Jump to content
Bartley

Having several issues, not sure what is happening

Recommended Posts

Hello,

Please see my logs attached, I'm not sure I'm infected, Malwarebytes reports nothing, but all of sudden started having several issues all at once. First I started having very sporadic wireless issues. Great signal, very slow speed. Often dropping from 270+mbps to 35mbps, even to the point of being disconnected. I have updated drivers and done all the normal stuff. But the problem happens no matter where I am at (I went to various location, with different isp, same issues). The problem is random and may start as soon as I connect, or may run for an hour without issues before it starts. Connecting by cat5 solves the problem, I would think it is my wifi card but disabling the built in card and using a usb wifi produces the same issues.

At about the same time I started having slow boot up, after logging on my windows account it takes a long time for windows to load. Sometimes it will not finish loading windows and I am forced to shut it down manually. This is very unusual for this computer. The slow loading is random and does not always happen. It will often load to a blank desktop with only the taskbar, then 2 minutes later the desktop will load. Often I have temporary slowdown and freezes that last 10 to 15 seconds once it is up and running. A couple of times on shut down, it does not shut down but reboots. This occurs several times and then for no apparent reason it does finally shut down.

I realize that this may not be a virus or Mal ware issues, but I am at a loss for what is going on. These issues may not even be related, but I have no answers. I'll take any ideas.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:28:18 AM, on 6/16/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Razer\Salmosa\razerhid.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\n52te\n52teHid.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\Salmosa\razertra.exe

C:\Program Files (x86)\Razer\Salmosa\razerofa.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Brad\Desktop\fixs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...&m=p-7805u&c=BB

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...&m=p-7805u&c=BB

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...&m=p-7805u&c=BB

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [salmosa] "C:\Program Files (x86)\Razer\Salmosa\razerhid.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Jomantha] "C:\Program Files (x86)\n52te\n52teHid.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2646544230-175470749-843411820-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.juno.com

O15 - Trusted Zone: *.netzero.com

O15 - Trusted Zone: *.netzero.net

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Hawking\Common\RaRegistry.exe

O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

Thanks for your time

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

Hi Bartley and :welcome:

Sorry for the delay! Do you still need help?

Share this post


Link to post
Share on other sites

Post a new fresh DDS log file and:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Share this post


Link to post
Share on other sites

ok, here ya go. I had trouble and kept getting blue screen when running aswmbr.exe. I disabled my avast and turned off the wireless card and it worked. I hope that was ok to do.

Thanks for your help

aswMBR.txt

DDS02.txt

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • MBRCheck log

Share this post


Link to post
Share on other sites

here they are

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.23.02

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Brad :: BRAD-PC [administrator]

6/22/2012 10:56:33 PM

mbam-log-2012-06-22 (22-56-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231668

Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: Gateway

System Product Name: P-7805u

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 161):

0x02C64000 \SystemRoot\system32\ntoskrnl.exe

0x02C1E000 \SystemRoot\system32\hal.dll

0x00608000 \SystemRoot\system32\kdcom.dll

0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064D000 \SystemRoot\system32\PSHED.dll

0x00661000 \SystemRoot\system32\CLFS.SYS

0x006BE000 \SystemRoot\system32\CI.dll

0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008B3000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008C2000 \SystemRoot\system32\drivers\acpi.sys

0x00918000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00921000 \SystemRoot\system32\drivers\msisadrv.sys

0x0092B000 \SystemRoot\system32\drivers\pci.sys

0x0095B000 \SystemRoot\System32\drivers\partmgr.sys

0x00970000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00974000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00980000 \SystemRoot\system32\drivers\volmgr.sys

0x00994000 \SystemRoot\System32\drivers\volmgrx.sys

0x00770000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A04000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x00B12000 \SystemRoot\system32\drivers\atapi.sys

0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS

0x00B3E000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B85000 \SystemRoot\system32\drivers\fileinfo.sys

0x00C0C000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E0D000 \SystemRoot\system32\drivers\ndis.sys

0x00C93000 \SystemRoot\system32\drivers\msrpc.sys

0x00CE3000 \SystemRoot\system32\drivers\NETIO.SYS

0x0100F000 \SystemRoot\System32\drivers\tcpip.sys

0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0138D000 \SystemRoot\system32\drivers\volsnap.sys

0x013D1000 \SystemRoot\System32\Drivers\spldr.sys

0x013D9000 \SystemRoot\System32\Drivers\mup.sys

0x011AF000 \SystemRoot\System32\drivers\ecache.sys

0x013EB000 \SystemRoot\system32\drivers\disk.sys

0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x01200000 \SystemRoot\system32\drivers\crcdisk.sys

0x0231C000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02329000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x02405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0307C000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0307E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03161000 \SystemRoot\System32\drivers\watchdog.sys

0x03171000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x0317D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x031C3000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x032F4000 \SystemRoot\system32\DRIVERS\yk60x64.sys

