Petesnewjob

Help!! i cant find the intruder...

120 posts in this topic

after thinking about it, i decided to hit -1 enter. worked.

used your link to bleepingcomputers. cut/paste address to this thread then browsed, found and loaded the dump file. right away i knew something just woke up in my system... the page didnt load right away(major lag), then i got this....

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.Query failed : MySQL server has gone away

"""pic of a computer w all broken'''''

We apologize for the temporary outage. The administrators are performing maintenance on the site and will be finished soon.

Please try again shortly.

You can try refreshing the page in a couple of minutes by clicking here.

i will try again now. its been 15ish minutes

Share this post


Link to post
Share on other sites

ok, worked this time.

Malware Submission

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

(sorry for the multiple posts....)

Share this post


Link to post
Share on other sites

unfortunately i didnt get one when i purchased this comp from best buy.

should i order one?? ill do it now.

comp froze and acted up yesterday. i only turned it on now to check your response. many unusual things are happening. i have no idea if there is any relevance, but when i opened up my mini acer to check my email(for some stupid reason i think that one is safer...) i instantly had activity on my hp(interent quit but gadgets kept working, task manager didnt open again, had to manually reboot comp, didnt load right, restarted it again, blah blah blah) i could write a sci fi book on this stuff. maybe even have a reality show....lol!! CRAZY!!!

oh ya, this is the topper from yesterday... i reboot this computer(hp) while the above mentioned craziness was happening, and on one of the startups, my network meter gadget listed my ID as 12007?!?!?!? rebooted and back to normal name. i tryed to copy it somehow so i could post it, but was not able to...

i'm even getting weird junk email/spam to my blackberry(i havent opened any) through my email(never happened before)

i will patiently wait for your next call of action :)

Share this post


Link to post
Share on other sites

Please see if you can restart your computer, press F8 repeatedly until the Advanced Boot menu comes up. Do you have there an option to "repair windows"? If so, select that, press enter and see what options you have after that.

Share this post


Link to post
Share on other sites

run as admin, bedigandmary(me), or guest.

tryed admin: access disabled

then bedigandmary, 'system restore options' opened w 6 options

startup repair

system restore

windows complete pc restore

windows memory diagnostic tool

command prompt

recovery manager

shut down or restart on bottom right.

i hope its ok to leave like this.... i have to go.... i'llb e home in 2 hours. i'm so sorry!

i'll finish when i'm back. if you reply with 'dont leave the comp like that!' i'll have someone come over and turn it off.

thanks Elise!

Share this post


Link to post
Share on other sites

Command prompt is the one we need. :)

Once you are in there, type the following command and press enter.

bootrec /fixmbr

Once done type EXIT and press enter in order to reboot.

Once back in Windows, rerun MBRcheck and post me the new log.

Share this post


Link to post
Share on other sites

here you go.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Compal

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP Pavilion dv4 Notebook PC

Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`69700000 (NTFS)

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Press ENTER to exit...

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Compal

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP Pavilion dv4 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):

0x02613000 \SystemRoot\system32\ntoskrnl.exe

0x02B2A000 \SystemRoot\system32\hal.dll

0x0060E000 \SystemRoot\system32\kdcom.dll

0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00653000 \SystemRoot\system32\PSHED.dll

0x00667000 \SystemRoot\system32\CLFS.SYS

0x006C4000 \SystemRoot\system32\CI.dll

0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008F0000 \SystemRoot\system32\drivers\acpi.sys

0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS

0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys

0x00959000 \SystemRoot\system32\drivers\pci.sys

0x00989000 \SystemRoot\system32\drivers\isapnp.sys

0x00992000 \SystemRoot\system32\drivers\mpio.sys

0x009B4000 \SystemRoot\System32\drivers\partmgr.sys

0x009C9000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x009CD000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x009D9000 \SystemRoot\system32\drivers\volmgr.sys

0x00776000 \SystemRoot\System32\drivers\volmgrx.sys

0x009ED000 \SystemRoot\system32\drivers\intelide.sys

0x007DC000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x009F5000 \SystemRoot\system32\drivers\pciide.sys

0x00800000 \SystemRoot\system32\drivers\aliide.sys

0x007EC000 \SystemRoot\system32\drivers\amdide.sys

0x007F3000 \SystemRoot\system32\drivers\cmdide.sys

0x00A07000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A1A000 \SystemRoot\system32\drivers\msdsm.sys

0x00A38000 \SystemRoot\system32\drivers\nvraid.sys

0x00A5B000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x00A87000 \SystemRoot\system32\drivers\viaide.sys

