E10000 \SystemRoot\System32\Drivers\crashdmp.sys 0x02DEB000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x040EF000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x01963000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00000000 \SystemRoot\System32\win32k.sys 0x01976000 \SystemRoot\System32\drivers\Dxapi.sys 0x01982000 \SystemRoot\System32\Drivers\nx6000.sys 0x02032000 \SystemRoot\System32\Drivers\usbvideo.sys 0x02060000 \SystemRoot\system32\drivers\usbaudio.sys 0x0207B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00570000 \SystemRoot\System32\TSDDD.dll 0x00600000 \SystemRoot\System32\cdd.dll 0x00910000 \SystemRoot\System32\ATMFD.DLL 0x02089000 \SystemRoot\system32\drivers\luafv.sys 0x020AC000 \SystemRoot\System32\DRIVERS\KmxSbx.sys 0x020C5000 \SystemRoot\system32\drivers\WudfPf.sys 0x020E6000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x020FB000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02113000 \SystemRoot\system32\drivers\HTTP.sys 0x021DB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x02000000 \SystemRoot\System32\drivers\mpsdrv.sys 0x038CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x038FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03948000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0396B000 \SystemRoot\System32\DRIVERS\KmxCF.sys 0x03800000 \SystemRoot\system32\drivers\peauth.sys 0x038A6000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0399B000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x039C8000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07A44000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07AAB000 \SystemRoot\System32\DRIVERS\srv.sys 0x07B40000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x07B71000 \SystemRoot\system32\DRIVERS\serscan.sys 0x07B79000 \SystemRoot\System32\Drivers\fastfat.SYS 0x07BAF000 \??\C:\Windows\system32\drivers\mbam.sys 0x07BB9000 \SystemRoot\system32\DRIVERS\WSDPrint.sys 0x77000000 \Windows\System32\ntdll.dll 0x480C0000 \Windows\System32\smss.exe 0xFF320000 \Windows\System32\apisetschema.dll 0xFF2D0000 \Windows\System32\autochk.exe 0xFF270000 \Windows\System32\clbcatq.dll 0xFF010000 \Windows\System32\iertutil.dll 0xFEF90000 \Windows\System32\shlwapi.dll 0x771D0000 \Windows\System32\normaliz.dll 0xFED80000 \Windows\System32\ole32.dll 0xFED30000 \Windows\System32\Wldap32.dll 0xFEC50000 \Windows\System32\advapi32.dll 0xFEAD0000 \Windows\System32\urlmon.dll 0xFE8F0000 \Windows\System32\setupapi.dll 0xFE850000 \Windows\System32\msvcrt.dll 0xFE720000 \Windows\System32\wininet.dll 0xFE5F0000 \Windows\System32\rpcrt4.dll 0x771C0000 \Windows\System32\psapi.dll 0x76F00000 \Windows\System32\user32.dll 0xFE570000 \Windows\System32\difxapi.dll 0xFE4D0000 \Windows\System32\comdlg32.dll 0xFE480000 \Windows\System32\ws2_32.dll 0xFE410000 \Windows\System32\gdi32.dll 0xFD680000 \Windows\System32\shell32.dll 0xFD660000 \Windows\System32\imagehlp.dll 0xFD630000 \Windows\System32\imm32.dll 0xFD550000 \Windows\System32\oleaut32.dll 0xFD540000 \Windows\System32\lpk.dll 0xFD430000 \Windows\System32\msctf.dll 0x76DE0000 \Windows\System32\kernel32.dll 0xFD410000 \Windows\System32\sechost.dll 0xFD400000 \Windows\System32\nsi.dll 0xFD330000 \Windows\System32\usp10.dll 0xFD2C0000 \Windows\System32\KernelBase.dll 0xFD2A0000 \Windows\System32\devobj.dll 0xFD200000 \Windows\System32\comctl32.dll 0xFD1C0000 \Windows\System32\cfgmgr32.dll 0xFD050000 \Windows\System32\crypt32.dll 0xFD010000 \Windows\System32\wintrust.dll 0xFD000000 \Windows\System32\msasn1.dll 0x754C0000 \Windows\SysWOW64\normaliz.dllProcesses (total 79): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 436 csrss.exe 504 C:\Windows\System32\wininit.exe 528 csrss.exe 560 C:\Windows\System32\services.exe 600 C:\Windows\System32\lsass.exe 612 C:\Windows\System32\winlogon.exe 620 C:\Windows\System32\lsm.exe 736 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 900 C:\Windows\System32\svchost.exe 944 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 452 C:\Windows\System32\audiodg.exe 688 C:\Windows\System32\svchost.exe 444 C:\Program Files\Dell\DellDock\DockLogin.exe 1048 C:\Windows\System32\svchost.exe 1204 C:\Windows\System32\spoolsv.exe 1232 C:\Windows\System32\svchost.exe 1364 