Computer Hope
Software => Computer viruses and spyware => Topic started by: washingmachine on February 19, 2012, 12:31:14 AM
-
I removed a cycbot from my wife's laptop along with eliminating an F16.exe. I used mbam but after I deleted the infected files and rebooted the laptop I no longer can access the internet. The connection says everything is ok but it still will not connect. Any ideas as to why this is happening would be greatly appreciated.
Also, I checked the internet status of my cpu and it is under the name a for my wireless name, where my wife's laptop is connected to a2. Not sure if this makes any difference but thought i would mention it.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
-
After running MiniToolBox on my wife's laptop the internet is up and running and there seems to be no malicious bugs anymore. Thank you very much SuperDave. I did not post all the MiniToolBox info yet but if you feel it still needs to be done I can do that. You guys have been a great help to me with any cpu questions I have, again Thank You.
-
Here is the MiniToolBox info.
MiniToolBox by Farbar Version: 18-01-2012
Ran by Invisigoth (administrator) on 19-02-2012 at 21:45:13
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is enabled.
ProxyServer: http=127.0.0.1:56909
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Intel(R) WiFi Link 1000 BGN = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Invisigoth-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ca.comcast.net.
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 00-1E-64-70-58-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1F-16-ED-E0-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{F6E4DA7E-503F-4D90-9872-9080A2D6DCA9}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.hsd1.ca.comcast.net.:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 6ms, Average = 4ms
===========================================================================
Interface List
13...00 1e 64 70 58 32 ......Intel(R) WiFi Link 1000 BGN
11...00 1f 16 ed e0 65 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (02/19/2012 07:45:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (02/19/2012 07:25:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.
Error: (02/19/2012 07:25:44 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/19/2012 07:25:38 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.
Error: (02/19/2012 07:25:38 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/19/2012 07:25:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error code.
Error: (02/19/2012 07:25:33 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/19/2012 07:25:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error code.
Error: (02/19/2012 07:25:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/18/2012 10:19:50 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.
System errors:
=============
Error: (02/19/2012 09:35:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/19/2012 09:35:55 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (02/19/2012 07:50:46 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002c55703, 0x0000000000000000, 0x000000007ef90000)C:\Windows\MEMORY.DMP021912-80886-01
Error: (02/19/2012 07:44:21 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (02/19/2012 07:44:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (02/19/2012 07:44:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (02/19/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/19/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/19/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/19/2012 07:44:09 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
========================= Memory info: ===================================
Percentage of memory in use: 38%
Total physical RAM: 3999.19 MB
Available physical RAM: 2454.61 MB
Total Pagefile: 7996.53 MB
Available Pagefile: 6322.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.37 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:286.03 GB) (Free:132.64 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:2 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (Backup USB) (Removable) (Total:14.92 GB) (Free:6.87 GB) FAT32
========================= Users: ========================================
User accounts for \\INVISIGOTH-PC
Administrator Guest Invisigoth
**** End of log ****
-
That's good news. Here are a couple more scans to run to clean the computer.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
Here is the Mbam and SUPERAntiSpyware info.
Mbam
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.21.06
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Invisigoth :: INVISIGOTH-PC [administrator]
Protection: Enabled
2/21/2012 7:32:23 PM
mbam-log-2012-02-21 (19-32-23).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 448013
Time elapsed: 1 hour(s), 26 minute(s), 11 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1884 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Program Files (x86)\LP\065B\8095.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Invisigoth\AppData\Local\Temp\174F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Invisigoth\AppData\Roaming\OUTLOOK.EXE (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Invisigoth\AppData\Roaming\Microsoft\065B\C39C.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
SUPERAntiSpayware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/21/2012 at 11:45 PM
Application Version : 5.0.1144
Core Rules Database Version : 8264
Trace Rules Database Version: 6076
Scan type : Complete Scan
Total Scan Time : 02:22:27
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 66449
Registry threats detected : 0
File items scanned : 191482
File threats detected : 42
Adware.Tracking Cookie
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\23CPO34A.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBPNPE75.txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6YFLNR9M.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\70W8X1RA.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYHAVWOZ.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0PNTANH1.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CB7F81X.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROUB6SK9.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DCZOGQ53.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\WOZSBET5.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\YUAQ0LVN.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TT9X1YL2.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AM5N0HFS.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RB0HK55W.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\HWFL3LVL.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKOYUQOP.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMYDEUXD.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\07GMARWB.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNO0V7O4.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TY939P65.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M1553VEG.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I497IL38.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKJXKPJT.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZTPFZZA.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\5U298QE4.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3SQJB7I.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\K320WHUL.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TABI8JS4.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4F10RU3A.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLAPY534.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\N92HY4OH.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\7WKZ8CLW.txt [ Cookie:[email protected]/dcsk16hof000004bfefbkcw6o_1f9b ]
bbca.channelfinder.net [ C:\USERS\INVISIGOTH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N5AGTNBW ]
media1.break.com [ C:\USERS\INVISIGOTH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N5AGTNBW ]
secure-us.imrworldwide.com [ C:\USERS\INVISIGOTH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N5AGTNBW ]
secure-us.imrworldwide.com [ C:\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VXGQRBR3 ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
media.charter.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
A 3rd party is still trying to access laptop after both scans. Mbam blocks it each time. Will resetting my modem or router help stop this?
-
A 3rd party is still trying to access laptop after both scans. Mbam blocks it each time. Will resetting my modem or router help stop this?
That certainly wouldn't hurt.
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
after running combofix the laptop froze and I had to reboot, all the log info was lost. After reboot and trying to access the internet on laptop I am redirected to added success each time. Problem with virus seems to be getting worse. Any advice would help.
-
after running combofix the laptop froze and I had to reboot, all the log info was lost.
You should be able to find it on your C drive in the ComboFix folder. Look for a ComboFix.txt.
Please update and run SAS and MBAM again and post the logs.
-
Thanks for the info SuperDave. Found log for combofix.
ComboFix 12-02-25.02 - Invisigoth 02/27/2012 17:03:44.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2536 [GMT -8:00]
Running from: c:\users\Invisigoth\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 01:52 . 2012-02-28 01:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 05:17 . 2012-02-22 05:17 -------- d-----w- c:\users\Invisigoth\AppData\Roaming\SUPERAntiSpyware.com
2012-02-22 05:15 . 2012-02-22 05:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-22 05:15 . 2012-02-22 05:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-22 03:30 . 2012-02-22 03:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 03:26 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-20 03:26 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-19 07:13 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-19 07:13 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-19 07:13 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-19 07:13 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-19 07:13 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 07:12 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-19 06:52 . 2012-02-20 05:33 -------- d-----w- C:\Temp
2012-02-19 04:58 . 2012-02-19 04:58 -------- d-----w- c:\users\Invisigoth\AppData\Roaming\Malwarebytes
2012-02-19 04:58 . 2012-02-19 04:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 04:58 . 2012-02-19 04:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-19 04:58 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 01:12 . 2012-02-19 01:12 -------- d-----w- c:\users\Invisigoth\AppData\Roaming\27261
2012-02-19 01:12 . 2012-02-19 01:12 -------- d-----w- c:\users\Invisigoth\AppData\Roaming\B6827
2012-02-13 05:02 . 2012-02-21 02:01 -------- d-----w- c:\program files (x86)\27261
2012-02-11 04:37 . 2012-02-11 04:37 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\16C1.tmp
2012-02-11 04:37 . 2012-02-11 04:37 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\16C0.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 03:29 . 2010-04-25 18:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-27_21.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 18:30 . 2012-02-28 01:56 58718 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-28 01:56 50582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-21 23:47 . 2012-02-27 20:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-21 23:47 . 2012-02-28 00:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 23:47 . 2012-02-27 20:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-21 23:47 . 2012-02-28 00:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-27 20:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 00:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-24 16:50 . 2012-02-27 21:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-24 16:50 . 2012-02-28 01:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-27 21:50 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-11 04:43 . 2012-02-28 01:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-11 04:43 . 2012-02-27 21:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-11 04:43 . 2012-02-28 01:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-11 04:43 . 2012-02-27 21:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-11 04:43 . 2012-02-27 21:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-02-11 04:43 . 2012-02-28 01:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-24 16:50 . 2012-02-28 01:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-24 16:50 . 2012-02-27 21:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-24 16:50 . 2012-02-27 21:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-24 16:50 . 2012-02-28 01:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 17:27 . 2012-02-28 01:56 6200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3019844222-3475717226-3334360366-1000_UserData.bin
- 2012-02-27 21:14 . 2012-02-27 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-28 01:53 . 2012-02-28 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-28 01:53 . 2012-02-28 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-27 21:14 . 2012-02-27 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-13 00:16 . 2012-02-27 21:15 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-13 00:16 . 2012-02-28 01:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-28 01:55 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-27 21:15 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-27 21:15 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 01:55 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 22:02 . 2012-02-28 00:14 318280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-02-27 21:12 314632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-28 01:52 314632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-27 21:15 1851392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 01:55 1851392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-30 07:27 . 2012-02-28 00:14 1704772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3019844222-3475717226-3334360366-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Invisigoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-6-10 797184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-12 138360]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:35]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 04:35]
.
