new computer virus

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Helpme220]

I'm ready to throw this thing in a river . Tried running Eset i get an unexpected error 3!!!  i still have all my firewall and microsoft essential turned off. Sorry this took so long storm dropped us for days just got back online

What next am I doing something wrong thank you again for help.

[Helpme220]

I forgot to tell you at first the application said , esetsmartinstaller _enu.exe  is not a valid Win32 application

[SuperDave]

I forgot to tell you at first the application said , esetsmartinstaller _enu.exe  is not a valid Win32 application.

ESET is supposed to run on a 64 bit machine which, according to the logs, you have.
Please try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

[Helpme220]

Ok , so I cannot get the link to work . I tried with safari and it was a no go just kept giving me the spinning icon. then I tried link form internet explorer nothing. then I went to www.bitdefender .com directly and tried a quick scan. It gave me this


Your browser has javascript disabled or another plugin/ software is blocking Javascript code. Please enable javascript in your browser or add bit defender.com to the exceptions list ?

Would this have something to do with my problem?

I'm sorry if i'm not doing everything correctly this is so frustrating

What should I do now ?

[SuperDave]

Please enable javascript in your browser or add bit defender.com to the exceptions list ?

Would this have something to do with my problem?

That could be the problem.

[Helpme220]

Okay i turn on java scripting and put bitdefender on my trusted sites. its a no go i can google bitdefender but then when i try to get the free online scanner i cant  connect . It even said that my javascript was disable which it wasnt. I was wondering if a safe mode reboot to last know configuration would help . So I could at least try to run one of these programs . Also when I do get a website now and again, the pictures look weird like trasparent and some time just code looks like it comes up . also it opens two pages at the same time . this computer is screwed .

please help.

[SuperDave]

Ok. Let's see you can run this one.

Download Dr.Web CureIt to the desktop:
Dr WebCureIt

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  
  • Once the short scan has finished, chose the Complete Scan.
    
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow
  
  at the right, and the scan will start.
  
  • Click 'Yes to all' if it asks if you want to cure/move the file.
    
  • When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  

[Helpme220]

ok, so  itried your link to dr. web cure it , said could not find ftp. server . that was on infected computer. i tried link on my personal computer it sent me to umbdrive and some rumba site . Anyways I went on dr web cureit site download the online scanner on the noninfected computer put it on a thumbdrive
and downloaded it to my infected computer desktop. I ran express scan found nothing then I ran complete scan took all night I got this                RTHDCPL.exe  C;swsetup/drivers/audio probably backdoor trojan , I tried to select and cure would not give me that option so i moved it . I guess i should of deleted it but who knows . I am attaching the report . I know Its not exactly what you said to do but its something .

please let this help


RTHDCPL.exe;C:\SWSetup\Drivers\Audio\WDM;Probably BACKDOOR.Trojan;Moved.;

[SuperDave]

Please see if you can run ESET or BitDefender again.

[Helpme220]

I tried running both , eset still says it is a 32 bit application, and bit defender just spins and spins. also when i do get to to download most of the programs you give me to try they  have a shied in front of the icon. combofix, eset, security check . and dr web cure , but rooter and javara don't does that have something to do with it . The shield is yellow and blue.

help

[SuperDave]

but rooter and javara don't does that have something to do with it . The shield is yellow and blue.

Can you give me a screenshot of that?
How to post screenshots or images

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[Helpme220]

Here is my link to image shack of desktop

http://img214.imageshack.us/img214/9867/desktopaw.jpg


I tried running , ansMBR.exe said it wasn't a 32 bit win application

There was no shield on this one though

lets keep it going . I'm not lettting these bastards win

[SuperDave]

I can't really see what you're talking about in the screenshot.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[Helpme220]

okay so i downloaded the mbr , wouldn't run everything said mbr.exe is not valid Win 32 application. So then I went on my other computer and downloaded it to my thumbdrive . I then put it in the infected computer , when I dragged the Mbr to the desktop one of those yellow and blue shields I told you about pops up over the desktop icon . And also said , mbr.exe is not a valid Win 32 application. so then i ran the mbr right from the thumbdrive and it ran
here is the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows 7 Home Premium Edition
Windows Information:      Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:   Hewlett-Packard
BIOS Manufacturer:      Hewlett-Packard
System Manufacturer:      Hewlett-Packard
System Product Name:      Presario CQ57 Notebook PC
Logical Drives Mask:      0x0000003c

