InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3151. |
Solve : desperate help needed? |
|
Answer» I've been having A LOT of problems with my computer. |
|
| 3152. |
Solve : Need help with trojan dropper virus? |
|
Answer» Hi- I started with continual popups of a trojan DROPPER virus from my norton antivirus software.
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will PRODUCE a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.ComboFix 08-08-29.02 - Number Four 2008-08-29 22:36:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -7:00] Running from: C:\Documents and Settings\Number Four\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-29 21:50 . 2008-08-29 21:50d--------C:\Documents and Settings\All Users\Application Data\NortonInstaller 2008-08-29 21:29 . 2008-08-29 21:29d--------C:\Program Files\Trend Micro 2008-08-29 20:24 . 2008-08-29 20:24d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-08-29 20:24 . 2008-08-29 20:24d--------C:\Documents and Settings\Number Four\Application Data\Malwarebytes 2008-08-29 20:24 . 2008-08-29 20:24d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-29 20:24 . 2008-08-17 15:0138,472--a------C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-08-29 20:24 . 2008-08-17 15:0117,144--a------C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys 2008-08-29 18:14 . 2008-08-29 18:14d--------C:\Program Files\SUPERAntiSpyware 2008-08-29 18:14 . 2008-08-29 18:14d--------C:\Documents and Settings\Number Four\Application Data\SUPERAntiSpyware.com 2008-08-29 18:14 . 2008-08-29 18:14d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-29 18:13 . 2008-08-29 18:13d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-08-29 17:17 . 2008-08-29 17:17d--------C:\Program Files\CCleaner 2008-08-29 16:45 . 2008-08-29 16:45d--------C:\Program Files\Sun 2008-08-29 16:38 . 2008-08-29 22:4054,156--ah-----C:\WINDOWS\QTFont.qfn 2008-08-29 16:38 . 2008-08-29 16:381,409--a------C:\WINDOWS\QTFont.for 2008-08-29 16:28 . 2008-08-29 16:28d--------C:\Program Files\Alwil Software 2008-08-29 13:56 . 2008-08-29 13:5674--a------C:\WINDOWS\st_affiliate.ini 2008-08-29 08:34 . 2008-08-29 08:4410,563--a------C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT 2008-08-29 08:34 . 2008-08-29 08:44805--a------C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF 2008-08-28 22:54 . 2008-08-29 08:42d-a------C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-28 22:24 . 2008-08-28 22:27d--------C:\Program Files\Perfect Uninstaller 2008-08-28 22:24 . 2008-07-12 15:2927,648--a------C:\WINDOWS\SYSTEM32\DRIVERS\RKHit.sys 2008-08-28 22:24 . 2008-08-28 22:2442--a------C:\WINDOWS\SYSTEM32\AK083E209605E394C.lie 2008-08-28 21:34 . 2008-08-28 21:34dr-h-----C:\Documents and Settings\Julie\Application Data\yahoo! 2008-08-28 21:31 . 2005-05-02 05:45d--------C:\Documents and Settings\Julie\Application Data\Jasc Software Inc 2008-08-28 21:31 . 2008-08-28 21:33d--------C:\Documents and Settings\Julie\Application Data\GTek 2008-08-28 21:31 . 2008-08-28 21:31d--------C:\Documents and Settings\Julie 2008-08-28 18:04 . 2008-08-28 18:04118--a------C:\WINDOWS\SYSTEM32\MRT.INI 2008-08-28 17:53 . 2008-08-28 17:53d--------C:\Documents and Settings\All Users\Symantec Temporary Files 2008-08-27 21:56 . 2008-08-27 21:56d--------C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-27 20:38 . 2008-08-27 20:38d--h-----C:\WINDOWS\SYSTEM32\GroupPolicy 2008-08-27 19:45 . 2008-08-27 19:4684,452,620--a------C:\SYM_REGISTRY_BACKUP.reg 2008-08-25 15:07 . 2008-08-25 15:07d--------C:\Documents and Settings\Number Four\Saved Games 2008-08-25 15:06 . 2008-08-25 15:06d--------C:\Documents and Settings\Number Four\Application Data\iWin 2008-08-23 15:15 . 2008-08-23 15:152,245,523--a------C:\ag_coralreef.exe 2008-08-17 08:59 . 2008-08-17 09:01d--------C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-08-17 08:59 . 2008-08-17 08:59d--------C:\Documents and Settings\All Users\Application Data\AOL 2008-08-17 08:57 . 2008-08-17 09:001,322--ah-----C:\IPH.PH 2008-08-16 17:46 . 2008-08-16 17:462--a------C:\WINDOWS\msoffice.ini 2008-08-16 17:38 . 2008-08-16 18:35d--------C:\WINDOWS\SxsCaPendDel 2008-08-14 12:15 . 2008-05-01 07:30331,776---------C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll 2008-07-07 13:32 . 2008-07-07 13:32253,952---------C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-30 05:40---------d-----wC:\Program Files\Plaxo 2008-08-30 04:53---------d-----wC:\Program Files\Common Files\Symantec Shared 2008-08-30 04:53---------d-----wC:\Documents and Settings\All Users\Application Data\Symantec 2008-08-30 00:28---------d-----wC:\Program Files\Caffe 2008-08-30 00:00---------d-----wC:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-29 23:45---------d-----wC:\Program Files\Java 2008-08-29 15:05---------d-----wC:\Program Files\Norton Security Scan 2008-08-29 05:01---------d-----wC:\Program Files\Common Files\AOL 2008-08-29 05:00---------d-----wC:\Program Files\Lavasoft 2008-08-29 02:16---------d-----wC:\Program Files\Kodak 2008-08-28 04:28---------d-----wC:\Program Files\Yahoo! Games 2008-08-17 16:00---------d-----wC:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-08-17 01:35---------d-----wC:\Program Files\Microsoft Silverlight 2008-08-17 01:35---------d-----wC:\Program Files\Google 2008-08-17 00:41---------d-----wC:\Program Files\IrfanView 2008-08-17 00:33---------d-----wC:\Program Files\Common Files\Real 2008-07-24 02:49---------d-----wC:\Program Files\PokerStars 2008-07-24 02:48---------d-----wC:\Program Files\MUSICMATCH 2007-07-21 18:5846,312----a-wC:\Documents and Settings\Number Four\Application Data\GDIPFONTCACHEV1.DAT 2007-05-08 15:15131--sha-rC:\WINDOWS\Regbak.dat . ------- Sigcheck ------- 2004-08-04 03:00 16896 4e06f50f95357b8cfbc81f5699e754b7C:\WINDOWS\SYSTEM32\svchost.exe 2004-08-04 03:00 505856 e853481fef64a5be3fc3732d9d3d926aC:\WINDOWS\SYSTEM32\winlogon.exe 2007-06-13 03:23 1035264 90bdefa8740e66dee42c12eb1c30c789C:\WINDOWS\explorer.exe 2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 03:00 1032192 a0732187050030ae399b241436565e64C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2004-08-04 03:00 110080 5812a3513734517f8c2c5eab6b269864C:\WINDOWS\SYSTEM32\services.exe 2004-08-04 03:00 14336 c3e6b717e7b284e1fa89ba9f7a1be1edC:\WINDOWS\SYSTEM32\lsass.exe 2005-06-10 17:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-04 03:00 57856 7435b108b935e42ea92ca94f59c8e717C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2005-06-10 16:53 58368 44fce06d98349f92a39a9a242b88650fC:\WINDOWS\SYSTEM32\spoolsv.exe . ((((((((((((((((((((((((((((( [emailprotected]_22.08.27.03 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-30 05:03:4216,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_590.dat + 2008-08-30 05:40:2516,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_590.