2012-02-24 c:\windows\Tasks\HPCeeScheduleForInvisigoth.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1259208527&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-27 18:20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 02:20
ComboFix2.txt 2012-02-27 21:46
.
Pre-Run: 159,884,926,976 bytes free
Post-Run: 159,603,167,232 bytes free
.
- - End Of File - - 380BAB21DCE36B0E0D74599EC5781EBC
I will send the other info later, going to reset the router today first.
-
will send the other info later, going to reset the router today first.
Are you still having problems with the internet access? If so, please run this scan.
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
Sorry for the delay in getting back to forum, work has been busy.
The internet is working on the laptop but I have 2 questions. Malwarebytes is still stopping something from accessing the cpu, which is great but still makes me nervous when I see it. Also windows did an automatic update for internet explorer 9 and when searching the web the laptop sometimes goes to other places then the website clicked on google.
Here is an update of SuperAntiSpyware and Malwarebytes.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/27/2012 at 08:42 PM
Application Version : 5.0.1144
Core Rules Database Version : 8264
Trace Rules Database Version: 6076
Scan type : Complete Scan
Total Scan Time : 02:07:52
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 588
Memory threats detected : 0
Registry items scanned : 66492
Registry threats detected : 0
File items scanned : 238353
File threats detected : 67
Adware.Tracking Cookie
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@2o7[1].txt [ /2o7 ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ad.yieldmanager ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@casalemedia[2].txt [ /casalemedia ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@doubleclick[1].txt [ /doubleclick ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@insightexpressai[1].txt [ /insightexpressai ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /paypal.112.2o7 ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@revsci[1].txt [ /revsci ]
C:\Users\Invisigoth\AppData\Roaming\Microsoft\Windows\Cookies\invisigoth@serving-sys[1].txt [ /serving-sys ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\invisigoth@doubleclick[2].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\46W89241.txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MXFON022.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AX9TNHR0.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\FR6VE4KD.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RRW89879.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Y8U57NI.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3O06QOBA.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\XRN3DRNK.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\invisigoth@atdmt[1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KL5I62QY.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EMOUJ7MZ.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\E29Y69JP.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6E0NCY0.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZX2BNYMN.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DAAVPC0B.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FVBCS94.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4ZCKE52.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYCJF7GB.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0AO59KMI.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6GQRI5Z.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TM9IV83Z.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M68YMNX1.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1AXB5D6M.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5M85ZWH.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RV6RJTF.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z9H4C8HO.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCTK0DN8.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4LPJQ16.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\invisigoth@statcounter[1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BNMRKO2.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KDCU0W92.txt [ Cookie:[email protected]/account ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY5IKAKM.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KRMFTU7J.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6H8X7K01.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBSH2JNE.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEU5KRGX.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1TG63NR.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQOT46XQ.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8YLKXXT.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\WRNECOJG.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ARSMS86B.txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\invisigoth@doubleclick[1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\invisigoth@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\INVISIGOTH\Cookies\invisigoth@serving-sys[1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\invisigoth@casalemedia[2].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\invisigoth@2o7[1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\invisigoth@insightexpressai[1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\INVISIGOTH\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
secure-uk.imrworldwide.com [ C:\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VXGQRBR3 ]
sftrack.searchforce.net [ C:\USERS\INVISIGOTH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VXGQRBR3 ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
media.charter.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UV2QU4Q5 ]
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.04.01
Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Invisigoth :: INVISIGOTH-PC [administrator]
Protection: Disabled
3/6/2012 8:34:05 PM
mbam-log-2012-03-06 (20-34-05).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461251
Time elapsed: 56 minute(s), 23 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1500 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
Thanks again for the help.
-
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
Here are the results.
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:286 Go - Free:149 Go )
D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:2 Go )
E:\ [CD_Rom]
.
Scan : 21:13.03
Path : C:\Users\Invisigoth\Downloads\Rooter (1).exe
User : Invisigoth ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (280)
Locked csrss.exe (388)
Locked csrss.exe (448)
Locked wininit.exe (456)
Locked winlogon.exe (504)
Locked services.exe (552)
Locked lsass.exe (560)
Locked lsm.exe (572)
Locked svchost.exe (664)
Locked svchost.exe (748)
Locked svchost.exe (840)
Locked svchost.exe (872)
Locked svchost.exe (900)
Locked svchost.exe (304)
Locked Smc.exe (540)
Locked svchost.exe (1040)
______ ???ó?????? (1176)
______ ???ó?????? (1212)
Locked ccSvcHst.exe (1256)
Locked spoolsv.exe (1536)
Locked svchost.exe (1576)
______ ???ó?????? (1616)
______ ???ó?????? (1656)
______ ???ó?????? (1812)
Locked SASCore64.exe (1928)
______ ???ó?????? (1976)
Locked AppleMobileDeviceService.exe (2036)
______ ???ó?????? (2044)
______ ???ó?????? (1316)
Locked SmcGui.exe (1628)
______ ???ó?????? (1752)
______ ???ó?????? (1784)
______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (2076)
Locked svchost.exe (2088)
Locked GoogleToolbarNotifier.exe (2112)
Locked SeaPort.EXE (2188)
Locked conhost.exe (2244)
______ C:\Program Files (x86)\HP\QuickPlay\QPService.exe (2432)
Locked mDNSResponder.exe (2484)
______ C:\Users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe (2512)
Locked svchost.exe (2584)
Locked LSSrvc.exe (2644)
Locked mdm.exe (2772)
______ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (2908)
Locked MotoHelperService.exe (2916)
______ C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (2956)
______ C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (2964)
Locked MotoHelper.exe (3016)
______ ???ó?????? (3032)
Locked RichVideo.exe (368)
______ C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe (2144)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2580)
Locked svchost.exe (1748)
Locked Rtvscan.exe (1920)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (2200)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2612)
Locked schtasks.exe (2932)
Locked conhost.exe (980)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2028)
Locked ADVWindowsClientService.exe (2124)
Locked ProtectionUtilSurrogate.exe (3360)
Locked iPodService.exe (3824)
Locked SearchIndexer.exe (3876)
Locked hpqWmiEx.exe (2560)
Locked svchost.exe (3512)
Locked svchost.exe (1312)
Locked WmiPrvSE.exe (3672)
Locked svchost.exe (4212)
Locked SynTPHelper.exe (4272)
Locked Com4QLBEx.exe (4516)
Locked wmpnetwk.exe (4740)
______ C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (4468)
______ ???ó?????? (5004)
Locked svchost.exe (1984)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5596)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5644)
______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (5892)
______ C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (5980)
Locked mbamservice.exe (5252)
Locked SearchProtocolHost.exe (5496)
Locked SearchFilterHost.exe (4044)
______ C:\Users\Invisigoth\Downloads\Rooter (1).exe (5760)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:307117424640)
\Device\Harddisk0\Partition3 (Start_Offset:307327139840 | Length:12744392704)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\HPCeeScheduleForInvisigoth.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:13.20
.