0x00A8F000 \SystemRoot\system32\drivers\iastorv.sys

0x00B56000 \SystemRoot\system32\drivers\atapi.sys

0x00B5E000 \SystemRoot\system32\drivers\ataport.SYS

0x00B82000 \SystemRoot\system32\drivers\lsi_scsi.sys

0x00BA0000 \SystemRoot\system32\drivers\storport.sys

0x00C0A000 \SystemRoot\system32\drivers\nvstor.sys

0x00C1A000 \SystemRoot\system32\drivers\msahci.sys

0x00C24000 \SystemRoot\system32\drivers\hpcisss.sys

0x00C32000 \SystemRoot\system32\drivers\adp94xx.sys

0x00CAB000 \SystemRoot\system32\drivers\adpahci.sys

0x00D01000 \SystemRoot\system32\drivers\adpu160m.sys

0x00D22000 \SystemRoot\system32\drivers\SCSIPORT.SYS

0x00D50000 \SystemRoot\system32\drivers\adpu320.sys

0x00D7F000 \SystemRoot\system32\drivers\djsvs.sys

0x00D97000 \SystemRoot\system32\drivers\arc.sys

0x00DB0000 \SystemRoot\system32\drivers\arcsas.sys

0x00E05000 \SystemRoot\system32\drivers\elxstor.sys

0x00EA8000 \SystemRoot\system32\drivers\i2omp.sys

0x00EB3000 \SystemRoot\system32\drivers\iirsp.sys

0x00EC4000 \SystemRoot\system32\drivers\iteatapi.sys

0x00ED1000 \SystemRoot\system32\drivers\iteraid.sys

0x00EDE000 \SystemRoot\system32\drivers\lsi_fc.sys

0x00EFC000 \SystemRoot\system32\drivers\lsi_sas.sys

0x00F18000 \SystemRoot\system32\drivers\megasas.sys

0x00F24000 \SystemRoot\system32\drivers\megasr.sys

0x00FEB000 \SystemRoot\system32\drivers\mraid35x.sys

0x00DC9000 \SystemRoot\system32\drivers\nfrd960.sys

0x0100B000 \SystemRoot\system32\drivers\ql2300.sys

0x0115D000 \SystemRoot\system32\drivers\ql40xx.sys

0x011BB000 \SystemRoot\system32\drivers\sisraid2.sys

0x011C9000 \SystemRoot\system32\drivers\sisraid4.sys

0x011DF000 \SystemRoot\system32\drivers\symc8xx.sys

0x011ED000 \SystemRoot\system32\drivers\sym_hi.sys

0x00DD9000 \SystemRoot\system32\drivers\sym_u3.sys

0x01201000 \SystemRoot\system32\drivers\uliahci.sys

0x0124A000 \SystemRoot\system32\drivers\ulsata.sys

0x01279000 \SystemRoot\system32\drivers\ulsata2.sys

0x012BB000 \SystemRoot\system32\drivers\vsmraid.sys

0x012E2000 \SystemRoot\system32\drivers\fltmgr.sys

0x01329000 \SystemRoot\system32\drivers\fileinfo.sys

0x0133D000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0140D000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\msrpc.sys

0x01650000 \SystemRoot\system32\drivers\NETIO.SYS

0x01807000 \SystemRoot\System32\drivers\tcpip.sys

0x0197D000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01A01000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01B81000 \SystemRoot\system32\drivers\wd.sys

0x01B89000 \SystemRoot\system32\drivers\volsnap.sys

0x01BCD000 \SystemRoot\System32\Drivers\spldr.sys

0x01BD5000 \SystemRoot\system32\drivers\sbp2port.sys

0x01BEE000 \SystemRoot\System32\Drivers\mup.sys

0x019A9000 \SystemRoot\System32\drivers\ecache.sys

0x019D5000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

0x019DF000 \SystemRoot\system32\drivers\disk.sys

0x019F3000 \SystemRoot\system32\drivers\crcdisk.sys

0x016CD000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x016DA000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x016E3000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x01800000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x02A0C000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x016F6000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03198000 \SystemRoot\System32\drivers\watchdog.sys

0x031A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x031B4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x017D9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0320F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x0340A000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x03582000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x035AD000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x035D0000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x035E6000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x035F2000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x032FC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x03330000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0333C000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03358000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03365000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

0x03371000 \SystemRoot\system32\DRIVERS\enecir.sys

0x03400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0338D000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x033C6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x033D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03200000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x013C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x017EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x015D0000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x00DE7000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0360A000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0361D000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0361F000 \SystemRoot\system32\DRIVERS\ks.sys

0x03653000 \SystemRoot\system32\DRIVERS\circlass.sys

0x03664000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x0366F000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0367F000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x036C7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x036DB000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x03756000 \SystemRoot\system32\DRIVERS\portcls.sys

0x03791000 \SystemRoot\system32\DRIVERS\drmk.sys

0x037B4000 \SystemRoot\system32\drivers\ksthunk.sys

0x04C05000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x04D41000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04D43000 \SystemRoot\system32\drivers\modem.sys

0x04D52000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x04D77000 \SystemRoot\system32\DRIVERS\hidir.sys

0x04D82000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04D94000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04D9C000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x04DA7000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04DB2000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04DBB000 \SystemRoot\system32\DRIVERS\Amusbx64.sys

0x04DC4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x04DCE000 \SystemRoot\System32\Drivers\Null.SYS