0x03407000 \SystemRoot\system32\DRIVERS\NETwNv64.sys

0x03C5B000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x03C6D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x03C7D000 \SystemRoot\system32\DRIVERS\o2sdx64.sys

0x03C89000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x03CB7000 \SystemRoot\system32\DRIVERS\o2mdx64.sys

0x03CC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x03CCA000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03CE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03CEE000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x03D43000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03D45000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03D51000 \SystemRoot\SysWOW64\drivers\Afc.sys

0x03D5A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03D76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03D83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x03D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03D9F000 \SystemRoot\system32\DRIVERS\vhidmini.sys

0x03DA3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x03DB5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x03DBD000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x03359000 \SystemRoot\system32\DRIVERS\storport.sys

0x033B6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x033C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x033E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02332000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x031D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x02363000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x031E4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02381000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03DF6000 \SystemRoot\system32\DRIVERS\swenum.sys

0x02394000 \SystemRoot\system32\DRIVERS\ks.sys

0x033F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x023C8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x00D3C000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x023D8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x00D84000 \SystemRoot\system32\drivers\CHDRT64.sys

0x00B99000 \SystemRoot\system32\drivers\portcls.sys

0x00DCA000 \SystemRoot\system32\drivers\drmk.sys

0x03DF8000 \SystemRoot\system32\drivers\ksthunk.sys

0x00783000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x05A07000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x05C0B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x05CD6000 \SystemRoot\system32\drivers\modem.sys

0x05CE5000 \SystemRoot\system32\drivers\nvhda64v.sys

0x05D12000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05D2E000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS

0x05D36000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05805000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x058D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x058DC000 \SystemRoot\System32\Drivers\Null.SYS

0x058F0000 \SystemRoot\System32\drivers\vga.sys

0x058FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x05923000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0592C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x05935000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05940000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05951000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x0595A000 \SystemRoot\system32\DRIVERS\tdx.sys

0x05977000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x05989000 \SystemRoot\system32\DRIVERS\smb.sys

0x05D60000 \SystemRoot\system32\drivers\afd.sys

0x059A4000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x059B1000 \SystemRoot\System32\DRIVERS\netbt.sys

0x05DCB000 \SystemRoot\system32\DRIVERS\pacer.sys

0x05DE9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x05B7B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x059F5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x05B96000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05BE3000 \SystemRoot\system32\drivers\nsiproxy.sys

0x00BD4000 \SystemRoot\System32\Drivers\dfsc.sys

0x05E06000 \SystemRoot\System32\Drivers\aswSP.SYS

0x05E5E000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05E6C000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x00090000 \SystemRoot\System32\win32k.sys

0x05F7A000 \SystemRoot\System32\drivers\Dxapi.sys

0x05F86000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004F0000 \SystemRoot\System32\TSDDD.dll

0x006C0000 \SystemRoot\System32\cdd.dll

0x05F99000 \SystemRoot\system32\drivers\luafv.sys

0x05FBB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x05FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x02200000 \SystemRoot\system32\drivers\WudfPf.sys

0x02221000 \SystemRoot\system32\drivers\spsys.sys

0x022BB000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x022CF000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x05C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x02303000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0A60B000 \SystemRoot\system32\drivers\HTTP.sys

0x0A6AE000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0A6D7000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0A6F5000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0A70F000 \SystemRoot\system32\drivers\mrxdav.sys

0x0A736000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0A75F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0A7A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0A7C7000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0A80D000 \SystemRoot\System32\DRIVERS\srv.sys

0x0A8A0000 \SystemRoot\system32\drivers\usbaudio.sys

0x0A8B9000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0A8C2000 \SystemRoot\system32\drivers\salmosa.sys

0x0A8C5000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys

0x0A8CE000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x0A8D9000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys

0x0A8F1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x0A8F6000 \SystemRoot\system32\drivers\peauth.sys

0x0A9AC000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0A9B7000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0A9C7000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x0A9CF000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x77CD0000 \Windows\System32\ntdll.dll

Processes (total 85):

0 System Idle Process

4 System

496 C:\Windows\System32\smss.exe

628 csrss.exe

672 C:\Windows\System32\wininit.exe

692 csrss.exe

728 C:\Windows\System32\services.exe

744 C:\Windows\System32\lsass.exe

752 C:\Windows\System32\lsm.exe

900 C:\Windows\System32\svchost.exe

928 C:\Windows\System32\winlogon.exe

996 C:\Windows\System32\nvvsvc.exe

232 C:\Windows\System32\svchost.exe

632 C:\Windows\System32\svchost.exe

892 C:\Windows\System32\svchost.exe

1008 C:\Windows\System32\svchost.exe

1096 C:\Windows\System32\audiodg.exe

1120 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\SLsvc.exe

1164 C:\Windows\System32\svchost.exe

1264 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1276 C:\Windows\System32\nvvsvc.exe

1392 C:\Windows\System32\svchost.exe

1544 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1680 C:\Windows\System32\spoolsv.exe