C:\Rooter$\Rooter_1.txt - (08/03/2012 | 21:13.20)
-
Please update me on how your computer is working now.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
The Laptop has been working good for the last few days. Malwarebytes still blocks C:\Windows\svchost.exe when ever it tries to run on laptop. On another note my wife and I now use my desktop for anything online that has to do with purchases or email. With that being said I went onto my hotmail account on the laptop and a few days later windows hotmail blocked my account. Windows had never blocked my account before but a few months ago my email account did send out spam to my contact list. Not sure if this is related or not. We are worried if we do anything on the laptop someone will get out accounts and info. I will run the ESET scanner later today. Thank you.
-
With that being said I went onto my hotmail account on the laptop and a few days later windows hotmail blocked my account.
Hotmail usually blocks accounts when they have been hacked. You will need to change your password. Good luck with that.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Here is the scan of ESET and aswMBR
C:\ProgramData\Microsoft\Windows\DRM\16C0.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\16C1.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\Users\Invisigoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTVA1QJY\main[2].htm JS/Kryptik.JL trojan cleaned by deleting - quarantined
C:\Users\Invisigoth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\864e612-3b1c64d9 Java/Exploit.CVE-2011-3544.BA trojan deleted - quarantined
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 18:00:23
-----------------------------
18:00:23.708 OS Version: Windows x64 6.1.7600
18:00:23.708 Number of processors: 2 586 0x170A
18:00:23.708 ComputerName: INVISIGOTH-PC UserName: Invisigoth
18:00:26.812 Initialize success
18:01:03.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:01:03.427 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 11
18:01:03.443 Device \Driver\atapi -> MajorFunction fffffa8004f975c4
18:01:03.443 Disk 0 MBR read successfully
18:01:03.443 Disk 0 MBR scan
18:01:03.458 Disk 0 TDL4@MBR code has been found
18:01:03.458 Disk 0 MBR hidden
18:01:03.474 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:01:03.474 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
18:01:03.521 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
18:01:03.521 Disk 0 MBR [TDL4] **ROOTKIT**
18:01:03.536 Disk 0 trace - called modules:
18:01:03.552 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004f975c4]<<
18:01:03.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a63060]
18:01:03.568 3 CLASSPNP.SYS[fffff8800112443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004739060]
18:01:03.568 \Driver\atapi[0xfffffa8004f0fc10] -> IRP_MJ_CREATE -> 0xfffffa8004f975c4
18:01:03.583 Scan finished successfully
18:01:41.928 Disk 0 MBR has been saved successfully to "C:\Users\Invisigoth\Desktop\MBR.dat"
18:01:41.928 The log file has been saved successfully to "C:\Users\Invisigoth\Desktop\aswMBR.txt"
Thank you.
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
I ran the TDSSKiller but did not get the report before it asked me to reboot. After reboot I scaned again and not problems were found. Here are the results I did say.
19:32:25.0576 5604 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:32:26.0076 5604 ============================================================
19:32:26.0076 5604 Current date / time: 2012/03/12 19:32:26.0076
19:32:26.0076 5604 SystemInfo:
19:32:26.0076 5604
19:32:26.0076 5604 OS Version: 6.1.7600 ServicePack: 0.0
19:32:26.0076 5604 Product type: Workstation
19:32:26.0076 5604 ComputerName: INVISIGOTH-PC
19:32:26.0076 5604 UserName: Invisigoth
19:32:26.0076 5604 Windows directory: C:\Windows
19:32:26.0076 5604 System windows directory: C:\Windows
19:32:26.0076 5604 Running under WOW64
19:32:26.0076 5604 Processor architecture: Intel x64
19:32:26.0076 5604 Number of processors: 2
19:32:26.0076 5604 Page size: 0x1000
19:32:26.0076 5604 Boot type: Normal boot
19:32:26.0076 5604 ============================================================
19:32:27.0074 5604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040
19:32:27.0090 5604 \Device\Harddisk0\DR0:
19:32:27.0090 5604 MBR used
19:32:27.0090 5604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:32:27.0090 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23C0D000
19:32:27.0090 5604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C71000, BlocksNum 0x17BD000
19:32:27.0152 5604 Initialize success
19:32:27.0152 5604 ============================================================
19:32:29.0929 6104 ============================================================
19:32:29.0929 6104 Scan started
19:32:29.0929 6104 Mode: Manual;
19:32:29.0929 6104 ============================================================
19:32:31.0302 6104 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:32:31.0302 6104 1394ohci - ok
19:32:31.0442 6104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:32:31.0442 6104 ACPI - ok
19:32:31.0489 6104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:32:31.0489 6104 AcpiPmi - ok
19:32:31.0598 6104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:31.0598 6104 adp94xx - ok
19:32:31.0754 6104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:32:31.0770 6104 adpahci - ok
19:32:31.0848 6104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:32:31.0848 6104 adpu320 - ok
19:32:31.0972 6104 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:32:31.0988 6104 AFD - ok
19:32:32.0113 6104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:32:32.0113 6104 agp440 - ok
19:32:32.0362 6104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:32:32.0362 6104 aliide - ok
19:32:32.0440 6104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:32:32.0440 6104 amdide - ok
19:32:32.0503 6104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:32:32.0503 6104 AmdK8 - ok
19:32:32.0565 6104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys19:32:32.0565 6104 AmdPPM - ok
19:32:32.0737 6104 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:32:32.0737 6104 amdsata - ok
19:32:32.0830 6104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:32:32.0830 6104 amdsbs - ok
19:32:33.0080 6104 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:32:33.0080 6104 amdxata - ok
19:32:33.0252 6104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:32:33.0252 6104 AppID - ok
19:32:33.0486 6104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:32:33.0486 6104 arc - ok
19:32:33.0517 6104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:32:33.0532 6104 arcsas - ok
19:32:33.0642 6104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:33.0642 6104 AsyncMac - ok
19:32:33.0704 6104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:32:33.0704 6104 atapi - ok
19:32:33.0813 6104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:32:33.0813 6104 b06bdrv - ok
19:32:33.0876 6104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:33.0876 6104 b57nd60a - ok
19:32:33.0985 6104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:32:33.0985 6104 Beep - ok
19:32:34.0063 6104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:32:34.0063 6104 blbdrive - ok
19:32:34.0188 6104 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:32:34.0188 6104 bowser - ok
19:32:34.0250 6104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:32:34.0250 6104 BrFiltLo - ok
19:32:34.0328 6104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:32:34.0328 6104 BrFiltUp - ok
19:32:34.0406 6104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:32:34.0406 6104 BridgeMP - ok
19:32:34.0468 6104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:32:34.0468 6104 Brserid - ok
19:32:34.0531 6104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:34.0531 6104 BrSerWdm - ok
19:32:34.0578 6104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:34.0578 6104 BrUsbMdm - ok
19:32:34.0718 6104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:34.0718 6104 BrUsbSer - ok
19:32:34.0858 6104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:32:34.0858 6104 BTHMODEM - ok
19:32:34.0890 6104 catchme - ok
19:32:35.0092 6104 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
19:32:35.0092 6104 CAXHWAZL - ok
19:32:35.0311 6104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:32:35.0311 6104 cdfs - ok
19:32:35.0389 6104 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:32:35.0389 6104 cdrom - ok
19:32:35.0514 6104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:32:35.0514 6104 circlass - ok
19:32:35.0545 6104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:32:35.0560 6104 CLFS - ok
19:32:35.0716 6104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:35.0732 6104 CmBatt - ok
19:32:35.0748 6104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:32:35.0748 6104 cmdide - ok
19:32:35.0779 6104 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:32:35.0779 6104 CNG - ok
19:32:35.0935 6104 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
19:32:35.0950 6104 CnxtHdAudService - ok
19:32:36.0106 6104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:32:36.0106 6104 Compbatt - ok
19:32:36.0216 6104 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:32:36.0216 6104 CompositeBus - ok
19:32:36.0340 6104 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
19:32:36.0340 6104 cpuz134 - ok
19:32:36.0418 6104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:32:36.0418 6104 crcdisk - ok
19:32:36.0574 6104 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:32:36.0574 6104 DfsC - ok
19:32:36.0606 6104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:32:36.0606 6104 discache - ok
19:32:36.0715 6104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:32:36.0715 6104 Disk - ok
19:32:36.0840 6104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:32:36.0840 6104 drmkaud - ok
19:32:37.0011 6104 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:32:37.0027 6104 DXGKrnl - ok
19:32:37.0308 6104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:32:37.0323 6104 ebdrv - ok