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1400 C:\Windows\System32\taskhost.exe 1440 C:\Windows\System32\dwm.exe 1516 C:\Windows\explorer.exe 1584 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1704 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1740 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe 1784 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe 1896 C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe 1924 C:\Windows\System32\svchost.exe 1952 C:\Windows\SysWOW64\svchost.exe 1484 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 1376 C:\Program Files\Microsoft LifeCam\MSCamS64.exe 2028 C:\Windows\System32\svchost.exe 2096 C:\Windows\System32\svchost.exe 2116 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2224 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe 2272 C:\Windows\System32\svchost.exe 2452 C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe 2628 C:\Windows\SysWOW64\cfgmig32.exe 2768 C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe 2080 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 1276 C:\Windows\System32\igfxtray.exe 2408 C:\Windows\System32\hkcmd.exe 1864 C:\Windows\System32\igfxpers.exe 3084 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 3144 C:\Program Files\Microsoft IntelliType Pro\itype.exe 3180 C:\Program Files\CA\CA Internet Security Suite\casc.exe 3272 C:\Program Files\Windows Sidebar\sidebar.exe 3412 C:\Program Files (x86)\Upromise\dca-ua.exe 3420 C:\Program Files (x86)\Upromise\UpromiseTray.exe 3592 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe 3608 C:\Program Files\Dell\DellDock\DellDock.exe 3644 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE 3816 C:\Windows\System32\svchost.exe 3260 C:\Windows\System32\svchost.exe 896 WUDFHost.exe 4304 C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe 4652 C:\Windows\System32\SearchIndexer.exe 4768 C:\Program Files\Windows Media Player\wmpnetwk.exe 4176 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe 4744 C:\Windows\System32\svchost.exe 4236 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe 1160 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe 5376 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe 2992 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 4792 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 4500 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 6128 C:\Windows\System32\svchost.exe 5988 C:\Windows\System32\wuauclt.exe 3012 C:\Program Files\iPod\bin\iPodService.exe 6296 C:\Program Files\Windows Media Player\wmprph.exe 3840 C:\Windows\System32\taskmgr.exe 6896 C:\Windows\System32\SearchProtocolHost.exe 6820 C:\Windows\System32\SearchFilterHost.exe 5484 C:\Users\DAVIS\Desktop\MBRCheck.exe 7184 C:\Windows\System32\conhost.exe 7636 C:\Windows\System32\dllhost.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)PhysicalDrive0 Model Number: ST3320418AS, Rev: CC45 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79Found non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Link to post Share on other sites More sharing options...
Kenny94 Posted November 16, 2011 ID:495196 Share Posted November 16, 2011 Hi Diane,This fix below will take some time, but should fix your Dell PC..... Download OTLPEStd.exe to your desktop.Ensure that you have a blank CD in the driveDouble click OTLPEStd.exe and this will then open imgburn to burn the file to CDReboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps Click Here As the CD needs to detect your hardware and load the operating system, this will take some time to run.Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy Double-click on the MBRFix icon.A command prompt will be presented. Type the following commands and press Enter after each line:C:cd C:\MbrFix /drive 0 fixmbrExitReboot your system.When you are back into normal mode do the following again:Double click on MBRCheck.exe that you previously downloadedIf no infection is found, it will produce a report on the desktop. Post that report in your next reply.If an infection is found, you will be presented with the following dialog:Enter 'Y' and hit ENTER for more options, or 'N' to exit:Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply. Link to post Share on other sites More sharing options...