Kernel Drivers (total 218):
  0x02C5C000 \SystemRoot\system32\ntoskrnl.exe
  0x02C13000 \SystemRoot\system32\hal.dll
  0x00BBC000 \SystemRoot\system32\kdcom.dll
  0x00C84000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C91000 \SystemRoot\system32\PSHED.dll
  0x00CA5000 \SystemRoot\system32\CLFS.SYS
  0x00D03000 \SystemRoot\system32\CI.dll
  0x00EF2000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F96000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00FA5000 \SystemRoot\system32\drivers\ACPI.sys
  0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E13000 \SystemRoot\system32\drivers\pci.sys
  0x00E46000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E68000 \SystemRoot\system32\drivers\compbatt.sys
  0x00E71000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00E7D000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00DC3000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00DDD000 \SystemRoot\system32\drivers\atapi.sys
  0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
  0x00C2A000 \SystemRoot\system32\drivers\msahci.sys
  0x00C35000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00C45000 \SystemRoot\system32\DRIVERS\amd_sata.sys
  0x010BE000 \SystemRoot\system32\DRIVERS\storport.sys
  0x01121000 \SystemRoot\system32\DRIVERS\amd_xata.sys
  0x0112E000 \SystemRoot\system32\drivers\amdxata.sys
  0x01139000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01185000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMDS64.SYS
  0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01285000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS
  0x01414000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01353000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015B7000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01200000 \SystemRoot\System32\Drivers\cng.sys
  0x015D2000 \SystemRoot\System32\drivers\pcw.sys
  0x015E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016CA000 \SystemRoot\system32\drivers\ndis.sys
  0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x018C5000 \SystemRoot\System32\drivers\tcpip.sys
  0x01AC9000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01B13000 \SystemRoot\system32\drivers\volsnap.sys
  0x01B5F000 \SystemRoot\System32\Drivers\spldr.sys
  0x01B67000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01BA1000 \SystemRoot\System32\Drivers\mup.sys
  0x01BB3000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01BBC000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01800000 \SystemRoot\system32\drivers\disk.sys
  0x01816000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01888000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x0168B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x018B2000 \SystemRoot\System32\Drivers\Null.SYS
  0x018BB000 \SystemRoot\System32\Drivers\Beep.SYS
  0x016BC000 \SystemRoot\System32\drivers\vga.sys
  0x017BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x017E2000 \SystemRoot\System32\drivers\watchdog.sys
  0x01BF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x017F2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01272000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x013B1000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x013D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01014000 \SystemRoot\system32\drivers\afd.sys
  0x02E31000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02E76000 \SystemRoot\system32\DRIVERS\vsdatant.sys
  0x02F0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02F14000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02F3A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x02F50000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02F5F000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02F7A000 \SystemRoot\system32\drivers\termdd.sys
  0x02F8E000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMNETS.SYS
  0x03CBF000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
  0x03CF5000 \SystemRoot\system32\drivers\NISx64\1201000.025\Ironx64.SYS
  0x03D21000 \SystemRoot\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS
  0x03D37000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x03D41000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x03D4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03D9C000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03DA8000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03C00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
  0x03C76000 \SystemRoot\System32\drivers\discache.sys
  0x03C85000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03CA3000 \SystemRoot\system32\drivers\blbdrive.sys
  0x04058000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
  0x04143000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04169000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x0417E000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x04ADF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x03EB3000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03FA7000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03FED000 \SystemRoot\system32\drivers\usbohci.sys
  0x03E00000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x03E56000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x03E64000 \SystemRoot\system32\drivers\usbehci.sys
  0x03E75000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x05316000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x03E99000 \SystemRoot\system32\drivers\CmBatt.sys
  0x0534C000 \SystemRoot\system32\drivers\i8042prt.sys
  0x03E9E000 \SystemRoot\system32\drivers\kbdclass.sys
  0x04408000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x04564000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04566000 \SystemRoot\system32\drivers\mouclass.sys