0x04DD7000 \SystemRoot\system32\DRIVERS\Amfltx64.sys

0x04DE0000 \SystemRoot\System32\drivers\vga.sys

0x037BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04DEE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04DF7000 \SystemRoot\system32\drivers\rdpencdd.sys

0x037DF000 \SystemRoot\System32\Drivers\Msfs.SYS

0x037EA000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03600000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x04A0D000 \SystemRoot\system32\DRIVERS\tdx.sys

0x04A2A000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x04A3A000 \SystemRoot\system32\DRIVERS\smb.sys

0x04A55000 \SystemRoot\system32\drivers\afd.sys

0x04AC0000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x04ACA000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04B0E000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04B2C000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04B3B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04B56000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x04BA3000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04BAF000 \SystemRoot\System32\Drivers\dfsc.sys

0x04BCC000 \SystemRoot\System32\Drivers\aswSP.SYS

0x016A9000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05003000 \SystemRoot\System32\Drivers\usbvideo.sys

0x0502D000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0503B000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x05047000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x05051000 \SystemRoot\System32\drivers\Dxapi.sys

0x0505D000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00480000 \SystemRoot\System32\TSDDD.dll

0x006A0000 \SystemRoot\System32\cdd.dll

0x05070000 \SystemRoot\system32\drivers\luafv.sys

0x05092000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x050AC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x050B5000 \SystemRoot\system32\drivers\spsys.sys

0x0514F000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05163000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x05197000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x051A2000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x16E0B000 \SystemRoot\system32\drivers\HTTP.sys

0x16EAE000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x16ED7000 \SystemRoot\system32\DRIVERS\bowser.sys

0x16EF5000 \SystemRoot\System32\drivers\mpsdrv.sys

0x16F0F000 \SystemRoot\system32\drivers\mrxdav.sys

0x16F36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x16F5F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x16FA8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x16FC7000 \SystemRoot\System32\DRIVERS\srv2.sys

0x1740A000 \SystemRoot\System32\DRIVERS\srv.sys

0x1749F000 \SystemRoot\system32\drivers\peauth.sys

0x17555000 \SystemRoot\System32\Drivers\secdrv.SYS

0x17560000 \SystemRoot\System32\drivers\tcpipreg.sys

0x17572000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x76EC0000 \WINDOWS\System32\ntdll.dll

Processes (total 78):

0 System Idle Process

4 System

440 C:\WINDOWS\System32\smss.exe

532 csrss.exe

568 C:\WINDOWS\System32\wininit.exe

588 csrss.exe

624 C:\WINDOWS\System32\services.exe

636 C:\WINDOWS\System32\lsass.exe

644 C:\WINDOWS\System32\lsm.exe

768 C:\WINDOWS\System32\winlogon.exe

824 C:\WINDOWS\System32\svchost.exe

896 C:\WINDOWS\System32\svchost.exe

944 C:\WINDOWS\System32\svchost.exe

988 C:\WINDOWS\System32\svchost.exe

1020 C:\WINDOWS\System32\svchost.exe

204 C:\WINDOWS\System32\svchost.exe

328 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe

616 C:\WINDOWS\System32\audiodg.exe

1008 C:\WINDOWS\System32\SLsvc.exe

1112 C:\WINDOWS\System32\svchost.exe

1160 C:\WINDOWS\System32\hpservice.exe

1368 C:\WINDOWS\System32\svchost.exe

1480 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1488 C:\WINDOWS\System32\wlanext.exe

1820 C:\WINDOWS\System32\spoolsv.exe

1844 C:\WINDOWS\System32\svchost.exe

1292 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe

1360 C:\WINDOWS\System32\agr64svc.exe

1380 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1560 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

684 C:\WINDOWS\System32\svchost.exe

1996 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2112 C:\WINDOWS\System32\svchost.exe

2128 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

2184 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

2196 C:\WINDOWS\SMINST\BLService.exe

2224 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

2252 C:\WINDOWS\System32\svchost.exe

2284 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

2304 C:\WINDOWS\System32\svchost.exe

2336 C:\WINDOWS\System32\SearchIndexer.exe

2580 WmiPrvSE.exe

2632 C:\WINDOWS\System32\taskeng.exe

2360 C:\WINDOWS\System32\taskeng.exe

2532 C:\WINDOWS\System32\dwm.exe

352 C:\WINDOWS\explorer.exe

3168 C:\WINDOWS\System32\igfxtray.exe

3176 C:\WINDOWS\System32\hkcmd.exe

3188 C:\WINDOWS\System32\igfxpers.exe

3224 C:\Program Files\Apoint2K\Apoint.exe

3260 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

3268 C:\Program Files\Windows Defender\MSASCui.exe

3276 C:\Program Files\IDT\WDM\sttray64.exe

3284 C:\Program Files\Windows Sidebar\sidebar.exe

3376 C:\Program Files (x86)\HP\QuickPlay\QPService.exe

3388 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

3396 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

3404 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

3416 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

3428 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

3444 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

3460 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

3468 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

3540 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3556 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3584 WmiPrvSE.exe