1704 C:\Windows\System32\svchost.exe

1388 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

2200 C:\Windows\System32\dwm.exe

2232 C:\Windows\System32\taskeng.exe

2276 C:\Windows\explorer.exe

2312 C:\Windows\System32\taskeng.exe

2620 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2768 C:\Program Files\Bonjour\mDNSResponder.exe

2016 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

1376 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2144 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

1252 C:\Program Files (x86)\Steam\steam.exe

1728 C:\Windows\ehome\ehtray.exe

1400 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

1412 HP1006MC.EXE

1056 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

1500 C:\Windows\SysWOW64\svchost.exe

1220 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2652 C:\Program Files\Common Files\Motive\McciCMService.exe

1284 C:\Program Files (x86)\Razer\Salmosa\razerhid.exe

1552 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2600 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

2344 C:\Program Files (x86)\n52te\n52teHid.exe

2112 C:\Windows\System32\svchost.exe

1060 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

3084 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3108 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3120 C:\Windows\System32\svchost.exe

3132 C:\Windows\System32\svchost.exe

3284 C:\Program Files (x86)\Hawking\Common\RaRegistry.exe

3348 C:\Program Files (x86)\Razer\Salmosa\razertra.exe

3408 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe

3460 C:\Program Files (x86)\Razer\Salmosa\razerofa.exe

3560 C:\Windows\System32\svchost.exe

3632 C:\Windows\System32\svchost.exe

3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3844 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3856 C:\Windows\System32\SearchIndexer.exe

3968 C:\Windows\System32\drivers\XAudio64.exe

2192 C:\Windows\System32\svchost.exe

3304 C:\Program Files\iPod\bin\iPodService.exe

1568 WmiPrvSE.exe

3484 C:\Windows\System32\svchost.exe

1116 C:\Windows\ehome\ehmsas.exe

4444 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

4456 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

4084 C:\Program Files (x86)\Common Files\Steam\SteamService.exe

4436 C:\Windows\System32\wbem\unsecapp.exe

2880 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

4344 C:\Windows\System32\SearchProtocolHost.exe

4168 C:\Windows\notepad.exe

1508 taskeng.exe

4300 C:\Windows\System32\SearchFilterHost.exe

5020 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2812 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4800 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

4892 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

524 dllhost.exe

3744 dllhost.exe

564 C:\Users\Brad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEKT-22F3T0, Rev: 11.01A11

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C7

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Share this post


Link to post
Share on other sites

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter >>choice<< and press Enter

The following dialog will be presented:

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Enter >>choice<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter. A report will be produced on the desktop. Post that report in your next reply.

Share this post


Link to post
Share on other sites

sorry but I confused, whene it says " Enter the physical disk number to fix (0-99, -1 to cancel):" I am to type the word "choice".

Same question when it says "Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:"

I type the word "choice" again?

Share this post


Link to post
Share on other sites

ok, got it done.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: Gateway

System Product Name: P-7805u

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 158):

0x02C64000 \SystemRoot\system32\ntoskrnl.exe

0x02C1E000 \SystemRoot\system32\hal.dll

0x00608000 \SystemRoot\system32\kdcom.dll

0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064D000 \SystemRoot\system32\PSHED.dll

0x00661000 \SystemRoot\system32\CLFS.SYS

0x006BE000 \SystemRoot\system32\CI.dll

0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008B3000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008C2000 \SystemRoot\system32\drivers\acpi.sys

0x00918000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00921000 \SystemRoot\system32\drivers\msisadrv.sys

0x0092B000 \SystemRoot\system32\drivers\pci.sys

0x0095B000 \SystemRoot\System32\drivers\partmgr.sys

0x00970000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00974000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00980000 \SystemRoot\system32\drivers\volmgr.sys

0x00994000 \SystemRoot\System32\drivers\volmgrx.sys

0x00770000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A04000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x00B12000 \SystemRoot\system32\drivers\atapi.sys

0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS

0x00B3E000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B85000 \SystemRoot\system32\drivers\fileinfo.sys

0x00C0C000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E0D000 \SystemRoot\system32\drivers\ndis.sys

0x00C93000 \SystemRoot\system32\drivers\msrpc.sys

0x00CE3000 \SystemRoot\system32\drivers\NETIO.SYS

0x0100F000 \SystemRoot\System32\drivers\tcpip.sys

0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0138D000 \SystemRoot\system32\drivers\volsnap.sys

0x013D1000 \SystemRoot\System32\Drivers\spldr.sys

0x013D9000 \SystemRoot\System32\Drivers\mup.sys

0x011AF000 \SystemRoot\System32\drivers\ecache.sys

0x013EB000 \SystemRoot\system32\drivers\disk.sys

0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x01200000 \SystemRoot\system32\drivers\crcdisk.sys

0x0231C000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02329000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x02405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0307C000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0307E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03161000 \SystemRoot\System32\drivers\watchdog.sys