  0x04575000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
  0x0536A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x058B0000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x05B52000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x05B5F000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x05B68000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x05B78000 \SystemRoot\system32\DRIVERS\clwvd.sys
  0x05B7E000 \SystemRoot\system32\DRIVERS\ks.sys
  0x05BC1000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05BC7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x05800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x05824000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x05830000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0585F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0587A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x05BDD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x05BF7000 \SystemRoot\system32\drivers\swenum.sys
  0x0589B000 \SystemRoot\system32\DRIVERS\btath_bus.sys
  0x045CB000 \SystemRoot\system32\DRIVERS\amdiox64.sys
  0x045DF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04A00000 \SystemRoot\system32\drivers\usbhub.sys
  0x04A5A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05CB7000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x05F4B000 \SystemRoot\system32\drivers\portcls.sys
  0x05F88000 \SystemRoot\system32\drivers\drmk.sys
  0x05FAA000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x05FB8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x05FC2000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
  0x05FD9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00070000 \SystemRoot\System32\win32k.sys
  0x05FEC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05C00000 \SystemRoot\system32\DRIVERS\btfilter.sys
  0x05C48000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x026FF000 \SystemRoot\System32\Drivers\bthport.sys
  0x0278B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x027A8000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x02600000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x0262C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x0263C000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x0265C000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
  0x02681000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x0269A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04A6F000 \SystemRoot\system32\drivers\btath_a2dp.sys
  0x02A8B000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
  0x02AEE000 \SystemRoot\system32\DRIVERS\btath_flt.sys
  0x02AFD000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
  0x004A0000 \SystemRoot\System32\TSDDD.dll
  0x00650000 \SystemRoot\System32\cdd.dll
  0x00830000 \SystemRoot\System32\ATMFD.DLL
  0x02B1E000 \SystemRoot\system32\drivers\luafv.sys
  0x02B41000 \SystemRoot\system32\drivers\WudfPf.sys
  0x02B62000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x02B77000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x02BCA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x02BDD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x02A00000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
  0x056F0000 \SystemRoot\system32\drivers\HTTP.sys
  0x057B9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x057D7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0562D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0567B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x06C30000 \SystemRoot\system32\drivers\peauth.sys
  0x06CD6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06CE1000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06D12000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06D24000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07040000 \SystemRoot\System32\DRIVERS\srv.sys
  0x070D8000 \??\C:\Windows\system32\drivers\mbam.sys
  0x07187000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x07195000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x071B0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x77BC0000 \Windows\System32\ntdll.dll
  0x48100000 \Windows\System32\smss.exe
  0xFFEE0000 \Windows\System32\apisetschema.dll
  0xFF710000 \Windows\System32\autochk.exe
  0xFFE50000 \Windows\System32\shlwapi.dll
  0xFFC70000 \Windows\System32\setupapi.dll
  0x77A60000 \Windows\System32\wininet.dll
  0x77940000 \Windows\System32\kernel32.dll
  0xFFBF0000 \Windows\System32\difxapi.dll
  0xFFB50000 \Windows\System32\msvcrt.dll
  0xFFB30000 \Windows\System32\sechost.dll
  0xFFA50000 \Windows\System32\advapi32.dll
  0x77D90000 \Windows\System32\normaliz.dll
  0xFF840000 \Windows\System32\ole32.dll
  0x77D80000 \Windows\System32\psapi.dll
  0xFEAB0000 \Windows\System32\shell32.dll
  0x777F0000 \Windows\System32\urlmon.dll
  0xFEA40000 \Windows\System32\gdi32.dll
  0xFE970000 \Windows\System32\usp10.dll
  0xFE940000 \Windows\System32\imm32.dll
  0x775E0000 \Windows\System32\iertutil.dll
  0x774E0000 \Windows\System32\user32.dll
  0xFE810000 \Windows\System32\rpcrt4.dll
  0xFE770000 \Windows\System32\clbcatq.dll
  0xFE760000 \Windows\System32\lpk.dll
  0xFE700000 \Windows\System32\Wldap32.dll
  0xFE6B0000 \Windows\System32\ws2_32.dll
  0xFE5D0000 \Windows\System32\oleaut32.dll
  0xFE530000 \Windows\System32\comdlg32.dll
  0xFE420000 \Windows\System32\msctf.dll
  0xFE410000 \Windows\System32\nsi.dll
  0xFE3F0000 \Windows\System32\imagehlp.dll
  0xFE380000 \Windows\System32\KernelBase.dll
  0xFE340000 \Windows\System32\cfgmgr32.dll
  0xFE1D0000 \Windows\System32\crypt32.dll
  0xFE130000 \Windows\System32\comctl32.dll
  0xFE110000 \Windows\System32\devobj.dll
  0xFE0D0000 \Windows\System32\wintrust.dll
  0xFE0C0000 \Windows\System32\msasn1.dll
  0x77D70000 \Windows\SysWOW64\normaliz.dll