19:32:37.0417 6104 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:32:37.0432 6104 eeCtrl - ok
19:32:37.0542 6104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:32:37.0542 6104 elxstor - ok
19:32:37.0682 6104 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:32:37.0682 6104 EraserUtilRebootDrv - ok
19:32:37.0744 6104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:32:37.0744 6104 ErrDev - ok
19:32:37.0854 6104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:32:37.0854 6104 exfat - ok
19:32:37.0885 6104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:32:37.0885 6104 fastfat - ok
19:32:37.0963 6104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:32:37.0963 6104 fdc - ok
19:32:38.0056 6104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:32:38.0056 6104 FileInfo - ok
19:32:38.0088 6104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:32:38.0088 6104 Filetrace - ok
19:32:38.0166 6104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:38.0166 6104 flpydisk - ok
19:32:38.0228 6104 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:32:38.0228 6104 FltMgr - ok
19:32:38.0306 6104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:32:38.0306 6104 FsDepends - ok
19:32:38.0337 6104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:32:38.0337 6104 Fs_Rec - ok
19:32:38.0400 6104 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:32:38.0400 6104 fvevol - ok
19:32:38.0540 6104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:38.0540 6104 gagp30kx - ok
19:32:38.0680 6104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:32:38.0680 6104 GEARAspiWDM - ok
19:32:38.0930 6104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:32:38.0930 6104 hcw85cir - ok
19:32:39.0070 6104 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:32:39.0070 6104 HdAudAddService - ok
19:32:39.0226 6104 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:39.0226 6104 HDAudBus - ok
19:32:39.0258 6104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:39.0258 6104 HidBatt - ok
19:32:39.0398 6104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:32:39.0398 6104 HidBth - ok
19:32:39.0429 6104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:32:39.0429 6104 HidIr - ok
19:32:39.0554 6104 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:32:39.0554 6104 HidUsb - ok
19:32:39.0632 6104 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:32:39.0632 6104 HpqKbFiltr - ok
19:32:39.0741 6104 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:32:39.0741 6104 HpSAMD - ok
19:32:39.0913 6104 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:32:39.0928 6104 HSF_DPV - ok
19:32:40.0084 6104 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:32:40.0084 6104 HTTP - ok
19:32:40.0287 6104 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:32:40.0287 6104 hwpolicy - ok
19:32:40.0412 6104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:32:40.0412 6104 i8042prt - ok
19:32:40.0490 6104 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:32:40.0506 6104 iaStorV - ok
19:32:40.0974 6104 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:32:41.0052 6104 igfx - ok
19:32:41.0410 6104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:32:41.0426 6104 iirsp - ok
19:32:41.0551 6104 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
19:32:41.0551 6104 IntcHdmiAddService - ok
19:32:41.0582 6104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:32:41.0598 6104 intelide - ok
19:32:41.0707 6104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:32:41.0707 6104 intelppm - ok
19:32:41.0738 6104 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:41.0738 6104 IpFilterDriver - ok
19:32:41.0847 6104 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:32:41.0847 6104 IPMIDRV - ok
19:32:41.0972 6104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:32:41.0988 6104 IPNAT - ok
19:32:42.0066 6104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:32:42.0066 6104 IRENUM - ok
19:32:42.0175 6104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:32:42.0175 6104 isapnp - ok
19:32:42.0284 6104 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:32:42.0284 6104 iScsiPrt - ok
19:32:42.0393 6104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:42.0393 6104 kbdclass - ok
19:32:42.0440 6104 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:42.0440 6104 kbdhid - ok
19:32:42.0627 6104 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:32:42.0627 6104 KSecDD - ok
19:32:42.0924 6104 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:32:42.0924 6104 KSecPkg - ok
19:32:43.0064 6104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:32:43.0064 6104 ksthunk - ok
19:32:43.0423 6104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:32:43.0423 6104 lltdio - ok
19:32:43.0610 6104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:43.0610 6104 LSI_FC - ok
19:32:43.0672 6104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:43.0672 6104 LSI_SAS - ok
19:32:43.0860 6104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:43.0860 6104 LSI_SAS2 - ok
19:32:44.0031 6104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:44.0031 6104 LSI_SCSI - ok
19:32:44.0078 6104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:32:44.0078 6104 luafv - ok
19:32:44.0343 6104 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:32:44.0343 6104 MBAMProtector - ok
19:32:44.0702 6104 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:32:44.0702 6104 mdmxsdk - ok
19:32:45.0279 6104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:32:45.0279 6104 megasas - ok
19:32:45.0420 6104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:45.0420 6104 MegaSR - ok
19:32:45.0498 6104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:32:45.0498 6104 Modem - ok
19:32:45.0654 6104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:32:45.0654 6104 monitor - ok
19:32:45.0747 6104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:32:45.0747 6104 mouclass - ok
19:32:45.0856 6104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:32:45.0856 6104 mouhid - ok
19:32:46.0028 6104 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:32:46.0028 6104 mountmgr - ok
19:32:46.0184 6104 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:32:46.0184 6104 mpio - ok
19:32:46.0574 6104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:32:46.0574 6104 mpsdrv - ok
19:32:46.0792 6104 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:32:46.0792 6104 MRxDAV - ok
19:32:47.0198 6104 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:47.0198 6104 mrxsmb - ok
19:32:47.0572 6104 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:47.0588 6104 mrxsmb10 - ok
19:32:47.0806 6104 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:47.0806 6104 mrxsmb20 - ok
19:32:47.0931 6104 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:32:47.0931 6104 msahci - ok
19:32:47.0994 6104 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:32:48.0009 6104 msdsm - ok
19:32:48.0103 6104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:32:48.0103 6104 Msfs - ok
19:32:48.0243 6104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:32:48.0243 6104 mshidkmdf - ok
19:32:48.0368 6104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:32:48.0368 6104 msisadrv - ok
19:32:48.0524 6104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:32:48.0524 6104 MSKSSRV - ok
19:32:48.0696 6104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:48.0696 6104 MSPCLOCK - ok
19:32:48.0883 6104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:32:48.0883 6104 MSPQM - ok
19:32:49.0117 6104 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:32:49.0117 6104 MsRPC - ok
19:32:49.0351 6104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:32:49.0351 6104 mssmbios - ok
19:32:49.0413 6104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:32:49.0413 6104 MSTEE - ok
19:32:49.0507 6104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:49.0507 6104 MTConfig - ok
19:32:49.0554 6104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:32:49.0554 6104 Mup - ok
19:32:49.0850 6104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:32:49.0850 6104 NativeWifiP - ok
19:32:50.0053 6104 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\ENG64.SYS
19:32:50.0053 6104 NAVENG - ok
19:32:50.0131 6104 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\EX64.SYS
19:32:50.0146 6104 NAVEX15 - ok
19:32:50.0380 6104 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:32:50.0396 6104 NDIS - ok
19:32:50.0521 6104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:50.0521 6104 NdisCap - ok
19:32:50.0568 6104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:50.0568 6104 NdisTapi - ok
19:32:50.0802 6104 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:50.0802 6104 Ndisuio - ok
19:32:51.0114 6104 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:51.0114 6104 NdisWan - ok
19:32:51.0207 6104 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:32:51.0207 6104 NDProxy - ok
19:32:51.0238 6104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:32:51.0254 6104 NetBIOS - ok
19:32:51.0285 6104 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:32:51.0285 6104 NetBT - ok
19:32:51.0644 6104 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
19:32:51.0691 6104 NETw1v64 - ok
19:32:51.0987 6104 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
19:32:52.0034 6104 NETw5s64 - ok
19:32:52.0627 6104 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:32:52.0658 6104 netw5v64 - ok
19:32:52.0798 6104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:52.0798 6104 nfrd960 - ok
19:32:52.0876 6104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:32:52.0876 6104 Npfs - ok
19:32:53.0017 6104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:32:53.0017 6104 nsiproxy - ok
19:32:53.0438 6104 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:32:53.0454 6104 Ntfs - ok
19:32:53.0625 6104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:32:53.0625 6104 Null - ok
19:32:53.0703 6104 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:32:53.0703 6104 nvraid - ok
19:32:53.0875 6104 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:32:53.0875 6104 nvstor - ok