0x03171000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x0317D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x031C3000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x032F4000 \SystemRoot\system32\DRIVERS\yk60x64.sys

0x03407000 \SystemRoot\system32\DRIVERS\NETwNv64.sys

0x03C5B000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x03C6D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x03C7D000 \SystemRoot\system32\DRIVERS\o2sdx64.sys

0x03C89000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x03CB7000 \SystemRoot\system32\DRIVERS\o2mdx64.sys

0x03CC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x03CCA000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03CE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03CEE000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x03D43000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03D45000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03D51000 \SystemRoot\SysWOW64\drivers\Afc.sys

0x03D5A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03D76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03D83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x03D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03D9F000 \SystemRoot\system32\DRIVERS\vhidmini.sys

0x03DA3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x03DB5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x03DBD000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x03359000 \SystemRoot\system32\DRIVERS\storport.sys

0x033B6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x033C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x033E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02332000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x031D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x02363000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x031E4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02381000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03DF6000 \SystemRoot\system32\DRIVERS\swenum.sys

0x02394000 \SystemRoot\system32\DRIVERS\ks.sys

0x033F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x023C8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x00D3C000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x023D8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x00D84000 \SystemRoot\system32\drivers\CHDRT64.sys

0x00B99000 \SystemRoot\system32\drivers\portcls.sys

0x00DCA000 \SystemRoot\system32\drivers\drmk.sys

0x03DF8000 \SystemRoot\system32\drivers\ksthunk.sys

0x00783000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x05A07000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x05C0B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x05CD6000 \SystemRoot\system32\drivers\modem.sys

0x05CE5000 \SystemRoot\system32\drivers\nvhda64v.sys

0x05D12000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05D2E000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS

0x05D36000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05805000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x058D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x058DC000 \SystemRoot\System32\Drivers\Null.SYS

0x058F0000 \SystemRoot\System32\drivers\vga.sys

0x058FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x05923000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0592C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x05935000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05940000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05951000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x0595A000 \SystemRoot\system32\DRIVERS\tdx.sys

0x05977000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x05989000 \SystemRoot\system32\DRIVERS\smb.sys

0x05D60000 \SystemRoot\system32\drivers\afd.sys

0x059A4000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x059B1000 \SystemRoot\System32\DRIVERS\netbt.sys

0x05DCB000 \SystemRoot\system32\DRIVERS\pacer.sys

0x05DE9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x05B7B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x059F5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x05B96000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05BE3000 \SystemRoot\system32\drivers\nsiproxy.sys

0x00BD4000 \SystemRoot\System32\Drivers\dfsc.sys

0x05E06000 \SystemRoot\System32\Drivers\aswSP.SYS

0x05E5E000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05E6C000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x00090000 \SystemRoot\System32\win32k.sys

0x05F7A000 \SystemRoot\System32\drivers\Dxapi.sys

0x004F0000 \SystemRoot\System32\TSDDD.dll

0x006C0000 \SystemRoot\System32\cdd.dll

0x05F99000 \SystemRoot\system32\drivers\luafv.sys

0x05FBB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x05FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x02200000 \SystemRoot\system32\drivers\WudfPf.sys

0x02221000 \SystemRoot\system32\drivers\spsys.sys

0x022BB000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x022CF000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x05C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x02303000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0A60B000 \SystemRoot\system32\drivers\HTTP.sys

0x0A6AE000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0A6D7000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0A6F5000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0A70F000 \SystemRoot\system32\drivers\mrxdav.sys

0x0A736000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0A75F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0A7A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0A7C7000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0A80D000 \SystemRoot\System32\DRIVERS\srv.sys

0x0A8C2000 \SystemRoot\system32\drivers\salmosa.sys

0x0A8C5000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys

0x0A8D9000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys

0x0A8F1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x0A8F6000 \SystemRoot\system32\drivers\peauth.sys

0x0A9AC000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0A9B7000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0A9C7000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x0A9CF000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x0A8A0000 \SystemRoot\system32\DRIVERS\monitor.sys

0x77CD0000 \Windows\System32\ntdll.dll

Processes (total 83):

0 System Idle Process

4 System

496 C:\Windows\System32\smss.exe

628 csrss.exe

672 C:\Windows\System32\wininit.exe

692 csrss.exe

728 C:\Windows\System32\services.exe

744 C:\Windows\System32\lsass.exe

752 C:\Windows\System32\lsm.exe

900 C:\Windows\System32\svchost.exe

928 C:\Windows\System32\winlogon.exe

996 C:\Windows\System32\nvvsvc.exe

232 C:\Windows\System32\svchost.exe

632 C:\Windows\System32\svchost.exe

892 C:\Windows\System32\svchost.exe

1008 C:\Windows\System32\svchost.exe

1096 C:\Windows\System32\audiodg.exe

1120 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\SLsvc.exe

1164 C:\Windows\System32\svchost.exe

1264 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1276 C:\Windows\System32\nvvsvc.exe