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776] "PlaxoUpdate"="C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe" [2008-07-24 17:07 363591] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 14:46 135168] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] "IBackup Drive"="C:\IBackup Drive\IBackup Drive.exe" [2008-01-29 16:03 230880] "PlaxoSysTray"="C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe" [2008-07-24 17:07 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:42 1404928] "OSCD_Creator"="c:\Dell\PreODM.EXE" [2004-10-31 03:21 408576] "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 09:23 135168] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 14:54 57344] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-26 23:02 86016] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.EXE" [2005-02-24 15:47 295001] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968] "IBWin Background process"="C:\IBackup for Windows\IBackground_952.exe" [2008-02-27 20:46 34280] "IBWin Monitor"="C:\IBackup for Windows\IBMonitor.exe" [2008-02-27 20:49 976360] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "OSCD_Creator"="C:\Dell\PreODM.EXE" [2004-10-31 03:21 408576] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ 2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe [2007-03-08 22:20:20 376939] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-08-19 10:40:25 819200] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{54697F09-BAF4-422E-8E7A-A563B020B1A5}"= "C:\IBackup Drive\IBShellView.dll" [2008-01-29 13:34 536576] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication PackagesREG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProvidersmsapsspc.dllschannel.dlldigest.dllmsnss pc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\IBackup for Windows\\ibackup_ssl_sch_952.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 07:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37] R2 IBFs;IBackup File System Driver;C:\IBackup Drive\IBfs.sys [2007-10-25 11:41] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 03:00] R2 Stuffit Archive Name Service;Stuffit Archive Name Service;C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe [2007-10-08 09:52] S1 6cac702a;6cac702a;C:\WINDOWS\system32\drivers\6cac702a.sys [] S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\NUMBER~1\LOCALS~1\Temp\cdrmkaun.sys [] S3 rkhit;rkhit;C:\WINDOWS\system32\drivers\RKHit.sys [2008-07-12 15:29] S3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2006-02-20 16:08] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Number Four\Application Data\Mozilla\Firefox\Profiles\6ftq9vjp.default\ FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 22:41:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce OSCD_Creator = C:\Dell\PreODM.EXE /2? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SYSTEM32\brss01a.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe C:\WINDOWS\SYSTEM32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2008-08-29 22:45:19 - machine was rebooted [Number Four] ComboFix-quarantined-files.txt 2008-08-30 05:45:14 ComboFix2.txt 2008-08-30 05:08:54 Pre-Run: 14,277,410,816 bytes free Post-Run: 14,348,595,200 bytes free 209--- E O F ---2008-08-29 07:01:09Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:29 PM, on 8/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\IBackup for Windows\IBackground_952.exe C:\IBackup for Windows\IBMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\IBackup Drive\IBackup Drive.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [IBWin Background process] "C:\IBackup for Windows\IBackground_952.exe" O4 - HKLM\..\Run: [IBWin Monitor] "C:\IBackup for Windows\IBMonitor.exe" Min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE /2 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [IBackup Drive] C:\IBackup Drive\IBackup Drive.exe O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe O4 - HKUS\S-1-5-21-2813965709-2687596320-2681903962-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator') O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O11 - Options group: [java_sun] Java (Sun) O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (kodakccs) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe O24 - Desktop Component 0: (no name) - http://myspace-756.vo.llnwd.net/00438/65/75/438575756_l.jpg -- End of file - 10909 bytes
---------- Use the In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator. Click on SCAN NOW Click on the Accept button and install any components it needs.
Note for Internet Explorer 7 users: If at any time you have trouble VIEWING the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, August 30, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, August 30, 2008 16:36:58 Records in database: 1169408 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 63129 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 01:04:21 File name / Threat name / Threats count C:\Documents and Settings\Number Four\Desktop\fp2006-final-3.00-setup.zipInfected: not-virus:BadJoke.JS.RJump1 C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izsInfected: not-virus:BadJoke.JS.RJump1 The selected area was scanned.
C:\Documents and Settings\Number Four\Desktop\fp2006-final-3.00-setup.zip C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs EmptyTemp [start explorer]
---------- How is everything now?Explorer killed successfully C:\Documents and Settings\Number Four\Desktop\fp2006-final-3.00-setup.zip moved successfully. C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\NUMBER~1\LOCALS~1\Temp\~DF19BA.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\NUMBER~1\LOCALS~1\Temp\~DF2AF0.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\NUMBER~1\LOCALS~1\Temp\~DF2BCD.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\NUMBER~1\LOCALS~1\Temp\~DF7031.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_590.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_1123411. Double click OTMoveIt2.exe to launch it. If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you for all your help. It is working really good now, and is also much faster. I will download the programs suggested.No problem. Safe surfing... |
|
| 3153. |
Solve : IE Running In Backround? |
|
Answer» WildTangent Remover - http://www.pchell.com/downloads/WTRemover.exeLogfile of Trend Micro HijackThis v2.0.2
C:\WINDOWS\system32\roxtctm.exe C:\WINDOWS\system32\sotpeca.exe EmptyTemp [start explorer]
C:\WINDOWS\system32\roxtctm.exe moved successfully. C:\WINDOWS\system32\sotpeca.exe moved successfully. < EmptyTemp > File delete failed. C:\WINDOWS\temp\JETE4A3.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_154641 How is everything now?appears to be running fine, thank-you1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old ONE Setting a new restore point AFTER cleaning your system will enable your COMPUTER to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.ok, thank-you. system updated and ready to go just one thing, could you point me to a link for Windows XP SP3. this computer does not have it yetShould be able to get it at Microsoft Windows Update |
|
| 3154. |
Solve : the demise of anti-virus programs?? |
|
Answer» has anyone read the hurwitz WHITE paper, "Anti-Virus Is Dead" ? is this the logical next step what is your opinion of the Bit9 beta?It all depends on the database of Bit9. I don't believe in putting all my eggs in one basket..... Quote "Anti-Virus Is Dead" Creative attention grabbing headline. I'm really not that familiar with it all but nobody so far has outdone the original basics of an antivirus. Quote Bit9 is the pioneer and leader in enterprise application whitelisting. The company's PATENTED solutions ensure only TRUSTED and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and non-authorized software. Trusted by the Bit9 database. I don't think one company can realistically SET a standard that high. But then again who knows. I don't think they are building a better mousetrap, just putting their personal touch on it. Interesting nonetheless, I would like to see others views on this. |
|
| 3155. |
Solve : Friend's Computer? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.2 |
|
| 3156. |
Solve : Scan results hope you can help me.? |
|
Answer» Heres the scan will put hijack thing in the next post.