19:32:53.0984 6104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:32:53.0984 6104 nv_agp - ok
19:32:54.0031 6104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:32:54.0031 6104 ohci1394 - ok
19:32:54.0249 6104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:32:54.0249 6104 Parport - ok
19:32:54.0343 6104 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:32:54.0343 6104 partmgr - ok
19:32:54.0546 6104 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:32:54.0546 6104 pci - ok
19:32:54.0764 6104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:32:54.0764 6104 pciide - ok
19:32:54.0904 6104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:54.0920 6104 pcmcia - ok
19:32:55.0107 6104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:32:55.0107 6104 pcw - ok
19:32:55.0294 6104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:32:55.0294 6104 PEAUTH - ok
19:32:55.0466 6104 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:32:55.0482 6104 PptpMiniport - ok
19:32:55.0575 6104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:32:55.0591 6104 Processor - ok
19:32:55.0778 6104 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:32:55.0778 6104 Psched - ok
19:32:55.0887 6104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:32:55.0903 6104 ql2300 - ok
19:32:56.0028 6104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:56.0028 6104 ql40xx - ok
19:32:56.0215 6104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:32:56.0215 6104 QWAVEdrv - ok
19:32:56.0293 6104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:32:56.0293 6104 RasAcd - ok
19:32:56.0340 6104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:56.0340 6104 RasAgileVpn - ok
19:32:56.0449 6104 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:56.0449 6104 Rasl2tp - ok
19:32:56.0542 6104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:56.0542 6104 RasPppoe - ok
19:32:56.0620 6104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:32:56.0620 6104 RasSstp - ok
19:32:56.0652 6104 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:32:56.0652 6104 rdbss - ok
19:32:56.0823 6104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:56.0823 6104 rdpbus - ok
19:32:56.0870 6104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:56.0870 6104 RDPCDD - ok
19:32:56.0995 6104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:32:56.0995 6104 RDPENCDD - ok
19:32:57.0042 6104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:32:57.0042 6104 RDPREFMP - ok
19:32:57.0073 6104 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:32:57.0073 6104 RDPWD - ok
19:32:57.0166 6104 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:32:57.0166 6104 rdyboost - ok
19:32:57.0354 6104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:32:57.0354 6104 rspndr - ok
19:32:57.0510 6104 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
19:32:57.0510 6104 RSUSBSTOR - ok
19:32:57.0666 6104 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:32:57.0666 6104 RTL8167 - ok
19:32:57.0759 6104 RtsUIR - ok
19:32:57.0853 6104 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:32:57.0853 6104 SASDIFSV - ok
19:32:57.0884 6104 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:32:57.0884 6104 SASKUTIL - ok
19:32:58.0009 6104 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:32:58.0009 6104 sbp2port - ok
19:32:58.0040 6104 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:32:58.0040 6104 scfilter - ok
19:32:58.0258 6104 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
19:32:58.0258 6104 sdbus - ok
19:32:58.0321 6104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:32:58.0321 6104 secdrv - ok
19:32:58.0446 6104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:32:58.0446 6104 Serenum - ok
19:32:58.0492 6104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:32:58.0492 6104 Serial - ok
19:32:58.0524 6104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:32:58.0524 6104 sermouse - ok
19:32:58.0680 6104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:32:58.0680 6104 sffdisk - ok
19:32:58.0711 6104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:32:58.0711 6104 sffp_mmc - ok
19:32:58.0773 6104 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:32:58.0773 6104 sffp_sd - ok
19:32:58.0851 6104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:58.0851 6104 sfloppy - ok
19:32:58.0960 6104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:58.0960 6104 SiSRaid2 - ok
19:32:59.0038 6104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:59.0038 6104 SiSRaid4 - ok
19:32:59.0132 6104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:32:59.0132 6104 Smb - ok
19:32:59.0319 6104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:32:59.0319 6104 spldr - ok
19:32:59.0413 6104 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
19:32:59.0428 6104 SRTSP - ok
19:32:59.0522 6104 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
19:32:59.0522 6104 SRTSPL - ok
19:32:59.0616 6104 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
19:32:59.0616 6104 SRTSPX - ok
19:32:59.0678 6104 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:32:59.0678 6104 srv - ok
19:32:59.0974 6104 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:32:59.0974 6104 srv2 - ok
19:33:00.0271 6104 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:33:00.0271 6104 SrvHsfHDA - ok
19:33:00.0583 6104 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:33:00.0583 6104 SrvHsfV92 - ok
19:33:00.0926 6104 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:33:00.0942 6104 SrvHsfWinac - ok
19:33:01.0098 6104 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:33:01.0098 6104 srvnet - ok
19:33:01.0222 6104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:33:01.0222 6104 stexstor - ok
19:33:01.0254 6104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:33:01.0254 6104 swenum - ok
19:33:01.0394 6104 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:33:01.0394 6104 SymEvent - ok
19:33:01.0441 6104 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
19:33:01.0456 6104 SynTP - ok
19:33:01.0753 6104 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:33:01.0768 6104 Tcpip - ok
19:33:01.0956 6104 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:33:01.0971 6104 TCPIP6 - ok
19:33:02.0112 6104 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:33:02.0112 6104 tcpipreg - ok
19:33:02.0158 6104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:33:02.0158 6104 TDPIPE - ok
19:33:02.0205 6104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:33:02.0221 6104 TDTCP - ok
19:33:02.0283 6104 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:33:02.0299 6104 tdx - ok
19:33:02.0330 6104 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys
19:33:02.0330 6104 Teefer2 - ok
19:33:02.0470 6104 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:33:02.0470 6104 TermDD - ok
19:33:02.0595 6104 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:33:02.0595 6104 tssecsrv - ok
19:33:02.0642 6104 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:33:02.0658 6104 tunnel - ok
19:33:02.0798 6104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:33:02.0798 6104 uagp35 - ok
19:33:02.0954 6104 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:33:02.0954 6104 udfs - ok
19:33:03.0079 6104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:33:03.0079 6104 uliagpkx - ok
19:33:03.0110 6104 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:33:03.0110 6104 umbus - ok
19:33:03.0141 6104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:33:03.0141 6104 UmPass - ok
19:33:03.0250 6104 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
19:33:03.0250 6104 USBAAPL64 - ok
19:33:03.0313 6104 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:33:03.0313 6104 usbccgp - ok
19:33:03.0453 6104 USBCCID - ok
19:33:03.0547 6104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:33:03.0547 6104 usbcir - ok
19:33:03.0656 6104 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:33:03.0656 6104 usbehci - ok
19:33:03.0812 6104 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:33:03.0812 6104 usbhub - ok
19:33:03.0968 6104 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:33:03.0968 6104 usbohci - ok
19:33:04.0030 6104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:33:04.0030 6104 usbprint - ok
19:33:04.0233 6104 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:33:04.0233 6104 USBSTOR - ok
19:33:04.0483 6104 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:33:04.0483 6104 usbuhci - ok
19:33:04.0982 6104 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:33:04.0982 6104 usbvideo - ok
19:33:05.0154 6104 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:33:05.0154 6104 usb_rndisx - ok
19:33:05.0341 6104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:33:05.0341 6104 vdrvroot - ok
19:33:05.0434 6104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:33:05.0434 6104 vga - ok
19:33:05.0528 6104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:33:05.0528 6104 VgaSave - ok
19:33:05.0653 6104 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:33:05.0653 6104 vhdmp - ok
19:33:05.0762 6104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:33:05.0778 6104 viaide - ok
19:33:05.0887 6104 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:33:05.0887 6104 volmgr - ok
19:33:05.0980 6104 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:33:05.0980 6104 volmgrx - ok
19:33:06.0105 6104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:33:06.0121 6104 volsnap - ok
19:33:06.0246 6104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:33:06.0261 6104 vsmraid - ok
19:33:06.0417 6104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:33:06.0417 6104 vwifibus - ok
19:33:06.0573 6104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:33:06.0573 6104 vwififlt - ok
19:33:06.0667 6104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:33:06.0667 6104 WacomPen - ok
19:33:06.0792 6104 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:33:06.0792 6104 WANARP - ok
19:33:06.0823 6104 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:33:06.0823 6104 Wanarpv6 - ok