1392 C:\Windows\System32\svchost.exe

1544 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1680 C:\Windows\System32\spoolsv.exe

1704 C:\Windows\System32\svchost.exe

1388 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

2200 C:\Windows\System32\dwm.exe

2232 C:\Windows\System32\taskeng.exe

2276 C:\Windows\explorer.exe

2312 C:\Windows\System32\taskeng.exe

2768 C:\Program Files\Bonjour\mDNSResponder.exe

2016 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

1376 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2144 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

1252 C:\Program Files (x86)\Steam\steam.exe

1728 C:\Windows\ehome\ehtray.exe

1056 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

1500 C:\Windows\SysWOW64\svchost.exe

1220 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2652 C:\Program Files\Common Files\Motive\McciCMService.exe

1284 C:\Program Files (x86)\Razer\Salmosa\razerhid.exe

1552 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2600 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

2344 C:\Program Files (x86)\n52te\n52teHid.exe

1060 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

3084 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3108 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3132 C:\Windows\System32\svchost.exe

3284 C:\Program Files (x86)\Hawking\Common\RaRegistry.exe

3408 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe

3460 C:\Program Files (x86)\Razer\Salmosa\razerofa.exe

3560 C:\Windows\System32\svchost.exe

3632 C:\Windows\System32\svchost.exe

3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3844 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3856 C:\Windows\System32\SearchIndexer.exe

3968 C:\Windows\System32\drivers\XAudio64.exe

2192 C:\Windows\System32\svchost.exe

3304 C:\Program Files\iPod\bin\iPodService.exe

1568 WmiPrvSE.exe

3484 C:\Windows\System32\svchost.exe

1116 C:\Windows\ehome\ehmsas.exe

4444 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

4456 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

4084 C:\Program Files (x86)\Common Files\Steam\SteamService.exe

4436 C:\Windows\System32\wbem\unsecapp.exe

2880 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

3116 C:\Windows\System32\taskeng.exe

3544 C:\Program Files\Windows Media Player\wmpnscfg.exe

5900 C:\Program Files\Windows Media Player\wmpnetwk.exe

4116 C:\Program Files (x86)\Skype\Phone\Skype.exe

5724 taskeng.exe

4652 HP1006MC.EXE

5672 C:\Windows\System32\SearchProtocolHost.exe

6404 C:\Windows\System32\SearchFilterHost.exe

6304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

6380 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4656 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

6540 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

1788 dllhost.exe

6228 dllhost.exe

5308 C:\Users\Brad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEKT-22F3T0, Rev: 11.01A11

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C7

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows Vista)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 3

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Share this post


Link to post
Share on other sites

My computer came without a Vista dvd, do I need to find someone that has a vista 64bit dvd to perform this task?

Share this post


Link to post
Share on other sites

Ok, this make take some time to locate one. I did find online the original mbr in zipped format for this laptop, the Gateway p7805. Can I use that in some manner?

Share this post


Link to post
Share on other sites

I couldn't not find any information how to fix mbr with this one in Vista. If you choose this way, contact the support and ask them how to do this.

http://us.gateway.com/gw/en/US/content/contactus

You should explain that your MBR is not the original and could be related to malware.

Another way is to find Vista.

Share this post


Link to post
Share on other sites

ok, made the recovery disc from the partition. So I think I am ready to do this. How dangerous is this, is there much of a chance I wont be able to boot back into windows? Do I need to back everything up before trying this?

Share this post


Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: Gateway

System Product Name: P-7805u

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 156):

0x02C4D000 \SystemRoot\system32\ntoskrnl.exe

0x02C07000 \SystemRoot\system32\hal.dll

0x00604000 \SystemRoot\system32\kdcom.dll

0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00649000 \SystemRoot\system32\PSHED.dll

0x0065D000 \SystemRoot\system32\CLFS.SYS

0x006BA000 \SystemRoot\system32\CI.dll

0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008AF000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008BE000 \SystemRoot\system32\drivers\acpi.sys

0x00914000 \SystemRoot\system32\drivers\WMILIB.SYS

0x0091D000 \SystemRoot\system32\drivers\msisadrv.sys

0x00927000 \SystemRoot\system32\drivers\pci.sys

0x00957000 \SystemRoot\System32\drivers\partmgr.sys

0x0096C000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00970000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x0097C000 \SystemRoot\system32\drivers\volmgr.sys

0x00990000 \SystemRoot\System32\drivers\volmgrx.sys

0x0076C000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A0E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x00B1C000 \SystemRoot\system32\drivers\atapi.sys

0x00B24000 \SystemRoot\system32\drivers\ataport.SYS

0x00B48000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B8F000 \SystemRoot\system32\drivers\fileinfo.sys

0x00C0F000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E05000 \SystemRoot\system32\drivers\ndis.sys