DianeD Posted November 16, 2011 Author ID:495375 Share Posted November 16, 2011 Hi Kenny,I followed the latest instructions, however when performing the MBRFix command after switching to the C:\ drive I needed to provide the full path back to the command, X:\MBRFix\Programs\MbrFix....... (more or less). The command completed without error. I rebooted and reran MBRCheck. The log follows:=================================================================MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows 7 Home Premium EditionWindows Information: (build 7600), 64-bitBase Board Manufacturer: Dell Inc.BIOS Manufacturer: Dell Inc.System Manufacturer: Dell Inc.System Product Name: Inspiron 580Logical Drives Mask: 0x020001ecKernel Drivers (total 192): 0x03256000 \SystemRoot\system32\ntoskrnl.exe 0x0320D000 \SystemRoot\system32\hal.dll 0x00BBA000 \SystemRoot\system32\kdcom.dll 0x00CA7000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CEB000 \SystemRoot\system32\PSHED.dll 0x00CFF000 \SystemRoot\system32\CLFS.SYS 0x00E30000 \SystemRoot\system32\CI.dll 0x00EF0000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F94000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00FA3000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00D5D000 \SystemRoot\system32\DRIVERS\pci.sys 0x00E13000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00D90000 \SystemRoot\System32\drivers\partmgr.sys 0x00DA5000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E20000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys 0x00E27000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00DBA000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00DE4000 \SystemRoot\system32\drivers\amdxata.sys 0x01037000 \SystemRoot\system32\drivers\fltmgr.sys 0x01083000 \SystemRoot\system32\drivers\fileinfo.sys 0x01097000 \SystemRoot\system32\DRIVERS\KmxAMRT.sys 0x010D6000 \SystemRoot\System32\DRIVERS\kmxfw.sys 0x010F8000 \SystemRoot\System32\DRIVERS\msrpc.sys 0x01156000 \SystemRoot\System32\DRIVERS\NETIO.SYS 0x0125F000 \SystemRoot\System32\DRIVERS\NDIS.SYS 0x01351000 \SystemRoot\System32\DRIVERS\TDI.SYS 0x0135E000 \SystemRoot\System32\DRIVERS\fwpkclnt.sys 0x013A8000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x0141B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x015BD000 \SystemRoot\System32\Drivers\ksecdd.sys 0x016DC000 \SystemRoot\System32\Drivers\cng.sys 0x0174F000 \SystemRoot\System32\drivers\pcw.sys 0x01760000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0176A000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01802000 \SystemRoot\System32\drivers\tcpip.sys 0x01795000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x017E1000 \SystemRoot\System32\Drivers\spldr.sys 0x01600000 \SystemRoot\System32\drivers\rdyboost.sys 0x0163A000 \SystemRoot\System32\Drivers\mup.sys 0x0164C000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01655000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0168F000 \SystemRoot\system32\DRIVERS\disk.sys 0x016A5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x013B4000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01400000 \SystemRoot\System32\DRIVERS\KmxFile.sys 0x013DE000 \SystemRoot\System32\DRIVERS\kmxagent.sys 0x01200000 \SystemRoot\System32\DRIVERS\kmxcfg.sys 0x015F6000 \SystemRoot\System32\Drivers\Null.SYS 0x016D5000 \SystemRoot\System32\Drivers\Beep.SYS 0x011B6000 \SystemRoot\System32\drivers\vga.sys 0x011C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x011E9000 \SystemRoot\System32\drivers\watchdog.sys 0x01000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01009000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01012000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0101B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01026000 \SystemRoot\System32\Drivers\Npfs.SYS 0x00C86000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02C5D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02CA2000 \SystemRoot\system32\drivers\afd.sys 0x02D2B000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D34000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D5A000 \SystemRoot\system32\DRIVERS\KmxFilter.sys 0x02D71000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D80000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D9B000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02DAF000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C00000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C0C000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02C17000 \SystemRoot\System32\drivers\discache.sys 0x02C26000 \SystemRoot\System32\Drivers\dfsc.sys 