Processes (total 91):
       0 System Idle Process
       4 System
     288 C:\Windows\System32\smss.exe
     436 csrss.exe
     532 C:\Windows\System32\wininit.exe
     552 csrss.exe
     596 C:\Windows\System32\services.exe
     612 C:\Windows\System32\lsass.exe
     620 C:\Windows\System32\lsm.exe
     648 C:\Windows\System32\winlogon.exe
     776 C:\Windows\System32\svchost.exe
     852 C:\Windows\System32\svchost.exe
     916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
     996 C:\Windows\System32\atiesrxx.exe
     304 C:\Windows\System32\svchost.exe
     444 C:\Windows\System32\svchost.exe
     544 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\atieclxx.exe
    1320 C:\Windows\System32\svchost.exe
    1400 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1564 C:\Windows\System32\wlanext.exe
    1576 C:\Windows\System32\conhost.exe
    1844 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    1928 C:\Windows\System32\spoolsv.exe
    1984 C:\Windows\System32\svchost.exe
    1232 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1440 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    1540 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    1608 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    1288 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    1708 C:\Program Files\Bonjour\mDNSResponder.exe
    1676 C:\Windows\System32\svchost.exe
    1792 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    1896 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    1108 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    1560 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    2088 C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    2144 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    2180 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2320 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2348 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    2448 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2176 C:\Windows\System32\svchost.exe
    2888 C:\Windows\System32\taskhost.exe
    2912 C:\Windows\System32\svchost.exe
    3148 C:\Windows\System32\dwm.exe
    3172 C:\Windows\explorer.exe
    3236 C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    3372 WmiPrvSE.exe
    3748 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    3636 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    3624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3668 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    3724 C:\Program Files\Microsoft Security Client\msseces.exe
    3888 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    1296 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    4172 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    4192 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    4352 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4444 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4612 C:\Windows\System32\SearchIndexer.exe
    5052 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5064 C:\Windows\System32\taskeng.exe
    5116 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
     352 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    4344 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    2680 C:\Windows\System32\svchost.exe
    2696 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
     440 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    3040 WmiPrvSE.exe
    4928 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    4876 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    5200 C:\Windows\System32\svchost.exe
    5856 dllhost.exe
    4416 C:\Windows\ehome\ehmsas.exe
    5888 C:\Windows\System32\mspaint.exe
    4244 C:\Program Files (x86)\Safari\Safari.exe
    2992 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
     156 C:\Windows\System32\wuauclt.exe
    6052 C:\Windows\System32\audiodg.exe
    6440 C:\Windows\servicing\TrustedInstaller.exe
    5908 WUDFHost.exe
    7000 C:\Windows\System32\SearchFilterHost.exe
    5136 C:\Windows\System32\wbem\WMIADAP.exe
    6428 C:\Windows\System32\SearchProtocolHost.exe
    2256 dllhost.exe
    1204 dllhost.exe
    6660 F:\MBRCheck.exe
    6980 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`bd400000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OCA1G

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9

Done!


Hope this helps .
Thank you again for this saga of trying to get this computer to run