0x00C96000 \SystemRoot\system32\drivers\msrpc.sys

0x00CE6000 \SystemRoot\system32\drivers\NETIO.SYS

0x01003000 \SystemRoot\System32\drivers\tcpip.sys

0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01383000 \SystemRoot\system32\drivers\volsnap.sys

0x013C7000 \SystemRoot\System32\Drivers\spldr.sys

0x013CF000 \SystemRoot\System32\Drivers\mup.sys

0x011A3000 \SystemRoot\System32\drivers\ecache.sys

0x013E1000 \SystemRoot\system32\drivers\disk.sys

0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x013F5000 \SystemRoot\system32\drivers\crcdisk.sys

0x02314000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02321000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x0240F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x03086000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x03088000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0316B000 \SystemRoot\System32\drivers\watchdog.sys

0x0317B000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03187000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x031CD000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0320A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x032F7000 \SystemRoot\system32\DRIVERS\yk60x64.sys

0x0340A000 \SystemRoot\system32\DRIVERS\NETwNv64.sys

0x03C5E000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x03C70000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x03C80000 \SystemRoot\system32\DRIVERS\o2sdx64.sys

0x03C8C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x03CBA000 \SystemRoot\system32\DRIVERS\o2mdx64.sys

0x03CC8000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x03CCD000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03CE3000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03CF1000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x03D46000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03D48000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03D54000 \SystemRoot\SysWOW64\drivers\Afc.sys

0x03D5D000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03D79000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03D86000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x03D8F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03DA2000 \SystemRoot\system32\DRIVERS\vhidmini.sys

0x03DA6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x03DB8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x03DC0000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x0335C000 \SystemRoot\system32\DRIVERS\storport.sys

0x033B9000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x033C6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x033E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x0232A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x031DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0235B000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x02379000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02391000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03DF9000 \SystemRoot\system32\DRIVERS\swenum.sys

0x023A4000 \SystemRoot\system32\DRIVERS\ks.sys

0x033F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x031EE000 \SystemRoot\system32\DRIVERS\umbus.sys

0x00D3F000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x023D8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x00D87000 \SystemRoot\system32\drivers\CHDRT64.sys

0x00BA3000 \SystemRoot\system32\drivers\portcls.sys

0x00FD6000 \SystemRoot\system32\drivers\drmk.sys

0x03400000 \SystemRoot\system32\drivers\ksthunk.sys

0x0077F000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x05A07000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x05C0D000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x05CD8000 \SystemRoot\system32\drivers\modem.sys

0x05CE7000 \SystemRoot\system32\drivers\nvhda64v.sys

0x05D14000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05D30000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS

0x05D38000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05805000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x058D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x058DC000 \SystemRoot\System32\Drivers\Null.SYS

0x058F0000 \SystemRoot\System32\drivers\vga.sys

0x058FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x05923000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0592C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x05935000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05940000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05951000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x0595A000 \SystemRoot\system32\DRIVERS\tdx.sys

0x05977000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x05989000 \SystemRoot\system32\DRIVERS\smb.sys

0x05D62000 \SystemRoot\system32\drivers\afd.sys

0x059A4000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x059B1000 \SystemRoot\System32\DRIVERS\netbt.sys

0x05DCD000 \SystemRoot\system32\DRIVERS\pacer.sys

0x05DEB000 \SystemRoot\system32\DRIVERS\netbios.sys

0x05B7B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x059F5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x05B96000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05C00000 \SystemRoot\system32\drivers\nsiproxy.sys

0x05BE3000 \SystemRoot\System32\Drivers\dfsc.sys

0x05E00000 \SystemRoot\System32\Drivers\aswSP.SYS

0x05E58000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05E66000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x00070000 \SystemRoot\System32\win32k.sys

0x05F74000 \SystemRoot\System32\drivers\Dxapi.sys

0x05F80000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004E0000 \SystemRoot\System32\TSDDD.dll

0x00620000 \SystemRoot\System32\cdd.dll

0x05F93000 \SystemRoot\system32\drivers\luafv.sys

0x05FB5000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x05FEC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x02200000 \SystemRoot\system32\drivers\WudfPf.sys

0x02221000 \SystemRoot\system32\drivers\spsys.sys

0x022BB000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x022CF000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x05FF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x00DCD000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0A408000 \SystemRoot\system32\drivers\HTTP.sys

0x0A4AB000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0A4D4000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0A4F2000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0A50C000 \SystemRoot\system32\drivers\mrxdav.sys

0x0A533000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0A55C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0A5A5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0A5C4000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0A805000 \SystemRoot\System32\DRIVERS\srv.sys

0x0A898000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys

0x0A8A1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x0A8A6000 \SystemRoot\system32\drivers\peauth.sys

0x0A95C000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0A967000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0A977000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x0A97F000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x77780000 \Windows\System32\ntdll.dll

Processes (total 84):