19:33:06.0963 6104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:33:06.0979 6104 Wd - ok
19:33:07.0088 6104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:33:07.0088 6104 Wdf01000 - ok
19:33:07.0244 6104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:33:07.0244 6104 WfpLwf - ok
19:33:07.0291 6104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:33:07.0291 6104 WIMMount - ok
19:33:07.0462 6104 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:33:07.0478 6104 winachsf - ok
19:33:07.0603 6104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:33:07.0603 6104 WmiAcpi - ok
19:33:07.0712 6104 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys
19:33:07.0712 6104 WPS - ok
19:33:07.0743 6104 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
19:33:07.0743 6104 WpsHelper - ok
19:33:07.0837 6104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:33:07.0837 6104 ws2ifsl - ok
19:33:07.0884 6104 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:33:07.0884 6104 WudfPf - ok
19:33:07.0993 6104 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:07.0993 6104 WUDFRd - ok
19:33:08.0071 6104 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
19:33:08.0071 6104 XAudio - ok
19:33:08.0180 6104 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:33:08.0180 6104 yukonw7 - ok
19:33:08.0227 6104 MBR (0x1B8) (de23ad1285d12ab3358945dc7628786c) \Device\Harddisk0\DR0
19:33:08.0289 6104 \Device\Harddisk0\DR0 - ok
19:33:08.0305 6104 Boot (0x1200) (fb66b5aa8fc754b3e8d6cbe53e923388) \Device\Harddisk0\DR0\Partition0
19:33:08.0305 6104 \Device\Harddisk0\DR0\Partition0 - ok
19:33:08.0336 6104 Boot (0x1200) (eb4ff44826345e9bf9d9ee2dffa708a8) \Device\Harddisk0\DR0\Partition1
19:33:08.0352 6104 \Device\Harddisk0\DR0\Partition1 - ok
19:33:08.0398 6104 Boot (0x1200) (4bd104a4728070cb0b19a1e50009d080) \Device\Harddisk0\DR0\Partition2
19:33:08.0445 6104 \Device\Harddisk0\DR0\Partition2 - ok
19:33:08.0445 6104 ============================================================
19:33:08.0445 6104 Scan finished
19:33:08.0445 6104 ============================================================
19:33:08.0461 2376 Detected object count: 0
19:33:08.0461 2376 Actual detected object count: 0
-
Could you please run aswMBR.exe as described in Reply # 16?
-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 20:40:03
-----------------------------
20:40:03.044 OS Version: Windows x64 6.1.7600
20:40:03.044 Number of processors: 2 586 0x170A
20:40:03.044 ComputerName: INVISIGOTH-PC UserName: Invisigoth
20:40:04.589 Initialize success
20:41:05.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:41:05.462 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 11
20:41:05.493 Disk 0 MBR read successfully
20:41:05.493 Disk 0 MBR scan
20:41:05.493 Disk 0 unknown MBR code
20:41:05.509 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:41:05.524 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
20:41:05.555 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
20:41:05.587 Disk 0 scanning C:\Windows\system32\drivers
20:41:11.795 Service scanning
20:41:27.333 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
20:41:30.032 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
20:41:30.094 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
20:41:31.592 Modules scanning
20:41:32.107 Disk 0 trace - called modules:
20:41:32.138 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:41:32.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004922660]
20:41:32.153 3 CLASSPNP.SYS[fffff880010fa43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046fa060]
20:41:32.169 Scan finished successfully
20:43:45.783 Disk 0 MBR has been saved successfully to "C:\Users\Invisigoth\Desktop\MBR.dat"
20:43:45.799 The log file has been saved successfully to "C:\Users\Invisigoth\Desktop\aswMBR.txt"
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 240):
0x02C49000 \SystemRoot\system32\ntoskrnl.exe
0x02C00000 \SystemRoot\system32\hal.dll
0x00BC7000 \SystemRoot\system32\kdcom.dll
0x00CC5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D09000 \SystemRoot\system32\PSHED.dll
0x00D1D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EF7000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00EDD000 \SystemRoot\System32\drivers\partmgr.sys
0x00FAA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FB3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FBF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FEC000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FF3000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00DD7000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DDF000 \SystemRoot\System32\drivers\mountmgr.sys
0x0105C000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01082000 \SystemRoot\system32\drivers\nvraid.sys
0x010AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x010DA000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010E1000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0129E000 \SystemRoot\system32\drivers\iaStorV.sys
0x013BC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013C5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01200000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0121D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0127F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010E9000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01100000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0117B000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x011D1000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01000000 \SystemRoot\system32\drivers\amdsata.sys
0x01434000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x0147B000 \SystemRoot\system32\drivers\amdxata.sys
0x01486000 \SystemRoot\system32\DRIVERS\arc.sys
0x0149F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x014BA000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01541000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01552000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01571000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01584000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015A3000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016E4000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01788000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01798000 \SystemRoot\system32\drivers\nvstor.sys
0x0181F000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019C3000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019D1000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019E9000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01689000 \SystemRoot\system32\drivers\fltmgr.sys
0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A5A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C9B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01CF9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01D13000 \SystemRoot\System32\Drivers\cng.sys
0x01D86000 \SystemRoot\System32\drivers\pcw.sys
0x01D97000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E8B000 \SystemRoot\system32\drivers\ndis.sys
0x01F7D000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E00000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01E2B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E75000 \SystemRoot\system32\DRIVERS\wd.sys
0x01DA1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E7D000 \SystemRoot\System32\Drivers\spldr.sys
0x01FDD000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C3A000 \SystemRoot\System32\Drivers\mup.sys
0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C55000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A00000 \SystemRoot\system32\DRIVERS\disk.sys
0x017C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x034C6000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x04204000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\EX64.SYS
0x0353A000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03570000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\ENG64.SYS
0x03590000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x035A4000 \SystemRoot\System32\Drivers\Null.SYS
0x035AD000 \SystemRoot\System32\Drivers\Beep.SYS
0x035B4000 \SystemRoot\System32\drivers\vga.sys
0x035C2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x035E7000 \SystemRoot\System32\drivers\watchdog.sys
0x035F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03400000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03409000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03412000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0341D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0342E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0344C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03459000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x044B7000 \SystemRoot\system32\drivers\afd.sys
0x04540000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04585000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04590000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04599000 \SystemRoot\system32\DRIVERS\pacer.sys
0x045BF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x045D5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0441D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04438000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0444C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04456000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04460000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x045E4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x045F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04698000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04711000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04737000 \SystemRoot\System32\drivers\discache.sys
0x04746000 \SystemRoot\System32\Drivers\dfsc.sys