Anyway as I said it came up clean earlier today so hopefully I am clean. Will do what you said in your last post and do I need to do anything else? If not can I thank you very much indeed for all your help and as its 3 in the morning where I am wish you a very good night.Quote it did say it had moved several of the my doom things to the chest but 2 failed Might have been restore points. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your COMPUTER to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
Just one thing when I did this:- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. I clicked on it and it didn't actually show as doing anything was it just automatic.Maybe. You can make sure they are gone by toggling it off and then back on. Turn OFF System Restore
Restart your computer Turn ON System Restore
System Restore will now be active againDid i need to do another restore point after turning restore back on. Also the inspector thing found lots of java updates amongst lots of other things do I need to update them all?It will create a restore point when you turn it back on. For the Java run this. It will remove all of the old versions and leave the new one there. Download JavaRa
Am I ok now? Can I go to bed ?? xxxGood to go.You are a darling and thank you sooooo much. Your patience and expertise appears endless. Byeeeeeeeeeeeeeeeeee xxNo problem. Safe surfing... |
|
| 3157. |
Solve : Help - I let the ad ware in and it is taking over!? |
|
Answer» Hi, I've read your instructions to give as much detail as possible. STILL, I am sorry that I am so wordy. I've attached the 3 required text files.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.Hey, thanks a lot! It feels so good to have my computer all squeaky clean and have all these new anti-virus program downloads to keep it that way. I think I will have to head over to the hardware forum and see if they can help me as efficiently as you have. I am still having major problems getting into the computer after logging off for very long. At least now I know it isn’t virus connected. I even bought a new monitor to graphics card cable today to see if that would help, but it hasn’t. I think I just won’t shut down overnight until I get this fixed. Secunia directed me to an Adobe Flash Player update and your last tip to go to MS Windows Updates snagged me the XP Service Pack 3 – a major update and also a new driver update for my Canon printer – great! Thanks, K |
|
| 3158. |
Solve : Hidden virus! Can not find it at all? |
|
Answer» Installed all those programs and Software Inspector is running now.
But I also noticed: "This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats! The detected version installed on your system is 9.0.115.0, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is 9.0.124.0. Update Instructions: Update to version 9.0.124.0. http://www.adobe.com/go/getflash NOTE: When updating Flash Player, older versions are not always automatically removed from your system. If older versions were detected that you believe should not be present, then please contact the vendor regarding how to remove them from your system. Vulnerabilities Fixed: Read about the vulnerabilities fixed with this update in Secunia advisory SA28083 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered. Installed on Your System in: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll" Is this truely out of date or just like the Java thing? Also should I download a Firewall? Or will the AVG one work next time?I've got one for that too Download the Flash Player Uninstaller and save it to your desktop. Run the uninstaller program and then reboot your computer to complete the uninstall. Download and install the latest version of Flash Player |
|
| 3159. |
Solve : Virus Problems, Please help....? |
|
Answer» No PROBLEM.... |
|
| 3160. |
Solve : I think I have a virus Ill will Post logs!? |
|
Answer» No worries. Quote from: evilfantasy on August 30, 2008, 08:13:11 PM No worries. Lmao... Thanks for helping me with the java update thing. I should have the kaspersky LOG sometime around lunch time Eastern time. Im not gonna be here around 4:00-8:00 Going out to a sushi bar. So that will be fun. Thanks for the help though.I just found 2 nasties already.It seems that auto clicker that never worked was against me not with me.Log?Quote from: evilfantasy on August 31, 2008, 09:47:32 AM Log? Oh its still scanning buddy. Im gonna GET Comodo And kaspersky if that sounds good-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, August 31, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, August 31, 2008 15:31:42 Records in database: 1172087 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 62493 Threat name: 2 Infected objects: 52 Suspicious objects: 0 Duration of the scan: 00:38:09 File name / Threat name / Threats count C:\Documents and Settings\Charles Donaldson\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-776fb091Infected: Exploit.Java.Gimsh.a1 C:\Documents and Settings\Charles Donaldson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-5607f171.zipInfected: Exploit.Java.Gimsh.a1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\MofikiAutoClickerPremium.zipInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 1 for MofikiAutoClickerPremium-1.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 1 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 10 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 11 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 12 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 13 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 14 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 15 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 16 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 17 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 18 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 19 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 2 for MofikiAutoClickerPremium-1.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 2 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 20 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 21 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 22 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 23 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 24 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 25 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 26 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 27 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 28 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 29 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 3 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 30 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 31 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 32 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 33 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 34 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 35 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 36 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 37 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 38 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 39 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 4 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 40 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 41 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 42 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 43 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 44 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 45 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 46 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 47 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 5 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 6 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 7 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 8 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 C:\Documents and Settings\Charles Donaldson\Local Settings\Temp\Temporary Directory 9 for MofikiAutoClickerPremium.zip\Auto Clicker Premium v1.0.0.3.exeInfected: Backdoor.Win32.Rbot.jnq1 The selected area was scanned. There it is Clearing Java Cache Go to Start > Control Panel and double-click the Java Icon
---------- Download and install CleanUp!.exe Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Click the CleanUp! button to start the program. Reboot/logoff when prompted. ----------
---------- Set a New Restore Point to prevent possible reinfection from an old ONE Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I SUGGEST using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from MCAFEE SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.^ Hey about the restore point is something weird/bad going to happen to my pc? | | |Restore Points are sort of like like backup files in Windows format. The oldest ones end up being removed by Windows to make room for the newest ones. All you are doing is making a fresh starting point for them to begin adding up again.Quote from: evilfantasy on August 31, 2008, 12:01:51 PM Restore Points are sort of like like backup files in Windows format. The oldest ones end up being removed by Windows to make room for the newest ones. All you are doing is making a fresh starting point for them to begin adding up again. Works for me. Also Can anything go horribly wrong during this process? Sorry im kinda Paranoid : \Nothing should go wrong. If you like you can do it this way instead to ensure you don't click any wrong button. Turn OFF System Restore
Restart your computer Turn ON System Restore
System Restore will now be active again |
|
| 3161. |
Solve : IEXPLORER errors Please Help? |
|
Answer» Preparing to remove Viewpoint Media Player... Now that program you just gave me will unzip files and is there anything special I should be looking for? Not that I know of. Yahoo Messenger. http://filehippo.com/download_yahoo_messenger/download/d60db2f4b0849d4e378ae1f9fe6ffa45/Then just go through the motions and reinstall without voice yahoo? Is that possible? Also in my Task Manager I found 4 IEXPLORER.exe. Do I delete any of them or leave well enough alone. And with yahoo What is the best BET and then I think The problems will be gone then it will be time to figure how to clean this thing out other then defraf and c file sweep. I think we are making progress. Bless you my child lol.. You found 4 IEXPLORER.exe in the task manager. Look at them again and what does it say next to each one under "User Name"?Shows them in folders HTML Document One in file folder One in shortcut Then the Internet icon says multible IEXPLORER's I open this folder and it is a mess Shall I post? It's in back up folders man it's all over the place. |