0x02C44000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03EC8000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03EEE000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x048E9000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x05308000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04846000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x04857000 \SystemRoot\system32\drivers\usbehci.sys 0x04868000 \SystemRoot\system32\drivers\USBPORT.SYS 0x048BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03F04000 \SystemRoot\system32\DRIVERS\k57nd60a.sys 0x03F55000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x03F62000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x03F72000 \SystemRoot\system32\DRIVERS\serscan.sys 0x048E2000 \SystemRoot\system32\drivers\ksthunk.sys 0x03F7A000 \SystemRoot\system32\drivers\ks.sys 0x03FBD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03FD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03E0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03E3B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x03E56000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03E77000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x03E91000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03EA0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x053FC000 \SystemRoot\system32\DRIVERS\swenum.sys 0x03EAF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04264000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x042BE000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04417000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x042D3000 \SystemRoot\system32\drivers\portcls.sys 0x04310000 \SystemRoot\system32\drivers\drmk.sys 0x04332000 \SystemRoot\system32\drivers\HdAudio.sys 0x0438E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x04400000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x000C0000 \SystemRoot\System32\win32k.sys 0x04402000 \SystemRoot\System32\drivers\Dxapi.sys 0x043A9000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x043C6000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x0440E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x043D8000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x043E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04200000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x0420E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0421B000 \SystemRoot\system32\DRIVERS\point64.sys 0x0422B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04239000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x04245000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x0424E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x017E9000 \SystemRoot\System32\Drivers\nx6000.sys 0x02073000 \SystemRoot\System32\Drivers\usbvideo.sys 0x020A1000 \SystemRoot\system32\drivers\usbaudio.sys 0x020BC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004C0000 \SystemRoot\System32\TSDDD.dll 0x00660000 \SystemRoot\System32\cdd.dll 0x00840000 \SystemRoot\System32\ATMFD.DLL 0x020CA000 \SystemRoot\system32\drivers\luafv.sys 0x020ED000 \SystemRoot\System32\DRIVERS\KmxSbx.sys 0x02106000 \SystemRoot\system32\drivers\WudfPf.sys 0x02127000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0213C000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02AB2000 \SystemRoot\system32\drivers\HTTP.sys 0x02B7A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x02B98000 \SystemRoot\System32\drivers\mpsdrv.sys 0x02BB0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x02A71000 \SystemRoot\System32\DRIVERS\KmxCF.sys 0x02154000 \SystemRoot\system32\drivers\peauth.sys 0x02AA1000 \SystemRoot\System32\Drivers\secdrv.SYS 0x02000000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x02BDD000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07EFD000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07F64000 \SystemRoot\System32\DRIVERS\srv.sys 0x07E00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x07E31000 \SystemRoot\System32\Drivers\fastfat.SYS 0x77C50000 \Windows\System32\ntdll.dll 0x47AA0000 \Windows\System32\smss.exe 0xFFF70000 \Windows\System32\apisetschema.dll 0xFF210000 \Windows\System32\autochk.exe 0x77E20000 \Windows\System32\psapi.dll 0xFFF10000 \Windows\System32\ws2_32.dll 0xFF180000 \Windows\System32\shell32.dll 0xFEF70000 \Windows\System32\ole32.dll 0xFEF50000 \Windows\System32\imagehlp.dll 0xFEF40000 \Windows\System32\lpk.dll 0xFEEC0000 \Windows\System32\shlwapi.dll 0x77E10000 \Windows\System32\normaliz.dll 0x77B50000 \Windows\System32\user32.dll 0xFEDE0000 \Windows\System32\advapi32.dll 0xFEDB0000 \Windows\System32\imm32.dll 0xFED10000 \Windows\System32\clbcatq.dll 0xFED00000 \Windows\System32\nsi.dll 0xFEC30000 \Windows\System32\usp10.dll 0xFEAB0000 \Windows\System32\urlmon.dll 0xFEA10000 \Windows\System32\comdlg32.dll 0xFE7B0000 \Windows\System32\iertutil.dll 0xFE760000 \Windows\System32\Wldap32.dll 0xFE580000 \Windows\System32\setupapi.dll 0xFE560000 \Windows\System32\sechost.dll 0xFE480000 \Windows\System32\oleaut32.dll 0xFE370000 \Windows\System32\msctf.dll 0xFE300000 \Windows\System32\gdi32.dll 0xFE280000 \Windows\System32\difxapi.dll 0xFE1E0000 \Windows\System32\msvcrt.dll 0xFE0B0000 \Windows\System32\wininet.dll 0x77A30000 \Windows\System32\kernel32.dll 0xFDF80000 \Windows\System32\rpcrt4.dll 0xFDF40000 \Windows\System32\cfgmgr32.dll 0xFDF00000 \Windows\System32\wintrust.dll 0xFDE90000 \Windows\System32\KernelBase.dll 0xFDE70000 \Windows\System32\devobj.dll 0xFDD00000 \Windows\System32\crypt32.dll 0xFDC60000 \Windows\System32\comctl32.dll 0xFDC50000 \Windows\System32\msasn1.dll 0x771E0000 \Windows\SysWOW64\normaliz.dllProcesses (total 80): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 436 csrss.exe 504 C:\Windows\System32\wininit.exe 528 csrss.exe 560 C:\Windows\System32\services.exe 604 C:\Windows\System32\winlogon.exe 612 C:\Windows\System32\lsass.exe 628 C:\Windows\System32\lsm.exe 740 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 880 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\svchost.exe 960 C:\Windows\System32\svchost.exe 472 C:\Windows\System32\audiodg.exe 700 C:\Windows\System32\svchost.exe 424 C:\Program Files\Dell\DellDock\DockLogin.exe 1068 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\spoolsv.exe 1260 C:\Windows\System32\svchost.exe 1400 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1420 C:\Windows\System32\taskhost.exe 1512 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1540 C:\Windows\System32\dwm.exe 1564 C:\Windows\explorer.exe 1616 C:\Windows\System32\taskeng.exe 1816 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1848 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe 1900 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe 1920 C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe 2028 C:\Windows\System32\svchost.exe 1028 C:\Windows\SysWOW64\svchost.exe 936 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 1464 C:\Program Files\Microsoft LifeCam\MSCamS64.exe 2072 C:\Windows\System32\svchost.exe 2116 C:\Windows\System32\svchost.exe 2172 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2268 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe 2336 C:\Windows\System32\svchost.exe 2472 C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe 2700 C:\Windows\SysWOW64\cfgmig32.exe 2800 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2872 C:\Windows\System32\igfxtray.exe 2884 C:\Windows\System32\hkcmd.exe 2972 C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe 2100 C:\Windows\System32\igfxpers.exe 2696 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 2284 C:\Program Files\Microsoft IntelliType Pro\itype.exe 308 C:\Program Files\CA\CA Internet Security Suite\casc.exe 312 C:\Program Files\Windows Sidebar\sidebar.exe 304 C:\Program Files (x86)\Upromise\dca-ua.exe 3208 C:\Program Files (x86)\Upromise\UpromiseTray.exe 3312 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe 3336 C:\Program Files\Dell\DellDock\DellDock.exe 3392 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE 3868 C:\Windows\System32\SearchIndexer.exe 3920 C:\Windows\System32\svchost.exe 4052 C:\Windows\System32\svchost.exe 4076 C:\Windows\System32\svchost.exe 2920 WmiPrvSE.exe 3236 C:\Windows\System32\SearchProtocolHost.exe 4072 C:\Windows\System32\SearchFilterHost.exe 4176 WUDFHost.exe 4296 C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe 4452 C:\Program Files\CA\CA Internet Security Suite\cawsc.exe 4528 C:\Program Files\CA\CA Internet Security Suite\cawsc.exe 4536 C:\Program Files\CA\CA Internet Security Suite\cawsc.exe 4800 C:\Windows\System32\svchost.exe 5096 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe 4600 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe 4160 C:\Program Files\Windows Media Player\wmpnetwk.exe 4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe 4916 WmiPrvSE.exe 5060 C:\Program Files (x86)\Internet Explorer\iexplore.exe 5728 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe 5952 C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe 5356 C:\Users\DAVIS\Desktop\MBRCheck.exe 3352 C:\Windows\System32\conhost.exe 5456 C:\Windows\System32\dllhost.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)PhysicalDrive0 Model Number: ST3320418AS, Rev: CC45 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644AFound non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Link to post Share on other sites More sharing options...