0x04764000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04775000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0479B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x047B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x050F9000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x05000000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05B18000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05B5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05B6B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05BC1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05BD2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x047BA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05E7C000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x065DB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05E00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05E1E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05E2A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04600000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05E39000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05E3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05E4A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05E4F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05E5C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x065E8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04649000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05E6C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0346C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0466D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0349B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x01A34000 \SystemRoot\system32\DRIVERS\teefer2.sys
0x05E78000 \SystemRoot\system32\DRIVERS\swenum.sys
0x015AF000 \SystemRoot\system32\DRIVERS\ks.sys
0x017ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A79000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04AD3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04AE8000 \SystemRoot\system32\drivers\CHDRT64.sys
0x04B94000 \SystemRoot\system32\drivers\portcls.sys
0x04BD1000 \SystemRoot\system32\drivers\drmk.sys
0x04BF3000 \SystemRoot\system32\drivers\ksthunk.sys
0x04A00000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x08218000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x08477000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x08542000 \SystemRoot\system32\drivers\modem.sys
0x08551000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x08578000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08586000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08592000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x085AF000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x085BA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x085E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x08400000 \SystemRoot\System32\drivers\Dxapi.sys
0x0840C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x0841A000 \SystemRoot\system32\drivers\luafv.sys
0x0843D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0845E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0838C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x083DF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x08200000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0309A000 \SystemRoot\system32\drivers\HTTP.sys
0x03162000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0x0319D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x031BB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x031D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0304E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03071000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys
0x0307A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x09426000 \SystemRoot\system32\drivers\peauth.sys
0x094CC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x094D7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09504000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09516000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x0951E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09A18000 \SystemRoot\System32\DRIVERS\srv.sys
0x09AAD000 \??\C:\Windows\system32\drivers\mbam.sys
0x778B0000 \Windows\System32\ntdll.dll
0x47BE0000 \Windows\System32\smss.exe
0xFFBD0000 \Windows\System32\apisetschema.dll
0xFF850000 \Windows\System32\autochk.exe
0xFFAE0000 \Windows\System32\advapi32.dll
0xFFA70000 \Windows\System32\gdi32.dll
0xFFA40000 \Windows\System32\imm32.dll
0xFFA30000 \Windows\System32\lpk.dll
0xFF990000 \Windows\System32\clbcatq.dll
0x77750000 \Windows\System32\wininet.dll
0xFF8B0000 \Windows\System32\oleaut32.dll
0xFEB20000 \Windows\System32\shell32.dll
0xFEA10000 \Windows\System32\msctf.dll
0xFE9F0000 \Windows\System32\sechost.dll
0x77600000 \Windows\System32\urlmon.dll
0x77A80000 \Windows\System32\normaliz.dll
0xFE9D0000 \Windows\System32\imagehlp.dll
0xFE7C0000 \Windows\System32\ole32.dll
0xFE6F0000 \Windows\System32\usp10.dll
0xFE6A0000 \Windows\System32\ws2_32.dll
0x77500000 \Windows\System32\user32.dll
0xFE4C0000 \Windows\System32\setupapi.dll
0x773E0000 \Windows\System32\kernel32.dll
0x771D0000 \Windows\System32\iertutil.dll
0xFE420000 \Windows\System32\msvcrt.dll
0xFE380000 \Windows\System32\comdlg32.dll
0xFE330000 \Windows\System32\Wldap32.dll
0xFE2B0000 \Windows\System32\difxapi.dll
0xFE230000 \Windows\System32\shlwapi.dll
0xFE220000 \Windows\System32\nsi.dll
0x77A70000 \Windows\System32\psapi.dll
0xFE0F0000 \Windows\System32\rpcrt4.dll
0xFDF80000 \Windows\System32\crypt32.dll
0xFDF10000 \Windows\System32\KernelBase.dll
0xFDED0000 \Windows\System32\wintrust.dll
0xFDE90000 \Windows\System32\cfgmgr32.dll
0xFDE70000 \Windows\System32\devobj.dll
0xFDDD0000 \Windows\System32\comctl32.dll
0xFDDC0000 \Windows\System32\msasn1.dll
Processes (total 84):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
388 csrss.exe
448 csrss.exe
456 C:\Windows\System32\wininit.exe
504 C:\Windows\System32\winlogon.exe
552 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
248 C:\Windows\System32\svchost.exe
452 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
336 C:\Windows\System32\svchost.exe
1144 C:\Windows\explorer.exe
1180 C:\Windows\System32\dwm.exe
1196 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
1572 C:\Windows\System32\taskhost.exe
1620 C:\Windows\System32\spoolsv.exe
1704 C:\Windows\System32\svchost.exe
1744 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1896 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
1904 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
1980 C:\Program Files\Java\jre6\bin\jusched.exe
1296 C:\Windows\System32\igfxtray.exe
1152 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1380 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1736 C:\Windows\System32\hkcmd.exe
948 C:\Windows\System32\igfxpers.exe
2060 C:\Windows\WindowsMobile\wmdc.exe
2100 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2120 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2312 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2320 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
2424 C:\Users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2436 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2444 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
2496 C:\Windows\System32\svchost.exe
2632 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2648 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
2692 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
2764 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2772 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2860 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2872 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2952 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2988 C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
3004 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
1336 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2276 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2216 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1244 C:\Windows\System32\svchost.exe
2540 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
1524 C:\Windows\SysWOW64\schtasks.exe
2520 C:\Windows\System32\conhost.exe
1684 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
3100 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
3732 C:\Program Files\iPod\bin\iPodService.exe
3928 C:\Windows\System32\SearchIndexer.exe
4008 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3332 C:\Windows\System32\svchost.exe
2240 C:\Windows\System32\svchost.exe
3764 WmiPrvSE.exe
4108 C:\Windows\System32\svchost.exe
4336 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4564 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4944 C:\Program Files\Windows Media Player\wmpnetwk.exe
4200 C:\Windows\System32\svchost.exe
4772 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4840 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
3296 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4224 C:\Windows\System32\svchost.exe
4384 C:\Windows\System32\taskhost.exe
3532 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3228 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3640 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
6040 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
2972 C:\Users\Invisigoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ0AHTSU\MBRCheck.exe
5512 C:\Windows\System32\conhost.exe
5008 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`8e200000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OCA0G
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A2373E353ECEDDBAE737B434911DAC16176437C B
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
-
Please Boot to the System Recovery Options (http://www.sevenforums.com/tutorials/668-system-recovery-options.html)
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
bootrec /fixboot (<--- there is a "space" after "bootrec")
exit
Restart computer.
-
Thanks again SuperDave and sorry about the delay in response. Followed the steps you suggested but under command prompt no X:\SOURCES>... popped up and when I typed it in it said "access denied". I ran both bootrec /fixmbr and bootrec /fixboot anyways then restrated cpu. I hope that was the right thing to do?
-
Please run MBRCheck.exe as outlined in Reply # 22 and post the log.