|
| 3162. |
Solve : Possible infection "12eo" Problem? |
|
Answer» Hey everyone. |
|
| 3163. |
Solve : windows One Care and McAfee? |
|
Answer» Hi |
|
| 3164. |
Solve : Possible traces of virus/spyware/infection? |
|
Answer» Hey everyone
Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to REGISTER the changes made by HijackThis. ---------- Download ViewpointKiller.zip
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Important: Restart the computer before continuing. ---------- How is everything now?Thanks very much evil. Everything is working fine after the scannings. Thanks very much. Great helpSet a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates. ---------- SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3165. |
Solve : Computer Virus In EVERY Computer my boyfriend has bought? |
|
Answer» need some help, my boyfriend had a bad virus which took over his computer, he has bought 3 new computers in the LAST month, he gets it home, gets a different SERVICE provider and boom, he has all these FILES loading up and its corrupt again, how can this be?Well, changing service providers wont really matter. What matters is: Well, changing service providers wont really matter. What matters is: Very good statement. No offense buy most infections are CAUSED by user error. Go HERE and run the scans. post the logs when complete. Start a new thread for each computer if you plan on CLEANING multiple PC's. |
|
| 3166. |
Solve : Someone in computer?? |
|
Answer» Can someone get into your COMPUTER and be using it and/or monitoring your time on your own home computer? How do they do it? Is that legal? My BOYFRIEND has someone in his computer and cant figure out why, any HELP?Quote Can someone get into your computer and be using it and/or monitoring your time on your own home computer? Yes. Quote How do they do it? Is that legal? Depends, KEYLOGGERS and parental controls. Legal? Depends on if it is his parents or a (not so much of a ) friend. |
|
| 3167. |
Solve : What the heck is this icon on my desktop????? |
|
Answer» Thank you! The windows are opening up maximized now!!! |
|
| 3168. |
Solve : Dang Trojans! The never ending battle where I always lose...? |
|
Answer» So once again I have been infected by a Trojan. I have followed all your instructions and have downloaded and ran all programs in normal and safe mode. I thought I found and deleted it last night. Ran a couple scans and everything cam up clean. Then today my resident scanner popped up saying I am infected with Sheur.BQEV. I sent it to the vault but it keeps coming back eventually so I guess I haven't essentially ever even found it. I am not sure if this pertains to anything but the other day I found Downloader.Generic7.XOQ. I am pretty sure I got that one for good. As of right now all my malware programs are saying everything is clean but I know thats not the case. Please help! Thank you for your time
Malwarebytes' Anti-Malware 1.25 Database version: 1102 Windows 5.1.2600 Service Pack 3 10:42:10 PM 8/31/2008 mbam-log-08-31-2008 (22-42-10).txt Scan type: Quick Scan Objects scanned: 48310 Time elapsed: 8 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not MOUSECLICK ComboFix's WINDOW while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Attached. Thx. [recovering disk space -- attachment deleted by admin]
---------- Download and install Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
---------- Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Erased like 30 megs. Scan was clean. [recovering disk space -- attachment deleted by admin]I don't know what your AV is hitting on but it isn't a virus. |
|
| 3169. |
Solve : HOW TO Remove REBOOT.EXE IN CD Drive? |
|
Answer» There is a virus CALLED Reboot.exe but then there is ALSO the legitimate Reboot.exe. |
|
| 3170. |
Solve : Can't Download combofix and others? |
|
Answer» I didn't hit 3 i will now THOUGH. And i'll let you know after i create another account.k hit 3 and made a NEW account altough i still couldn't download combofix.Try this. If it doesn't work then you may be looking at a reformat and reinstall. |
|
| 3171. |
Solve : various trojan infection warnings and cannot download .exe? |
|
Answer» after running clean up it wants to reboot, should i do that now, or wait until i do the rest of what you suggested?Yes you should do that now.it has been almost 2 hours, should this scan still be running?ok, that is all done..........What is? it has been almost 2 hours, should this scan still be running? Which scan?it was the secunia one, it is done now.......the only UPDATES i NEEDED were for flash player, real player and winzip, it took a little over 2 hours........ it is ok that i am doing most of this from the other user name right? or should i be doing it on my NORMAL user name? just checking to make sure.........since i still can't download .exe files, i know some of the stuff has to be done on the other user name. not to jump ahead of where we are but, that system restore we did, is there a way to check that? it may have been because of all the stuff we did so far, but before when trying to restore none of the points would work. Can't remember if I asked, do you have an XP install CD? i don't believe so, i have a gateway computer, so whatever came with that is all i have.......if thhose are even laying around somewhere....we moved not too long ago and this is the last room to be unpackedYou may NEED to create a new profile to use for this one. I think it's been corrupted by the malware. how can i transfer everything i have on the other user name??Using the Files and Settings Transfer Wizard in Windows XPis there anything i shouldn't transfer, is any files or what not infected? i mean WHAT setting is saying i can't download .exe files? that is driving me nuts!! once i do transfer, is that info still going to be available on my old user name? in case something doesn't transfer that i want/need? i mean if something is saved to "owner", is that going to transfer to my new user name? if everything transfers ok, do i thien have to delete the old user name.......... sorry if you aren't the person i should be asking all this too, i am just scared to do this, i don't really knoww aht i am doing and don't want to TOTALLY mess everything up and lose everythingThis isn't something I have dealt with very often. You may want to ask in the Windows forum. Sorry can't be more specific. |
|
| 3172. |
Solve : My antivirus programs failed me? |
|
Answer» I was using my computer this morning (surfing the net) when all of a sudden the nginx virus takes over my ability to connect to the internet. I've never actually run across this particular little *censored* before but I've heard of it and knew that it was bad news. |
|
| 3173. |
Solve : Lost? |
|
Answer» After SPENDING hours trying to self teach how to install Malwarebytes on laptop from a memory stick while computer is in safe mode at the command prompt. I surrender! If someone here can assist with what the secret DOS code is to access the program so I can then WORK on deleting the FBI DNS CHANGER I would be most appreciative. |
|
| 3174. |
Solve : Virus? Spyware? Hack? Web based mail; a few questions.? |
|
Answer» Hello, does that mean the virus/issue is only with the web based email? He said yes. I'm going to ask for your advice: is this true?Not at all. Assuming we are talking about the same E-mail account. There are several ways a person get's access to your E-mail. The most prevalent is that a Trojan horse download or other malware gets onto your system and can easily "watch" as you type your address and password, and sends all that data back to the person CONTROLLING that piece of malware, who now has all the required information in order to get into your account. At which point they can use that as a jumping off point- reset passwords for things like paypal, bank websites, and so forth, and essentially usurp control. In this case it seems that the purpose was simply to send out spam mail, though. The second way is if you use the same password for multiple purposes. As an example, a number of years ago now, I used a password for a few different sites, including this one, at one point in time; However, one of the sites with that password was attacked and had user passwords leaked to the web. As a result, one could easily get my password and try to find accounts with the same username elsewhere; I happened to be using that password for my E-Mail and it was just @hotmail.com so it didn't take long for them to get into there. Thankfully, I have some very old, invalid contacts that failed to DELIVER and got sent back to me which were evident spam. So I changed the password. I managed to suffer very little damage from this thankfully, because I managed to change it so quickly. Now I use a different randomly generated password for every single thing that requires a password, and keep those password listings in a safe place. To best illustrate how quickly they move sometimes, it wasn't more than a few hours after the passwords were leaked that my web hosting account was locked out on my Control panel, due to a "hacking attempt". If I had used the same password, I don't want to imagine what would have happened to my site content :/ Thankfully This was because even then I didn't use the same password for absolutely everything; and that one was randomly generated, though I did have to talk to somebody with my webhost to get it RESOLVED so I could get access to it again. So, it comes down to that- either you had malware at some point in time, or, if you use that same password in multiple places, there might have been a leak at any of the places where you used that password. (Ideally, they wouldn't even have the actual password if done properly, but unfortunately a lot of sites still do... and they get compromised). As I said, my method to attempt to mitigate any possibility of this happening to me was to simply start using completely different, strong passwords for everything that requires one.Thank you BC_Programmer for your response. I have Malware Bytes on this computer and I ran a scan. It came back clear. I read the information on the link you provided me. Is it suggested I also download those programs? Is it safe to do so? Will they find something Malware Bytes has missed? I am guilty of the multiple password problem I must say. I knew it was a bad thing to do. I am hoping this is the issue that led me into this problem and nothing that will come back to bite me. I'm so worried at this point I cannot think straight. Sorry for the bad English too. I wish I could explain myself better and was more computer literate like you come across. You should run all the scans suggested and post the logs. We will take a look at them and determine if your computer is compromised. |