0 System Idle Process

4 System

476 C:\Windows\System32\smss.exe

544 csrss.exe

588 C:\Windows\System32\wininit.exe

608 csrss.exe

664 C:\Windows\System32\services.exe

676 C:\Windows\System32\lsass.exe

684 C:\Windows\System32\lsm.exe

704 C:\Windows\System32\winlogon.exe

848 C:\Windows\System32\svchost.exe

904 C:\Windows\System32\nvvsvc.exe

936 C:\Windows\System32\svchost.exe

300 C:\Windows\System32\svchost.exe

400 C:\Windows\System32\svchost.exe

488 C:\Windows\System32\svchost.exe

280 C:\Windows\System32\audiodg.exe

520 C:\Windows\System32\svchost.exe

1032 C:\Windows\System32\SLsvc.exe

1164 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1176 C:\Windows\System32\nvvsvc.exe

1192 C:\Windows\System32\svchost.exe

1352 C:\Windows\System32\svchost.exe

1460 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1596 C:\Windows\System32\spoolsv.exe

1620 C:\Windows\System32\svchost.exe

2008 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

916 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2128 C:\Windows\System32\dwm.exe

2212 C:\Windows\System32\taskeng.exe

2232 C:\Windows\explorer.exe

2264 C:\Windows\System32\taskeng.exe

2496 HP1006MC.EXE

2704 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2716 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2728 C:\Program Files (x86)\Steam\steam.exe

2736 C:\Windows\ehome\ehtray.exe

2756 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

2764 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

2792 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

2816 C:\Program Files\Bonjour\mDNSResponder.exe

2848 C:\Windows\SysWOW64\svchost.exe

2872 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2972 C:\Program Files (x86)\Razer\Salmosa\razerhid.exe

3028 C:\Program Files\Common Files\Motive\McciCMService.exe

3064 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2152 C:\Program Files (x86)\n52te\n52teHid.exe

760 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

236 C:\Program Files (x86)\iTunes\iTunesHelper.exe

2200 C:\Windows\System32\svchost.exe

2280 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2828 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

2080 C:\Program Files (x86)\Razer\Salmosa\razerofa.exe

1668 C:\Windows\System32\svchost.exe

2256 C:\Windows\System32\svchost.exe

548 C:\Program Files (x86)\Hawking\Common\RaRegistry.exe

1100 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe

1664 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3168 C:\Windows\System32\svchost.exe

3212 C:\Windows\System32\svchost.exe

3264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3392 C:\Windows\System32\SearchIndexer.exe

3420 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3456 C:\Windows\ehome\ehmsas.exe

3540 C:\Windows\System32\drivers\XAudio64.exe

3744 C:\Windows\System32\svchost.exe

3872 WmiPrvSE.exe

2672 C:\Windows\System32\wbem\unsecapp.exe

3608 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

3868 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3140 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2148 C:\Windows\System32\SearchProtocolHost.exe

2868 C:\Windows\System32\svchost.exe

2024 C:\Program Files\iPod\bin\iPodService.exe

4176 C:\Program Files (x86)\Common Files\Steam\SteamService.exe

4476 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4520 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

4536 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

3796 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

3036 WmiPrvSE.exe

1012 C:\Windows\System32\SearchFilterHost.exe

3360 dllhost.exe

2288 dllhost.exe

1844 C:\Users\Brad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEKT-22F3T0, Rev: 11.01A11

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Share this post


Link to post
Share on other sites

Great! :)

Please post a new fresh DDS log file and let me know how is your system now.

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by Brad at 1:17:33 on 2012-06-28

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2160 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Hawking\Common\RaRegistry.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Razer\Salmosa\razerhid.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\n52te\n52teHid.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\Salmosa\razerofa.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB

uSearch Page =

uSearch Bar =

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\googletoolbar1.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\googletoolbar1.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [<NO NAME>]

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [salmosa] "C:\Program Files (x86)\Razer\Salmosa\razerhid.exe"

mRun: [<NO NAME>]

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Jomantha] "C:\Program Files (x86)\n52te\n52teHid.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: juno.com

Trusted Zone: netzero.com

Trusted Zone: netzero.net

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{0B3F27C9-B9D9-42D6-9893-4D145E057DD2} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DD98F61F-A28A-4350-ABF6-549873407C1E} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{E62D08BD-8FE8-4AA1-890F-5AD8D92CABBB} : DhcpNameServer = 192.168.10.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [salmosa] "C:\Program Files (x86)\Razer\Salmosa\razerhid.exe"

mRun-x64: [(Default)]

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [Jomantha] "C:\Program Files (x86)\n52te\n52teHid.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\fq24d5is.default\

FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Brad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\fq24d5is.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-16 44768]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-2-19 517632]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-31 2253120]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Hawking\Common\RaRegistry.exe [2009-11-17 185632]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe [2009-11-17 212256]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-17 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250056]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-11-25 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-11-25 8456]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-17 135664]