-
Here is MBRcheck.exe
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 241):
0x02C67000 \SystemRoot\system32\ntoskrnl.exe
0x02C1E000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00C7F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CC3000 \SystemRoot\system32\PSHED.dll
0x00CD7000 \SystemRoot\system32\CLFS.SYS
0x00D35000 \SystemRoot\system32\CI.dll
0x00EAD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F51000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F60000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E16000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E87000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E97000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00E9E000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00EA5000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01030000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01056000 \SystemRoot\system32\drivers\nvraid.sys
0x0107E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x010AE000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010B5000 \SystemRoot\system32\DRIVERS\viaide.sys
0x010BD000 \SystemRoot\system32\drivers\iaStorV.sys
0x011DB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0127A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01297000 \SystemRoot\system32\DRIVERS\storport.sys
0x012F9000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01304000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x0131B000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01396000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01200000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x0122F000 \SystemRoot\system32\drivers\amdsata.sys
0x01466000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x014AD000 \SystemRoot\system32\drivers\amdxata.sys
0x014B8000 \SystemRoot\system32\DRIVERS\arc.sys
0x014D1000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x014EC000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01573000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01584000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x015A3000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x015B6000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015D5000 \SystemRoot\system32\DRIVERS\megasas.sys
0x0161A000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016BE000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016CE000 \SystemRoot\system32\drivers\nvstor.sys
0x0181B000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x016F9000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019BF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019CD000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019E5000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01758000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01782000 \SystemRoot\system32\drivers\fltmgr.sys
0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A47000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
0x01A00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01CDE000 \SystemRoot\System32\Drivers\cng.sys
0x01D51000 \SystemRoot\System32\drivers\pcw.sys
0x01D62000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E11000 \SystemRoot\system32\drivers\ndis.sys
0x01F03000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F63000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02002000 \SystemRoot\System32\drivers\tcpip.sys
0x01F8E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01FD8000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D6C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01FE0000 \SystemRoot\System32\Drivers\spldr.sys
0x01DB8000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01FE8000 \SystemRoot\System32\Drivers\mup.sys
0x01E00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C3A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C74000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DD5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0343E000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x034B2000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03508000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x0351C000 \SystemRoot\System32\Drivers\Null.SYS
0x03525000 \SystemRoot\System32\Drivers\Beep.SYS
0x0352C000 \SystemRoot\System32\drivers\vga.sys
0x0353A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0355F000 \SystemRoot\System32\drivers\watchdog.sys
0x0356F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03578000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03581000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0358A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03595000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035A6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x035C4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x035D1000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x044E9000 \SystemRoot\system32\drivers\afd.sys
0x04572000 \SystemRoot\System32\DRIVERS\netbt.sys
0x045B7000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x045C2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x045CB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04416000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04442000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0445D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04471000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x0447B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04485000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x044D6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x045F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x046A4000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0471D000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04743000 \SystemRoot\System32\drivers\discache.sys
0x04752000 \SystemRoot\System32\Drivers\dfsc.sys
0x04770000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04781000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x047A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x047BD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x050F6000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x05000000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05B15000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05B5B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05B68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05BBE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05BCF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x047C6000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05E14000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06573000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06580000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0659E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x065AA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04600000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x065B9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x065BB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x065CA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x065CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x065DC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04649000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0465F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x065EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04683000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01A1A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04425000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x017CE000 \SystemRoot\system32\DRIVERS\teefer2.sys
0x065F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x048C9000 \SystemRoot\system32\DRIVERS\ks.sys
0x0490C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0491E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04978000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04800000 \SystemRoot\system32\drivers\CHDRT64.sys
0x0498D000 \SystemRoot\system32\drivers\portcls.sys
0x049CA000 \SystemRoot\system32\drivers\drmk.sys
0x049EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x08260000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x0843E000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x082B2000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x085B2000 \SystemRoot\system32\drivers\modem.sys
0x085C1000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x085E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08400000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0840C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x08417000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0837D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0839A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x0842A000 \SystemRoot\System32\drivers\Dxapi.sys
0x083C8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x083D6000 \SystemRoot\system32\drivers\luafv.sys
0x08200000 \SystemRoot\system32\drivers\WudfPf.sys
0x08221000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01C8A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x08236000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x048AC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x030DD000 \SystemRoot\system32\drivers\HTTP.sys
0x031A5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x031C3000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0x03000000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03018000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03045000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03093000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x030B6000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys
0x030BF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x096E7000 \SystemRoot\system32\drivers\peauth.sys
0x0978D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09798000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x097C5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x097D7000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x09600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09EC3000 \SystemRoot\System32\DRIVERS\srv.sys
0x09F58000 \??\C:\Windows\system32\drivers\mbam.sys
0x04206000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120322.003\EX64.SYS
0x09FD3000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120322.003\ENG64.SYS
0x77410000 \Windows\System32\ntdll.dll
0x47ED0000 \Windows\System32\smss.exe
0xFF730000 \Windows\System32\apisetschema.dll
0xFF0D0000 \Windows\System32\autochk.exe
0xFF6A0000 \Windows\System32\shlwapi.dll
0xFF690000 \Windows\System32\nsi.dll
0x772F0000 \Windows\System32\kernel32.dll
0xFF5B0000 \Windows\System32\oleaut32.dll
0x775E0000 \Windows\System32\normaliz.dll
0xFF5A0000 \Windows\System32\lpk.dll
0x77190000 \Windows\System32\wininet.dll
0xFF500000 \Windows\System32\msvcrt.dll
0xFF4B0000 \Windows\System32\Wldap32.dll
0x775D0000 \Windows\System32\psapi.dll
0xFF380000 \Windows\System32\rpcrt4.dll
0x77040000 \Windows\System32\urlmon.dll
0xFF2E0000 \Windows\System32\clbcatq.dll
0xFF260000 \Windows\System32\difxapi.dll
0xFF230000 \Windows\System32\imm32.dll
0xFF150000 \Windows\System32\advapi32.dll
0x76F40000 \Windows\System32\user32.dll
0xFE3C0000 \Windows\System32\shell32.dll
0xFE3A0000 \Windows\System32\sechost.dll
0xFE1C0000 \Windows\System32\setupapi.dll
0x76D30000 \Windows\System32\iertutil.dll
0xFDFB0000 \Windows\System32\ole32.dll
0xFDF90000 \Windows\System32\imagehlp.dll
0xFDF40000 \Windows\System32\ws2_32.dll
0xFDE30000 \Windows\System32\msctf.dll
0xFDDC0000 \Windows\System32\gdi32.dll
0xFDD20000 \Windows\System32\comdlg32.dll
0xFDC50000 \Windows\System32\usp10.dll
0xFDC10000 \Windows\System32\wintrust.dll
0xFDB70000 \Windows\System32\comctl32.dll
0xFDB50000 \Windows\System32\devobj.dll
0xFDAE0000 \Windows\System32\KernelBase.dll
0xFD970000 \Windows\System32\crypt32.dll
0xFD930000 \Windows\System32\cfgmgr32.dll
0xFD920000 \Windows\System32\msasn1.dll
0x775C0000 \Windows\SysWOW64\normaliz.dll
Processes (total 84):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
380 csrss.exe
444 csrss.exe
452 C:\Windows\System32\wininit.exe
500 C:\Windows\System32\winlogon.exe
548 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\svchost.exe
376 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
332 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\dwm.exe
1132 C:\Windows\explorer.exe
1240 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
1516 C:\Windows\System32\spoolsv.exe
1556 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\taskhost.exe
1676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1844 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
1920 C:\Program Files\Java\jre6\bin\jusched.exe
1976 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2016 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
992 C:\Windows\System32\igfxtray.exe
968 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1264 C:\Windows\System32\hkcmd.exe
932 C:\Windows\System32\igfxpers.exe
436 C:\Windows\WindowsMobile\wmdc.exe
2060 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2088 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2200 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2296 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
2408 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2420 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
2444 C:\Users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
2496 C:\Windows\System32\svchost.exe
2592 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2600 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
2676 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
2760 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2824 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2880 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2892 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2960 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3028 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3036 C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
1460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
728 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
828 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2432 C:\Windows\System32\svchost.exe
2480 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
1296 C:\Windows\SysWOW64\schtasks.exe
2612 C:\Windows\System32\conhost.exe
592 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
3104 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
3784 C:\Program Files\iPod\bin\iPodService.exe
3812 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3920 C:\Windows\System32\SearchIndexer.exe
4044 C:\Windows\System32\svchost.exe
2340 C:\Windows\System32\svchost.exe
3572 WmiPrvSE.exe
3316 C:\Windows\System32\svchost.exe
4212 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4412 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4540 C:\Program Files\Windows Media Player\wmpnetwk.exe
4144 C:\Windows\System32\svchost.exe
5068 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4520 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
1096 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3768 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3616 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3792 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4432 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
2440 C:\Windows\System32\SearchProtocolHost.exe
4308 C:\Windows\System32\SearchFilterHost.exe
3444 C:\Windows\System32\dllhost.exe
3008 C:\Users\Invisigoth\Downloads\MBRCheck.exe
2068 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`8e200000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OCA0G
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
Done!
-
Please give me an update on how your computer is working now?