|
| 3175. |
Solve : IE8 TABS HIJACKED BY FREECAUSE.COM? |
|
Answer» DOWNLOADED CCLean and SCANNED PC. Now HAPPY with performance etc. Thanks for advice and GUIDANCE. |
|
| 3176. |
Solve : computer crash warning? |
|
Answer» My friend recently purchased a LAPTOP he's never owned one before. |
|
| 3177. |
Solve : please help, after removing virus from my computer Windows does not run!!!? |
| Answer» MANY thanks for your HELP over 3 months, I think its the time for me to look into buy a NEW computer!You're welcome. I will lock this thread. If you need it re-opened, PLEASE send me a PM. | |
| 3178. |
Solve : Can a Virus Freeze a Hard Drive?? |
|
Answer» Yesterday I was browsing the web, reading the forums at Notebookreview.com. My Avast! anti-virus reported two pages (two separate threads) as having Malware on them which it said it had successfully blocked. spend a lot of my time GUESSING about cause and effect and my computers' behavior.You go it! I used to write low-level code, including boot-loaders. That was a long time ago, but the fundamentals are still there. When there is a hardware failure you do not get a written report from a boot-loader. A low-level program gets locked in an endless loop waiting for the hardware to give a valid RESPONSE. In modern PCs the fist loader is still very primitive and has low tolerance of a crude hard drive error. The field test is to remove the drive completely and see what happens on the next power-up. That is so simple, there is little reason to make the first loader more sophisticated. If you replace the bad drive with good drive that does not have an OS, you will get a MEANINGFUL error message from the first loader. Something like: "missing operating system" , which means the drive is physically readable, but does not have useful information for the loader. Hard drives can fail at any time with no warning. Of course, the drive makers have tried to make drives that conform to user's expectations, But there exists four options in a competitive market: 1. Make it the low-cost wonder. 2. Make it extra large. 3. Give it high performance and long life. 4. Let it be so user friendly. Some drive makers can hit three out of four, never more. You could try running a diagnostic on the drive. Run hard drive diagnostics: tacktech.com Make sure, you SELECT tool, which is appropriate for the brand of your hard drive. Depending on the program, it'll create bootable floppy, or bootable CD. If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable. For Toshiba hard drives, see here: Note : If you do not know how to set your computer to boot from CD follow the steps here |
|
| 3179. |
Solve : Icons moving to left of the screen on restart/refresh after virus removal.? |
|
Answer» I had a virus on my COMPUTER last week and I think it was the cause of my desktop icons to be constantly MOVED to the left side of the screen. I ran the paid version of Ad-Aware Pro and removed any virus it found with no solution. At this point I thought it might be a registry problem and upgraded my computer from Windows Vista (64-bit) to Windows 7 (64-bit), still no solution. I have tried EVERY correction I've read online, with no luck. Here is a breakdown of my actions. Auto align turned off, Align to grid turned off (Must add that after each restart align to grid is rechecked), downloaded a icon lock program, ran regedit and checked status of desktop, ran Windows Defender, HitMan Pro, and Malwarebytes' Anti-Malware, and CCcleaner, everything is coming back clean. Defragged harddrive, reset Windows Explorer, uninstalled every program that's been installed in the past 2 WEEKS. Before installing Windows 7 I reset the computer to an earlier time with no fix, now that I have Windows 7 installed, the earliest reset time is after the problem already started. I know I've done a few more TWEAKS but cannot think of them right now. I have spent the past COUPLE of days trying to get this problem corrected and have searched every website with a solution. Hope someone can help me, I really don't want to wipe the harddrive and start from scratch but that may be a last ditch effort. Thanks. *Update* I have also checked my BIOS as well as had windows run any and all error checks on start-up.Currently running SUPERAntiSpyware, will post with results. |
|
| 3180. |
Solve : norton sucks? |
|
Answer» I have windows xp 64 bit and I am having problems with geting rid of the norton pc checkup. I Have USED the removal tool and have gone to the registry and tried to remove it that way and nothing is workingYeah.. Norton GENERALLY gives trouble while removing it.... Which removal tool did you use? use Norton Removal Tool.. This should be ABLE to remove Norton completely..Norton/Symantec Removal Tool - Norton Removal Tool |
|
| 3181. |
Solve : CPU usge Turns into 100%? |
|
Answer» HELLO CH Friends, My CPU usage is turns into 100 % in some time when i browsing the files in my computer using the windows inbuilt "explorer".. When I checked task manager, I found that system Idle and explorer using 50 % of my CPU . Hi, Do you have any strange programs running in the Task Manager > Processes? Have you tried scanning for any malware infection? I highly recommend to do that to isolate your problem. First, scan your system using any antivirus of your choice. Then follow it up by using SUPERAntiSpyware (second) and Malwarebytes (third). Post your findings here. Thanks.use ShellExView and remove/disable some Shell Extensions you do not use. Optionally, if you are more technically INCLINED, you could use Process Explorer and examine the Explorer process throttling one of your CPU cores, and look at it's threads and stacks. Most likely the process is pinned in one of the shell extensions, which you can use ShellExView to disable. (or, just use ShellExView and the process of elimination). Chances are it's probably a NAMESPACE extension or a ColumnProvider.I scanned for viruses and malwares by Using Panda cloud (free version connected to internet) .. But It doesn't shows any infections .. But i have not yet scanned with a paid Anti-virus LIKE Kaspersky or Norton ..Quote But i have not yet scanned with a paid Anti-virus Like Kaspersky or NortonNo need for paid antivirus programs. There are free editions out there. Try Malwarebytes and SUPERAntiSpyware Or try the advise of BC_Programmer posted aboveQuote from: geek hoodlum on June 13, 2012, 11:29:03 AM No need for paid antivirus programs. There are free editions out there. Try Malwarebytes and SUPERAntiSpywareNeither of those is a full fledged anti virus program. Either or both can be used in conjunction with a dedicated AVI recomend using one of the folowing to scan for virii http://Http://www.avast.com (avast home free) or http://Http://www.avg.com (avg free) either one of these are a decent free antivirus program.Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download Microsoft Security Essentials for Windows XP Also, run the MRT tool on your computer. * Go to Start > Run and type mrt.exe then press Enter on the keyboard). * (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard. * Click Next. * Choose Full Scan and click Next. * Once the scan is finished click View detailed results of the scan. |
|
| 3182. |
Solve : antivirus software and money problems? |
|
Answer» I have a macbook pro and have downloaded a free version of mackeeper. (I know. You get what you pay for usually. I'm really poor. I will be buying antivirus software as soon as I can afford it.) |
|
| 3183. |
Solve : What's a good, free, anti-malware program ?? |
|
Answer» My ISP promotes Malware Bytes as being a good one, but i have a lot of trouble trying to INSTALL it ; GETTING answers from them, almost anything ! I hear the free programs aren't very HELPFUL; no money involved. Surely, there's another out there that works well ?MalwareBytes is the best - Super AntiSpyware is 2nd. What type of trouble are you having installing MB? It should be a simple, straightforward install.OK, Allan, I'll try to explain. I have registered, see my name when I got to the forums to post, but see a message SAYING I don't have permission to post. I try to contact them, didn't get an answer. I think they're tired of me writing ! Could you possibly give me a quick rundown as to how to register properly.Maybe I could take it from there. This is the only program I can't seem to get a HANDLE on. Thanks !There is no registration required for the free version of MB. I am not absolutely certain but often (and this could be the case here). You are only allowed to register with an upgraded paid version. That is usually required to enable access to the software support service. Which is often NOT available with free versions which is why they don't reply to you. The free version should be adequate for most users and there is no limitation because you cannot register it. truenorth So, how do I get where I want to go with this program Please download Malwarebytes Anti-Malware from here.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. |
|
| 3184. |
Solve : Organize security? |
|
Answer» I have one AVG antivirus program installed. No secret how much high risk to infect computer with different malwares, SPYWARES, rootkits. |
|
| 3185. |
Solve : Skype Scam?? |
|
Answer» I received a Skype call today. It was a RECORDED VOICE telling me my COMPUTER protection was not working and the I must contact a WEB address urgently. The voice kept repeating the message. |
|
| 3186. |
Solve : possible xp virus? |
|
Answer» I feel a bit stupid with my last postHere's the log from SAS the file name changed after i deleted it |
|
| 3187. |
Solve : I cannot access the internet.? |
|
Answer» OK I will run the Eset scan as requested in Reply #61... Meanwhile here is the Eset log from Feb 8 2012. Could I have somehow inherited that again?/We thought that you may have been re-infected. That's why we ran most of the scans the second time. Let's do some cleanup. You may keep SAS and MBAM on your computer. Update them and run them on a regular basis. You should get rid of this: C:\Users\JIM\Downloads\freeripmp3-setup.exe To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe.