3604 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3668 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

3812 C:\Program Files\iPod\bin\iPodService.exe

3916 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

3924 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

3076 C:\Program Files\Windows Media Player\wmpnscfg.exe

1592 C:\Program Files\Windows Media Player\wmpnetwk.exe

3320 C:\WINDOWS\System32\igfxsrvc.exe

3296 C:\Program Files\Apoint2K\ApMsgFwd.exe

2204 C:\Program Files\Apoint2K\ApntEx.exe

3664 C:\Program Files\Windows Sidebar\sidebar.exe

4264 C:\Users\BedigandMary\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`69700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Share this post


Link to post
Share on other sites

much better actually. :)

for the first time, there was no 'yellow security warning' on the Avast icon, which i thought was a great sign! before during startup i'd get the security warning(every time), click icon/open avast and see 'real time shields off' with the 'fix all' button. nothing would work, literally, nothing. i would sit here and watch the yellow warning disappear from the Avast logo, and then here 'your system is secure'?? while looking at the page that says all shields off... anyway, not this time. i'll try a few more.

started up faster and once running, it sounds smoother, not working so hard(usually my fan is at full blast right away)

is it gone??

Share this post


Link to post
Share on other sites

spoke too soon.....

i rebooted, everything looking good. i was able to open task manager, looked through processes, watched 78 become 82(dont know if that matters) it was open for about 4 minutes and teh computer was on now for maybe 10. i click moz browser adn my comp froze. arrow thinks in task bar, normal everywhere else.

im hesitant to manually reboot.... from what i've read, thats what it wants.

sent from other computer

Share this post


Link to post
Share on other sites

Please reboot and let me know if this was a one-time occurrence or if it happens each time.

Share this post


Link to post
Share on other sites

i restarted 2 or 3 times....

its acting up again. Avast has yellow warning, fan turns on right away, reboots slow(but working 4x harder) etc

any ideas?

Share this post


Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Compal

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP Pavilion dv4 Notebook PC

Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`69700000 (NTFS)

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Press ENTER to exit...

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Compal

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP Pavilion dv4 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 196):

0x0261B000 \SystemRoot\system32\ntoskrnl.exe

0x02B32000 \SystemRoot\system32\hal.dll

0x0060A000 \SystemRoot\system32\kdcom.dll

0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064F000 \SystemRoot\system32\PSHED.dll

0x00663000 \SystemRoot\system32\CLFS.SYS

0x006C0000 \SystemRoot\system32\CI.dll

0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008EE000 \SystemRoot\system32\drivers\acpi.sys

0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS

0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys

0x00957000 \SystemRoot\system32\drivers\pci.sys

0x00987000 \SystemRoot\system32\drivers\isapnp.sys

0x00990000 \SystemRoot\system32\drivers\mpio.sys

0x009B2000 \SystemRoot\System32\drivers\partmgr.sys

0x009C7000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x009CB000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x009D7000 \SystemRoot\system32\drivers\volmgr.sys

0x00772000 \SystemRoot\System32\drivers\volmgrx.sys

0x009EB000 \SystemRoot\system32\drivers\intelide.sys

0x007D8000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x009F3000 \SystemRoot\system32\drivers\pciide.sys

0x007E8000 \SystemRoot\system32\drivers\aliide.sys

0x007EF000 \SystemRoot\system32\drivers\amdide.sys

0x007F6000 \SystemRoot\system32\drivers\cmdide.sys

0x00A0C000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A1F000 \SystemRoot\system32\drivers\msdsm.sys

0x00A3D000 \SystemRoot\system32\drivers\nvraid.sys

0x00A60000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x00A8C000 \SystemRoot\system32\drivers\viaide.sys