Kenny94 Posted November 17, 2011 ID:495524 Share Posted November 17, 2011 Sorry Diane, this did not work. Let me ask the other experts on your case there. Link to post Share on other sites More sharing options...
DianeD Posted November 17, 2011 Author ID:495530 Share Posted November 17, 2011 Ok.. Thanks Kenny. I requested a system disc from Dell just in case, though I'm hoping we won't have to reimage the machine.-Diane. Link to post Share on other sites More sharing options...
Kenny94 Posted November 18, 2011 ID:495901 Share Posted November 18, 2011 I requested a system disc from Dell just in case, though I'm hoping we won't have to reimage the machine.In this case. We will take a more aggressive approach Diane. Just be careful, if the wrong OS is used, it will render the computer unbootable.Fix using MBRCheck.exeRun MBRCheck.exe again by double-clicking on it.Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:Enter 'Y' and then press Enter.When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'Enter 0 and press the Enter key.The program will show Available MBR codes followed by a list of operating systems as shown below: Available MBR codes:[ 0] Default (Windows XP)[ 1] Windows XP[ 2] Windows Server 2003[ 3] Windows Vista[ 4] Windows 2008[ 5] Windows 7[-1] CancelPlease select the MBR code to write to this drive:Please select your version of Windows from the list and enter the corresponding number and then press Enter.When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.Left-click on the title bar (where program name and path is written).From the menu chose Edit -> Select All.Press the Enter key to copy selected text.Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.If your computer does not restart on its own, please restart it manually.Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition. Link to post Share on other sites More sharing options...
DianeD Posted November 19, 2011 Author ID:496039 Share Posted November 19, 2011 Hi Kenny,Performed instructions as written with no problems. Below is the info you requested:=======================================================================================MBRCheck, version 1.2.3© 2010, ADCommand-line:Windows Version: Windows 7 Home Premium EditionWindows Information: (build 7600), 64-bitBase Board Manufacturer: Dell Inc.BIOS Manufacturer: Dell Inc.System Manufacturer: Dell Inc.System Product Name: Inspiron 580Logical Drives Mask: 0x000001ec\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS) Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644AFound non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: YOptions: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: 2Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes: [ 0] Default (Windows 7) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] CancelPlease select the MBR code to write to this drive: 5Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YesSuccessfully wrote new MBR code!Please reboot your computer to complete the fix.Done!Press ENTER to exit... Link to post Share on other sites More sharing options...
DianeD Posted November 19, 2011 Author ID:496040 Share Posted November 19, 2011 Fyi... Reconnected to the network and the original redirect symptoms have changed.. I'm no longer redirected to random pages after a google search, rather I am redirected back to the google main page. There is an IE error indication in the bottom left corner of the window that states:Webpage error detailsUser Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)Timestamp: Sat, 19 Nov 2011 00:11:42 UTCMessage: 'google' is undefinedLine: 2Char: 1Code: 0URI: http://www.google.com/Also, still seeing the pesky iexplore.exe in the task manager window. Link to post Share on other sites More sharing options...
DianeD Posted November 19, 2011 Author ID:496198 Share Posted November 19, 2011 Hi Kenny,Just a quick observation, the browser error i am getting looked like it's JavaScript related, so I disabled active scripting in the IE settings and the redirect stopped. Not sure if that helps in anyway but I figured I'd pass it along. Link to post Share on other sites More sharing options...
Kenny94 Posted November 19, 2011 ID:496214 Share Posted November 19, 2011 Hi Diane,You're going see a few Internet Explorer version 8 and 9, In the Task manager window. Even when your using Firefox. You can read more on this at:http://ask-leo.com/why_are_there_two_iexploreexe_internet_explorer_processes_when_ive_run_it_just_once.htmlIn your case it's not malware looking at your logs. Rerun DDS so I can look at a fresh copy. Also, I like to check your security. So this will not happen again. Download Security Check by screen317 and save it to your Desktop.Double-click Security Check.exe to start the applicationFollow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so. Link to post Share on other sites More sharing options...
Recommended Posts