************************************************************ Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your WORK before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ****************************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ******************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable SHOPPING sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! SuperDave: OK done. The machine is running well. I want to thank you again for all your help and patience. I have one problem tho. Everytime I boot up I get the message "WZFSLDR2.exe - Entry point not found . The procedure entry point - spdGetReady - - could not be located in the dynamic LINK library wlanapi.dll" I understand that it is a registry problem and I am afraid to try to fix it with some recommendations on the net. Do you have any ideas or is this another subjectfor another area?? Thanks again JIMLet's check out that file. Please go to Jotti's malware scan (If more than one file needs scanned they must be done separately and links posted for each one) * Copy the file path in the below Code box: Code: [Select]WZFSLDR2.exe * At the upload site, click once inside the window next to Browse. * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. * Next click Submit file * Your file will possibly be entered into a queue which normally takes less than a minute to clear. * This will perform a scan across multiple different virus scanning engines. * Important: Wait for all of the scanning engines to complete. * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.I tried that. Got the JOTTI web site but was unable to copy (or type) anything into the browse window. HOwever, I mis-typed . . . the entry point should have read WZCSLDR2.exeQuote from: jim.mar on March 08, 2012, 04:50:29 PM I tried that. Got the JOTTI web site but was unable to copy (or type) anything into the browse window. HOwever, I mis-typed . . . the entry point should have read WZCSLDR2.exeThat file belongs to this program: Program Files\ANI\ANIWZCS2 Service. Do you have that program on your computer?YES, I have it in C:\ProgramFiles(x86) but not in C:\Program Files. I do not know why I have both Program Files and Program Files(x86).WZCSLDR3.exe is part of the drivers for various wireless networking cards made by Alpha Networks. This is an OEM manufacturer of wireless logic (as opposed to a company that makes end products), so your system may be using their products even if there's nothing in it with that label. Should be considered part of your drivers and left alone, or your wireless connection won't work. SuperDave: Sorry I took so long getting back. OK, as I said, it is in C:\ProgramFiles(x86) but not in C:\ProgramFiles. Should I copy it from one to the other via Windows Explorer? The error message still pops up on a fresh boot after complete shut down but not after restoring coming out of "hibernate". Or should I just lie with it? The machine seems to be working just fine.Quote C:\ProgramFiles(x86)This means that your computer is a l4 bit computer as opposed to 32 bit. Most newer computers are 64 bit. Quote Or should I just live with it? The machine seems to be working just fine.I'm pleased that the computer is running well but I can't help you much more with that error problem. Perhaps you could start a new thread in a different forum on this site. Jim, Read this: WZCSLDR2.exe-Entry Point Not Found.SuperDave: OK, thank you again so much for your time and patience on this problem. You guys do a terific job helping us out. Bless you, JIMYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 3188. |
Solve : AVG antivirus ?? |
|
Answer» I needed to update my AVG antivirus so I decided to uninstall it and then start from SCRATCH. I installed AVG again but my security is showing it as " spyware doctor with antivirus ". Is this still AVG ? If not any good ?No, that is not AVG. It could be that you downloaded Spyware Doctor while AVG was still on your comptuer, and it defaulted to that once AVG was gone as the antivirus. If it was me, I would uninstall spyware doctor and see if that puts AVG back as your default antivirus. I'm not familiar enough with spyware doctor to KNOW if it is a legitimate program and recommended for security.Spyware Doctor is legitimate and its vendor is PC Tools.Your security is showing your anti VIRUS as bogus..? |
|
| 3189. |
Solve : MLB.com Rogue scanner threat?? |
|
Answer» Watch out if you surf MLB.com Watch out if you surf MLB.com Not necessarily. If your computer is infected then something on MLB.com may be triggering the re-direct. You should run our recommended scans and post the logs in this topic. Better SAFE than sorry. |
|
| 3190. |
Solve : MBR virus/malware?? |
|
Answer» how would you rate MSE against avira? Files required to use Windows Update are no longer registered or installed on your computer."This may help with that problem.ok that sort of worked, it let me download the updates, but then it said all of them didnt install. (about 13 of them) and after I restarted (from that link you sent), Avira real time protection is off and wont let me turn it on? have we gone round in circles? EDIT: After restarting for peace of MIND, it started installing the updates, even though I wasnt told to restart. then got an ERROR during the update about MsiExec.exe, then on the reboot I had several messages about "Windows recovered FORM a serious error" Also Avira is back to normal?? Totally Lost.Ok. Give it a few days to see how things go then let me know. |
|
| 3191. |
Solve : cycbot removal = internet loss? |
|
Answer» The Laptop has been working good for the last few days. Malwarebytes still blocks C:\Windows\svchost.exe when ever it tries to run on laptop. On another note my wife and I now use my desktop for anything online that has to do with purchases or email. With that being said I went onto my hotmail account on the laptop and a few days later windows hotmail blocked my account. Windows had never blocked my account before but a few months ago my email account did send out spam to my contact list. Not sure if this is related or not. We are worried if we do anything on the laptop someone will get out accounts and info. I will run the ESET scanner later today. Thank you.Quote With that being said I went onto my hotmail account on the laptop and a few days later windows hotmail blocked my account.Hotmail usually blocks accounts when they have been hacked. You will need to change your password. Good luck with that. Please download aswMBR.exe ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan Note: Do not TAKE action against any **ROOTKIT** entries until I have reviewed the log. Often there are false positives On completion of the scan click save log, save it to your desktop and post in your next reply Here is the scan of ESET and aswMBR C:\ProgramData\Microsoft\Windows\DRM\16C0.tmpWin64/Olmarik.AD trojancleaned by deleting - quarantined C:\ProgramData\Microsoft\Windows\DRM\16C1.tmpWin64/Olmarik.AD trojancleaned by deleting - quarantined C:\Users\Invisigoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTVA1QJY\main[2].htmJS/Kryptik.JL trojancleaned by deleting - quarantined C:\Users\Invisigoth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\864e612-3b1c64d9Java/Exploit.CVE-2011-3544.BA trojandeleted - quarantined aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software Run date: 2012-03-12 18:00:23 ----------------------------- 18:00:23.708 OS Version: Windows x64 6.1.7600 18:00:23.708 Number of processors: 2 586 0x170A 18:00:23.708 ComputerName: INVISIGOTH-PC UserName: Invisigoth 18:00:26.812 Initialize success 18:01:03.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:01:03.427 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 11 18:01:03.443 Device \Driver\atapi -> MajorFunction fffffa8004f975c4 18:01:03.443 Disk 0 MBR read successfully 18:01:03.443 Disk 0 MBR scan 18:01:03.458 Disk 0 [emailprotected] code has been found 18:01:03.458 Disk 0 MBR hidden 18:01:03.474 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 18:01:03.474 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600 18:01:03.521 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320 18:01:03.521 Disk 0 MBR [TDL4] **ROOTKIT** 18:01:03.536 Disk 0 trace - called modules: 18:01:03.552 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004f975c4]<< 18:01:03.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a63060] 18:01:03.568 3 CLASSPNP.SYS[fffff8800112443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004739060] 18:01:03.568 \Driver\atapi[0xfffffa8004f0fc10] -> IRP_MJ_CREATE -> 0xfffffa8004f975c4 18:01:03.583 Scan finished successfully 18:01:41.928 Disk 0 MBR has been saved successfully to "C:\Users\Invisigoth\Desktop\MBR.dat" 18:01:41.928 The log file has been saved successfully to "C:\Users\Invisigoth\Desktop\aswMBR.txt" Thank you.