0x00A94000 \SystemRoot\system32\drivers\iastorv.sys

0x00B5B000 \SystemRoot\system32\drivers\atapi.sys

0x00B63000 \SystemRoot\system32\drivers\ataport.SYS

0x00B87000 \SystemRoot\system32\drivers\lsi_scsi.sys

0x00C0A000 \SystemRoot\system32\drivers\storport.sys

0x00C67000 \SystemRoot\system32\drivers\nvstor.sys

0x00C77000 \SystemRoot\system32\drivers\msahci.sys

0x00C81000 \SystemRoot\system32\drivers\hpcisss.sys

0x00C8F000 \SystemRoot\system32\drivers\adp94xx.sys

0x00D08000 \SystemRoot\system32\drivers\adpahci.sys

0x00D5E000 \SystemRoot\system32\drivers\adpu160m.sys

0x00D7F000 \SystemRoot\system32\drivers\SCSIPORT.SYS

0x00DAD000 \SystemRoot\system32\drivers\adpu320.sys

0x00DDC000 \SystemRoot\system32\drivers\djsvs.sys

0x00BA5000 \SystemRoot\system32\drivers\arc.sys

0x00BBE000 \SystemRoot\system32\drivers\arcsas.sys

0x00E04000 \SystemRoot\system32\drivers\elxstor.sys

0x00EA7000 \SystemRoot\system32\drivers\i2omp.sys

0x00EB2000 \SystemRoot\system32\drivers\iirsp.sys

0x00EC3000 \SystemRoot\system32\drivers\iteatapi.sys

0x00ED0000 \SystemRoot\system32\drivers\iteraid.sys

0x00EDD000 \SystemRoot\system32\drivers\lsi_fc.sys

0x00EFB000 \SystemRoot\system32\drivers\lsi_sas.sys

0x00F17000 \SystemRoot\system32\drivers\megasas.sys

0x00F23000 \SystemRoot\system32\drivers\megasr.sys

0x00FEA000 \SystemRoot\system32\drivers\mraid35x.sys

0x00BD7000 \SystemRoot\system32\drivers\nfrd960.sys

0x01005000 \SystemRoot\system32\drivers\ql2300.sys

0x01157000 \SystemRoot\system32\drivers\ql40xx.sys

0x011B5000 \SystemRoot\system32\drivers\sisraid2.sys

0x011C3000 \SystemRoot\system32\drivers\sisraid4.sys

0x011D9000 \SystemRoot\system32\drivers\symc8xx.sys

0x011E7000 \SystemRoot\system32\drivers\sym_hi.sys

0x00BE7000 \SystemRoot\system32\drivers\sym_u3.sys

0x01207000 \SystemRoot\system32\drivers\uliahci.sys

0x01250000 \SystemRoot\system32\drivers\ulsata.sys

0x0127F000 \SystemRoot\system32\drivers\ulsata2.sys

0x012C1000 \SystemRoot\system32\drivers\vsmraid.sys

0x012E8000 \SystemRoot\system32\drivers\fltmgr.sys

0x0132F000 \SystemRoot\system32\drivers\fileinfo.sys

0x01343000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01406000 \SystemRoot\system32\drivers\ndis.sys

0x01606000 \SystemRoot\system32\drivers\msrpc.sys

0x01656000 \SystemRoot\system32\drivers\NETIO.SYS

0x01800000 \SystemRoot\System32\drivers\tcpip.sys

0x01976000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01A03000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01B83000 \SystemRoot\system32\drivers\wd.sys

0x01B8B000 \SystemRoot\system32\drivers\volsnap.sys

0x01BCF000 \SystemRoot\System32\Drivers\spldr.sys

0x01BD7000 \SystemRoot\system32\drivers\sbp2port.sys

0x019A2000 \SystemRoot\System32\Drivers\mup.sys

0x019B4000 \SystemRoot\System32\drivers\ecache.sys

0x01BF0000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

0x019E0000 \SystemRoot\system32\drivers\disk.sys

0x019F4000 \SystemRoot\system32\drivers\crcdisk.sys

0x016D3000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x016E0000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x016E9000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x01BFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x02A04000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x016FC000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03190000 \SystemRoot\System32\drivers\watchdog.sys

0x031A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x031AC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x017DF000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0320F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x03407000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x0357F000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x035AA000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x035CD000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x035E3000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x035EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x032FC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x03330000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0333C000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03358000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03365000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

0x03371000 \SystemRoot\system32\DRIVERS\enecir.sys

0x0338D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x03396000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x033CF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x033DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03200000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x015C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x017F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x013CA000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x013E8000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03605000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03618000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0361A000 \SystemRoot\system32\DRIVERS\ks.sys

0x0364E000 \SystemRoot\system32\DRIVERS\circlass.sys

0x0365F000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x0366A000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0367A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x036C2000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x036D6000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x03751000 \SystemRoot\system32\DRIVERS\portcls.sys

0x0378C000 \SystemRoot\system32\DRIVERS\drmk.sys

0x037AF000 \SystemRoot\system32\drivers\ksthunk.sys

0x04C08000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x04D44000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04D46000 \SystemRoot\system32\drivers\modem.sys

0x04D55000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x04D7A000 \SystemRoot\system32\DRIVERS\hidir.sys

0x04D85000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04D97000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04D9F000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x04DAA000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04DBE000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x037B5000 \SystemRoot\System32\Drivers\usbvideo.sys

0x04DE3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x04DED000 \SystemRoot\System32\Drivers\Null.SYS

0x04DF6000 \SystemRoot\system32\DRIVERS\Amfltx64.sys

0x037DF000 \SystemRoot\System32\drivers\vga.sys

0x04E07000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04E2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04E35000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04E3E000 \SystemRoot\System32\Drivers\Msfs.SYS

0x04E49000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04E5A000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x04E63000 \SystemRoot\system32\DRIVERS\tdx.sys

0x04E80000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x04E90000 \SystemRoot\system32\DRIVERS\smb.sys

0x04EAB000 \SystemRoot\system32\drivers\afd.sys

0x04F16000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x04F20000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04F64000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04F82000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04F91000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04FAC000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x037ED000 \SystemRoot\system32\drivers\nsiproxy.sys