S3 JmtFltr;n52te;C:\Windows\system32\drivers\JmtFltr.sys --> C:\Windows\system32\drivers\JmtFltr.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 salmosa;Razer Salmosa;C:\Windows\system32\drivers\salmosa.sys --> C:\Windows\system32\drivers\salmosa.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-06-25 04:12:10 -------- d-----w- C:\OEM

2012-06-22 07:12:45 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-17 03:40:49 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-16 06:23:19 -------- d-----w- C:\MGtools

2012-06-16 06:08:29 -------- d-----w- C:\Program Files\HitmanPro

2012-06-16 06:07:19 -------- d-----w- C:\ProgramData\HitmanPro

2012-06-15 05:48:42 -------- d-----w- C:\Users\Brad\AppData\Roaming\QuickScan

2012-06-15 05:08:39 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-15 05:05:53 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-15 05:05:53 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-15 04:42:03 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-15 04:42:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-15 03:37:38 -------- d-----w- C:\Users\Brad\AppData\Local\Macromedia

2012-06-14 03:43:33 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 03:43:29 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 03:43:29 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 03:43:29 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 03:43:28 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-14 03:43:28 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 03:43:28 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 03:43:14 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-07 05:33:43 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-07 05:33:43 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

.

==================== Find3M ====================

.

2012-06-15 05:08:09 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-05-18 03:32:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-05-18 03:32:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 1:18:15.07 ===============

Boots faster and does not freeze up. Still have horrible wireless speed, but have excellent signal

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix 12-06-28.03 - Brad 06/28/2012 16:46:22.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2346 [GMT -5:00]

Running from: c:\users\Brad\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

.

2012-06-28 22:00 . 2012-06-28 22:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-28 22:00 . 2012-06-28 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-25 04:12 . 2012-06-25 06:43 -------- d-----w- C:\OEM

2012-06-22 07:12 . 2012-06-22 07:12 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-17 03:40 . 2012-06-17 03:40 -------- d-----w- c:\program files (x86)\ESET

2012-06-16 06:23 . 2012-06-16 06:29 -------- d-----w- C:\MGtools

2012-06-16 06:08 . 2012-06-16 06:08 -------- d-----w- c:\program files\HitmanPro

2012-06-16 06:07 . 2012-06-16 06:10 -------- d-----w- c:\programdata\HitmanPro

2012-06-15 05:48 . 2012-06-15 05:48 -------- d-----w- c:\users\Brad\AppData\Roaming\QuickScan

2012-06-15 05:09 . 2012-06-15 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-15 05:08 . 2012-06-15 05:08 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-06-15 05:05 . 2012-06-15 05:05 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-15 05:05 . 2012-06-15 05:05 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-15 05:05 . 2012-06-15 05:05 -------- d-----w- c:\program files\Java

2012-06-15 04:42 . 2012-06-23 05:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-15 04:42 . 2012-06-23 05:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-15 03:37 . 2012-06-15 03:37 -------- d-----w- c:\users\Brad\AppData\Local\Macromedia

2012-06-14 03:43 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 03:43 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 03:43 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 03:43 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 03:43 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 03:43 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-14 03:43 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 03:43 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 05:33 . 2012-06-07 05:33 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-07 05:33 . 2012-06-07 05:33 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-15 05:08 . 2010-04-26 13:00 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-18 03:32 . 2008-10-09 19:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-05-18 03:32 . 2008-10-09 19:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-04 20:56 . 2009-10-04 03:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:22 . 2012-05-12 03:24 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-24 4786048]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]

"Jomantha"="c:\program files (x86)\n52te\n52teHid.exe" [2008-06-13 159744]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Jomantha"="c:\program files (x86)\n52te\n52teHid.exe"

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-28 140672]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 05:41]

.

2011-07-04 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-01-18 13:25]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6bd574fab30.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 04:38]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 04:38]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646544230-175470749-843411820-1000Core.job

- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 17:37]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646544230-175470749-843411820-1000UA.job

- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 17:37]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: juno.com

Trusted Zone: netzero.com

Trusted Zone: netzero.net

TCP: DhcpNameServer = 192.168.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\fq24d5is.default\

FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-SolutoService

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2646544230-175470749-843411820-1000\Software\SecuROM\License information*]

"datasecu"=hex:00,d8,76,56,49,d2,7d,9a,26,71,79,28,50,1c,40,b3,09,18,ce,17,47,

05,46,e3,fc,0f,f5,6b,d0,c2,22,92,3b,3b,df,77,bb,3e,64,cc,73,3f,f2,7c,99,21,\

"rkeysecu"=hex:6e,a6,25,e3,e8,4c,31,00,0b,b8,b6,5a,88,df,a2,b1

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

c:\program files (x86)\Hawking\Common\RaRegistry.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

c:\program files (x86)\Razer\Salmosa\razerofa.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Completion time: 2012-06-28 17:24:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-28 22:24

.

Pre-Run: 117,207,724,032 bytes free

Post-Run: 117,266,149,376 bytes free

.

- - End Of File - - 4BDAB7A6CE16A5C35BD203FA1294C937

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.