I ran the TDSSKiller but did not get the report before it asked me to reboot. After reboot I scaned again and not problems were found. Here are the results I did say. 19:32:25.0576 5604TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 19:32:26.0076 5604============================================================ 19:32:26.0076 5604Current date / time: 2012/03/12 19:32:26.0076 19:32:26.0076 5604SystemInfo: 19:32:26.0076 5604 19:32:26.0076 5604OS Version: 6.1.7600 ServicePack: 0.0 19:32:26.0076 5604Product type: Workstation 19:32:26.0076 5604ComputerName: INVISIGOTH-PC 19:32:26.0076 5604UserName: Invisigoth 19:32:26.0076 5604Windows directory: C:\Windows 19:32:26.0076 5604System windows directory: C:\Windows 19:32:26.0076 5604Running under WOW64 19:32:26.0076 5604Processor architecture: Intel x64 19:32:26.0076 5604Number of processors: 2 19:32:26.0076 5604Page size: 0x1000 19:32:26.0076 5604Boot type: Normal boot 19:32:26.0076 5604============================================================ 19:32:27.0074 5604Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040 19:32:27.0090 5604\Device\Harddisk0\DR0: 19:32:27.0090 5604MBR used 19:32:27.0090 5604\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 19:32:27.0090 5604\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23C0D000 19:32:27.0090 5604\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C71000, BlocksNum 0x17BD000 19:32:27.0152 5604Initialize success 19:32:27.0152 5604============================================================ 19:32:29.0929 6104============================================================ 19:32:29.0929 6104Scan started 19:32:29.0929 6104Mode: Manual; 19:32:29.0929 6104============================================================ 19:32:31.0302 61041394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 19:32:31.0302 61041394ohci - ok 19:32:31.0442 6104ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 19:32:31.0442 6104ACPI - ok 19:32:31.0489 6104AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 19:32:31.0489 6104AcpiPmi - ok 19:32:31.0598 6104adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:32:31.0598 6104adp94xx - ok 19:32:31.0754 6104adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:32:31.0770 6104adpahci - ok 19:32:31.0848 6104adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:32:31.0848 6104adpu320 - ok 19:32:31.0972 6104AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 19:32:31.0988 6104AFD - ok 19:32:32.0113 6104agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 19:32:32.0113 6104agp440 - ok 19:32:32.0362 6104aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 19:32:32.0362 6104aliide - ok 19:32:32.0440 6104amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 19:32:32.0440 6104amdide - ok 19:32:32.0503 6104AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:32:32.0503 6104AmdK8 - ok 19:32:32.0565 6104AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys19:32:32.0565 6104AmdPPM - ok 19:32:32.0737 6104amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 19:32:32.0737 6104amdsata - ok 19:32:32.0830 6104amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:32:32.0830 6104amdsbs - ok 19:32:33.0080 6104amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 19:32:33.0080 6104amdxata - ok 19:32:33.0252 6104AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 19:32:33.0252 6104AppID - ok 19:32:33.0486 6104arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:32:33.0486 6104arc - ok 19:32:33.0517 6104arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:32:33.0532 6104arcsas - ok 19:32:33.0642 6104AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:32:33.0642 6104AsyncMac - ok 19:32:33.0704 6104atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 19:32:33.0704 6104atapi - ok 19:32:33.0813 6104b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:32:33.0813 6104b06bdrv - ok 19:32:33.0876 6104b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:32:33.0876 6104b57nd60a - ok 19:32:33.0985 6104Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:32:33.0985 6104Beep - ok 19:32:34.0063 6104blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:32:34.0063 6104blbdrive - ok 19:32:34.0188 6104bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 19:32:34.0188 6104bowser - ok 19:32:34.0250 6104BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:32:34.0250 6104BrFiltLo - ok 19:32:34.0328 6104BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:32:34.0328 6104BrFiltUp - ok 19:32:34.0406 6104BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 19:32:34.0406 6104BridgeMP - ok 19:32:34.0468 6104Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:32:34.0468 6104Brserid - ok 19:32:34.0531 6104BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:32:34.0531 6104BrSerWdm - ok 19:32:34.0578 6104BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:32:34.0578 6104BrUsbMdm - ok 19:32:34.0718 6104BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:32:34.0718 6104BrUsbSer - ok 19:32:34.0858 6104BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:32:34.0858 6104BTHMODEM - ok 19:32:34.0890 6104catchme - ok 19:32:35.0092 6104CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 19:32:35.0092 6104CAXHWAZL - ok 19:32:35.0311 6104cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:32:35.0311 6104cdfs - ok 19:32:35.0389 6104cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 19:32:35.0389 6104cdrom - ok 19:32:35.0514 6104circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:32:35.0514 6104circlass - ok 19:32:35.0545 6104CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:32:35.0560 6104CLFS - ok 19:32:35.0716 6104CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:32:35.0732 6104CmBatt - ok 19:32:35.0748 6104cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 19:32:35.0748 6104cmdide - ok 19:32:35.0779 6104CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 19:32:35.0779 6104CNG - ok 19:32:35.0935 6104CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys 19:32:35.0950 6104CnxtHdAudService - ok 19:32:36.0106 6104Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:32:36.0106 6104Compbatt - ok 19:32:36.0216 6104CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:32:36.0216 6104CompositeBus - ok 19:32:36.0340 6104cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys 19:32:36.0340 6104cpuz134 - ok 19:32:36.0418 6104crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:32:36.0418 6104crcdisk - ok 19:32:36.0574 6104DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 19:32:36.0574 6104DfsC - ok 19:32:36.0606 6104discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:32:36.0606 6104discache - ok 19:32:36.0715 6104Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:32:36.0715 6104Disk - ok 19:32:36.0840 6104drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:32:36.0840 6104drmkaud - ok 19:32:37.0011 6104DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 19:32:37.0027 6104DXGKrnl - ok 19:32:37.0308 6104ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:32:37.0323 6104ebdrv - ok 19:32:37.0417 6104eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 19:32:37.0432 6104eeCtrl - ok 19:32:37.0542 6104elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:32:37.0542 6104elxstor - ok 19:32:37.0682 6104EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 19:32:37.0682 6104EraserUtilRebootDrv - ok 19:32:37.0744 6104ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 19:32:37.0744 6104ErrDev - ok 19:32:37.0854 6104exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:32:37.0854 6104exfat - ok 19:32:37.0885 6104fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:32:37.0885 6104fastfat - ok 19:32:37.0963 6104fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:32:37.0963 6104fdc - ok 19:32:38.0056 6104FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:32:38.0056 6104FileInfo - ok 19:32:38.0088 6104Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:32:38.0088 6104Filetrace - ok 19:32:38.0166 6104flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:32:38.0166 6104flpydisk - ok 19:32:38.0228 6104FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 19:32:38.0228 6104FltMgr - ok 19:32:38.0306 6104FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:32:38.0306 6104FsDepends - ok 19:32:38.0337 