0x05007000 \SystemRoot\System32\Drivers\dfsc.sys

0x05024000 \SystemRoot\System32\Drivers\aswSP.SYS

0x05047000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05055000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x05061000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x0506B000 \SystemRoot\System32\drivers\Dxapi.sys

0x05077000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004F0000 \SystemRoot\System32\TSDDD.dll

0x006C0000 \SystemRoot\system32\CI.dll

0x0508A000 \SystemRoot\system32\drivers\luafv.sys

0x050AC000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x050C6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x050CF000 \SystemRoot\system32\drivers\spsys.sys

0x05169000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x0517D000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x051B1000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x051BC000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x16E0D000 \SystemRoot\system32\drivers\HTTP.sys

0x16EB0000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x16ED9000 \SystemRoot\system32\DRIVERS\bowser.sys

0x16EF7000 \SystemRoot\System32\drivers\mpsdrv.sys

0x16F11000 \SystemRoot\system32\drivers\mrxdav.sys

0x16F38000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x16F61000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x16FAA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x16FC9000 \SystemRoot\System32\DRIVERS\srv2.sys

0x1720F000 \SystemRoot\System32\DRIVERS\srv.sys

0x172A4000 \SystemRoot\system32\drivers\peauth.sys

0x1735A000 \SystemRoot\System32\Drivers\secdrv.SYS

0x17365000 \SystemRoot\System32\drivers\tcpipreg.sys

0x17377000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x77950000 \WINDOWS\System32\ntdll.dll

Processes (total 78):

0 System Idle Process

4 System

476 C:\WINDOWS\System32\smss.exe

576 csrss.exe

612 C:\WINDOWS\System32\wininit.exe

632 csrss.exe

668 C:\WINDOWS\System32\services.exe

680 C:\WINDOWS\System32\lsass.exe

688 C:\WINDOWS\System32\lsm.exe

792 C:\WINDOWS\System32\winlogon.exe

860 C:\WINDOWS\System32\svchost.exe

932 C:\WINDOWS\System32\svchost.exe

976 C:\WINDOWS\System32\svchost.exe

192 C:\WINDOWS\System32\svchost.exe

340 C:\WINDOWS\System32\svchost.exe

364 C:\WINDOWS\System32\svchost.exe

380 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe

1028 C:\WINDOWS\System32\audiodg.exe

1060 C:\WINDOWS\System32\SLsvc.exe

1100 C:\WINDOWS\System32\svchost.exe

1176 C:\WINDOWS\System32\hpservice.exe

1232 C:\WINDOWS\System32\svchost.exe

1384 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1416 C:\WINDOWS\System32\wlanext.exe

1868 C:\WINDOWS\System32\spoolsv.exe

1892 C:\WINDOWS\System32\svchost.exe

1084 C:\WINDOWS\System32\dwm.exe

1500 C:\WINDOWS\System32\taskeng.exe

2076 C:\WINDOWS\explorer.exe

2228 C:\WINDOWS\System32\igfxtray.exe

2244 C:\WINDOWS\System32\hkcmd.exe

2252 C:\WINDOWS\System32\igfxpers.exe

2268 C:\Program Files\Apoint2K\Apoint.exe

2288 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

2340 C:\Program Files\Windows Defender\MSASCui.exe

2368 C:\Program Files\IDT\WDM\sttray64.exe

2400 C:\Program Files\Windows Sidebar\sidebar.exe

2456 C:\Program Files (x86)\HP\QuickPlay\QPService.exe

2464 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

2472 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

2480 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

2496 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

2508 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

2516 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2524 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe

2556 C:\Program Files (x86)\iTunes\iTunesHelper.exe

2564 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2576 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

2644 C:\WINDOWS\System32\igfxsrvc.exe

2828 C:\Program Files\Windows Sidebar\sidebar.exe

2892 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe

2928 C:\WINDOWS\System32\agr64svc.exe

2940 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2972 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

2988 C:\WINDOWS\System32\svchost.exe

3028 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2156 C:\WINDOWS\System32\svchost.exe

1240 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

2448 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

1932 C:\WINDOWS\SMINST\BLService.exe

3076 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

3132 C:\WINDOWS\System32\svchost.exe

3160 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

3196 C:\WINDOWS\System32\svchost.exe

3236 C:\WINDOWS\System32\SearchIndexer.exe

3460 WmiPrvSE.exe

2280 C:\WINDOWS\System32\taskeng.exe

3808 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

1380 C:\Program Files\iPod\bin\iPodService.exe

2732 WmiPrvSE.exe

3516 C:\Program Files\Apoint2K\ApMsgFwd.exe

4112 C:\Program Files\Apoint2K\ApntEx.exe

4156 C:\Program Files\Windows Media Player\wmpnscfg.exe

4224 C:\Program Files\Windows Media Player\wmpnetwk.exe

4244 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

4344 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

4556 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

5064 C:\Users\BedigandMary\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`69700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Share this post


Link to post
Share on other sites

Okay, at least that is good.

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

netsvcs
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Tasks\at*.job

[*]Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Share this post


Link to post
Share on other sites

a few things to mention from yesterday...

i rebooted about 12 times. all were as before. no lock up and shut down, but not right. i open processes and watch it go from 78 to 82 running, cpu usage from 3% to pinned at 100%. even if i have nothing open.

network meter did something strange again.... Ext. IP showed ' Checking (-1) ' . when i open a browser, i get the numbers 70.xxx.xx.xxx, etc(i put in the x's) i've never seen that one before

i tryed something yesterday as well, when i reboot and fan turns on, if i wait til the fan stops before i put in my password(2-3 minutes) then i dont have a warning on my avast icon when the desktop opens.

i dont know if i'm being overly cautious at this point or if these mean something.

OTL as requested. Thanks Elise!

OTL logfile created on: 8/20/2010 9:14:31 AM - Run 2

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\BedigandMary\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.65 Gb Total Space | 148.65 Gb Free Space | 67.07% Space Free | Partition Type: NTFS

Drive D: | 11.24 Gb Total Space | 1.83 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BEDIGANDMARY-PC

Current User Name: BedigandMary

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 09:12:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

PRC - [2010/07/24 23:36:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/08/20 09:12:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)

DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)

DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)

DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)

DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/08/17 12:48:08 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 03:12:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 23:36:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 23:36:54 | 000,000,000 | ---D | M]

[2010/03/20 20:08:13 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Extensions

[2010/08/19 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions

[2010/04/28 14:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/04 08:19:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/04 16:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/04 08:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [symLnch] C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\BedigandMary\Pictures\dogs pics blackberry 7-28-2010\IMG00169.jpg

O24 - Desktop BackupWallPaper: C:\Users\BedigandMary\Pictures\dogs pics blackberry 7-28-2010\IMG00169.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/20 09:12:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

[2010/08/13 11:07:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/08/13 11:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/08/11 11:14:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs

[2010/08/11 10:40:26 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/11 10:40:19 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/08/11 10:40:04 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2010/08/11 10:40:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/08/11 10:39:51 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010/08/11 10:39:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/08/11 10:39:50 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010/08/11 10:39:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/08/11 10:39:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll

[2010/08/11 10:39:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll

[2010/08/11 10:39:49 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2010/08/11 10:39:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2010/08/10 14:28:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/08/04 19:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/08/04 08:19:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/08/04 08:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/08/04 08:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/08/03 20:17:47 | 000,000,000 | ---D | C] -- C:\Users\BedigandMary\AppData\Roaming\Template

========== Files - Modified Within 30 Days ==========

[2010/08/20 09:14:07 | 002,097,152 | -HS- | M] () -- C:\Users\BedigandMary\NTUSER.DAT

[2010/08/20 09:12:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

[2010/08/20 08:31:36 | 000,083,456 | ---- | M] () -- C:\Users\BedigandMary\Desktop\ITS_CCC_Instr_Reg_LVMS2010.doc

[2010/08/20 08:12:24 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/08/20 08:10:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/20 08:10:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 08:10:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 08:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/20 08:10:28 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/19 19:12:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/08/19 19:12:14 | 000,524,288 | -HS- | M] () -- C:\Users\BedigandMary\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/08/19 19:12:14 | 000,065,536 | -HS- | M] () -- C:\Users\BedigandMary\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/08/19 19:12:10 | 001,325,818 | -H-- | M] () -- C:\Users\BedigandMary\AppData\Local\IconCache.db

[2010/08/19 15:49:28 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F54C0B5-B365-4AD8-9FC0-6DCF103A51F6}.job

[2010/08/18 09:48:06 | 000,016,041 | ---- | M] () -- C:\Users\BedigandMary\Desktop\dump0.dat

[2010/08/18 05:37:12 | 516,199,211 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/08/17 18:21:54 | 000,000,577 | ---- | M] () -- C:\Users\BedigandMary\Desktop\MBRCheck - Shortcut.lnk

[2010/08/17 12:48:08 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/08/17 12:47:14 | 000,133,632 | ---- | M] () -- C:\Users\BedigandMary\Desktop\RKUnhookerLE.EXE

[2010/08/13 11:07:45 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/12 11:53:39 | 000,000,732 | ---- | M] () -- C:\Users\BedigandMary\AppData\Local\d3d9caps64.dat

[2010/08/11 11:15:46 | 000,698,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/08/11 11:15:46 | 000,599,826 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/08/11 11:15:46 | 000,103,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/08/11 11:13:17 | 000,873,310 | ---- | M] () -- C:\Windows\SysNative\oem24.inf

[2010/08/11 10:52:14 | 000,314,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/05 09:27:48 | 000,075,456 | ---- | M] () -- C:\Users\BedigandMary\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/08/03 20:17:45 | 000,000,000 | ---- | M] () -- C:\Users\BedigandMary\AppData\Roaming\wklnhst.dat

[2010/08/03 20:17:04 | 000,019,456 | ---- | M] () -- C:\Users\BedigandMary\Documents\Label3.doc

[2010/08/03 20:16:48 | 000,061,440 | ---- | M] () -- C:\Users\BedigandMary\Documents\PAULS WATCH REPAIR.doc

[2010/08/03 20:16:42 | 000,043,008 | ---- | M] () -- C:\Users\BedigandMary\Documents\Pauls watch repair big.doc

========== Files Created - No Company Name ==========

[2010/08/20 08:31:35 | 000,083,456 | ---- | C] () -- C:\Users\BedigandMary\Desktop\ITS_CCC_Instr_Reg_LVMS2010.doc

[2010/08/18 09:48:06 | 000,016,041 | ---- | C] () -- C:\Users\BedigandMary\Desktop\dump0.dat

[2010/08/17 18:21:54 | 000,000,577 | ---- | C] () -- C:\Users\BedigandMary\Desktop\MBRCheck - Shortcut.lnk

[2010/08/17 12:48:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/08/17 12:47:13 | 000,133,632 | ---- | C] () -- C:\Users\BedigandMary\Desktop\RKUnhookerLE.EXE

[2010/08/17 00:41:08 | 4256,133,120 | -HS- | C] () -- C:\hiberfil.sys

[2010/08/17 00:41:08 | 4256,133,120 | -HS- | C] () --

[2010/08/13 11:07:45 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/11 21:08:05 | 000,000,732 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\d3d9caps64.dat

[2010/08/11 11:13:36 | 000,873,310 | ---- | C] () -- C:\Windows\SysNative\oem24.inf

[2010/08/10 14:28:17 | 516,199,211 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/08/03 20:17:45 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Roaming\wklnhst.dat

[2010/08/03 20:17:04 | 000,019,456 | ---- | C] () -- C:\Users\BedigandMary\Documents\Label3.doc

[2010/08/03 20:16:47 | 000,061,440 | ---- | C] () -- C:\Users\BedigandMary\Documents\PAULS WATCH REPAIR.doc

[2010/08/03 20:16:41 | 000,043,008 | ---- | C] () -- C:\Users\BedigandMary\Documents\Pauls watch repair big.doc

[2010/04/19 10:59:21 | 000,006,144 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/26 04:08:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/03/26 04:07:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/03/20 19:55:51 | 000,427,144 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI3630.txt

[2010/03/20 19:55:50 | 000,011,626 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI3630.txt

[2010/03/20 19:30:15 | 000,002,402 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI2284.txt

[2010/03/20 19:30:08 | 000,125,744 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI2284.txt

[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\QSwitch.txt

[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DSwitch.txt

[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\AtStart.txt

[2010/03/20 15:11:10 | 000,000,366 | -H-- | C] () -- \IPH.PH

[2010/03/20 13:39:18 | 274,755,583 | -HS- | C] () --

[2008/02/08 01:51:02 | 000,333,257 | RHS- | C] () -- \bootmgr

[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Tasks\at*.job >

< End of report >

Share this post


Link to post
Share on other sites

I see a few small things that still need fixed, but nothing important. Its possible your Avast shows the warning sign as long as your connection isn't initialized properly so it can't connect to its update site (I'm using Avast myself and observe the same thing).

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]


  3. Push the Run Fix button.
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the ESET smart install icon on your desktop.

    3. Check Accept Terms.
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Share this post


Link to post
Share on other sites

im on my other laptop..

rebooted after OTL,

no fan right away(good sign) i entered password, went to a black screen for a bit, assuming from whatever OTL accomplished/did/etc..no prob. but when desktop appeared, the log OTL log is there and open but so is 'Update Adobe Flash Player' box. i stopped. have not touched it since.

is it safe to continue?

Share this post


Link to post
Share on other sites

Yes, please continue with that.

Does it run fine otherwise?

Share this post


Link to post
Share on other sites

yes, similar to yesterdays 2 smooth startups ;)

here is the OTL, starting Eset now...

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BedigandMary

->Temp folder emptied: 51490879 bytes

->Temporary Internet Files folder emptied: 1697615 bytes

->Java cache emptied: 12399922 bytes

->FireFox cache emptied: 59952940 bytes

->Flash cache emptied: 111073 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 36902408 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 250561 bytes

Total Files Cleaned = 155.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08202010_104247

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

Share this post


Link to post
Share on other sites

Hi, thats looking great. If you have no other problems left, you're good to go. ;)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean ;)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Start OTL and click the Cleanup button. This will remove all tools and logs we used. Allow a reboot.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites

thank you for all your help Elise!!! computer is running better, although i dont think its completely clean. i ran OTL but it didnt clean files or programs off my desktop(eset, mbr check, rku unhook) OTL is gone though. did i forget to check something?

can i try anything else?

also, what was it(this infection)?? i tryed to do a search and found 5 or so topics w google. nothing had any sort of explanation(i opened only 2, didnt trust the other websites)

again, thanks for all your help!!! ;)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.