6104Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:32:38.0337 6104Fs_Rec - ok 19:32:38.0400 6104fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:32:38.0400 6104fvevol - ok 19:32:38.0540 6104gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:32:38.0540 6104gagp30kx - ok 19:32:38.0680 6104GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:32:38.0680 6104GEARAspiWDM - ok 19:32:38.0930 6104hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:32:38.0930 6104hcw85cir - ok 19:32:39.0070 6104HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 19:32:39.0070 6104HdAudAddService - ok 19:32:39.0226 6104HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:32:39.0226 6104HDAudBus - ok 19:32:39.0258 6104HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:32:39.0258 6104HidBatt - ok 19:32:39.0398 6104HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:32:39.0398 6104HidBth - ok 19:32:39.0429 6104HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:32:39.0429 6104HidIr - ok 19:32:39.0554 6104HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 19:32:39.0554 6104HidUsb - ok 19:32:39.0632 6104HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 19:32:39.0632 6104HpqKbFiltr - ok 19:32:39.0741 6104HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 19:32:39.0741 6104HpSAMD - ok 19:32:39.0913 6104HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys 19:32:39.0928 6104HSF_DPV - ok 19:32:40.0084 6104HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 19:32:40.0084 6104HTTP - ok 19:32:40.0287 6104hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 19:32:40.0287 6104hwpolicy - ok 19:32:40.0412 6104i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:32:40.0412 6104i8042prt - ok 19:32:40.0490 6104iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 19:32:40.0506 6104iaStorV - ok 19:32:40.0974 6104igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:32:41.0052 6104igfx - ok 19:32:41.0410 6104iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:32:41.0426 6104iirsp - ok 19:32:41.0551 6104IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys 19:32:41.0551 6104IntcHdmiAddService - ok 19:32:41.0582 6104intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 19:32:41.0598 6104intelide - ok 19:32:41.0707 6104intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:32:41.0707 6104intelppm - ok 19:32:41.0738 6104IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:32:41.0738 6104IpFilterDriver - ok 19:32:41.0847 6104IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 19:32:41.0847 6104IPMIDRV - ok 19:32:41.0972 6104IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:32:41.0988 6104IPNAT - ok 19:32:42.0066 6104IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:32:42.0066 6104IRENUM - ok 19:32:42.0175 6104isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 19:32:42.0175 6104isapnp - ok 19:32:42.0284 6104iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 19:32:42.0284 6104iScsiPrt - ok 19:32:42.0393 6104kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:32:42.0393 6104kbdclass - ok 19:32:42.0440 6104kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 19:32:42.0440 6104kbdhid - ok 19:32:42.0627 6104KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 19:32:42.0627 6104KSecDD - ok 19:32:42.0924 6104KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 19:32:42.0924 6104KSecPkg - ok 19:32:43.0064 6104ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:32:43.0064 6104ksthunk - ok 19:32:43.0423 6104lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:32:43.0423 6104lltdio - ok 19:32:43.0610 6104LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:32:43.0610 6104LSI_FC - ok 19:32:43.0672 6104LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:32:43.0672 6104LSI_SAS - ok 19:32:43.0860 6104LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:32:43.0860 6104LSI_SAS2 - ok 19:32:44.0031 6104LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:32:44.0031 6104LSI_SCSI - ok 19:32:44.0078 6104luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:32:44.0078 6104luafv - ok 19:32:44.0343 6104MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 19:32:44.0343 6104MBAMProtector - ok 19:32:44.0702 6104mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 19:32:44.0702 6104mdmxsdk - ok 19:32:45.0279 6104megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:32:45.0279 6104megasas - ok 19:32:45.0420 6104MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:32:45.0420 6104MegaSR - ok 19:32:45.0498 6104Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:32:45.0498 6104Modem - ok 19:32:45.0654 6104monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:32:45.0654 6104monitor - ok 19:32:45.0747 6104mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:32:45.0747 6104mouclass - ok 19:32:45.0856 6104mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:32:45.0856 6104mouhid - ok 19:32:46.0028 6104mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 19:32:46.0028 6104mountmgr - ok 19:32:46.0184 6104mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 19:32:46.0184 6104mpio - ok 19:32:46.0574 6104mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:32:46.0574 6104mpsdrv - ok 19:32:46.0792 6104MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 19:32:46.0792 6104MRxDAV - ok 19:32:47.0198 6104mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:32:47.0198 6104mrxsmb - ok 19:32:47.0572 6104mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:32:47.0588 6104mrxsmb10 - ok 19:32:47.0806 6104mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:32:47.0806 6104mrxsmb20 - ok 19:32:47.0931 6104msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 19:32:47.0931 6104msahci - ok 19:32:47.0994 6104msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 19:32:48.0009 6104msdsm - ok 19:32:48.0103 6104Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:32:48.0103 6104Msfs - ok 19:32:48.0243 6104mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:32:48.0243 6104mshidkmdf - ok 19:32:48.0368 6104msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 19:32:48.0368 6104msisadrv - ok 19:32:48.0524 6104MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:32:48.0524 6104MSKSSRV - ok 19:32:48.0696 6104MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:32:48.0696 6104MSPCLOCK - ok 19:32:48.0883 6104MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:32:48.0883 6104MSPQM - ok 19:32:49.0117 6104MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 19:32:49.0117 6104MsRPC - ok 19:32:49.0351 6104mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 19:32:49.0351 6104mssmbios - ok 19:32:49.0413 6104MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:32:49.0413 6104MSTEE - ok 19:32:49.0507 6104MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:32:49.0507 6104MTConfig - ok 19:32:49.0554 6104Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:32:49.0554 6104Mup - ok 19:32:49.0850 6104NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:32:49.0850 6104NativeWifiP - ok 19:32:50.0053 6104NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\ENG64.SYS 19:32:50.0053 6104NAVENG - ok 19:32:50.0131 6104NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\EX64.SYS 19:32:50.0146 6104NAVEX15 - ok 19:32:50.0380 6104NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 19:32:50.0396 6104NDIS - ok 19:32:50.0521 6104NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:32:50.0521 6104NdisCap - ok 19:32:50.0568 6104NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:32:50.0568 6104NdisTapi - ok 19:32:50.0802 6104Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 19:32:50.0802 6104Ndisuio - ok 19:32:51.0114 6104NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:32:51.0114 6104NdisWan - ok 19:32:51.0207 6104NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 19:32:51.0207 6104NDProxy - ok 19:32:51.0238 6104NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:32:51.0254 6104NetBIOS - ok 19:32:51.0285 6104NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 19:32:51.0285 6104NetBT - ok 19:32:51.0644 6104NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys 19:32:51.0691 6104NETw1v64 - ok 19:32:51.0987 6104NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys 19:32:52.0034 6104NETw5s64 - ok 19:32:52.0627 6104netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 19:32:52.0658 6104netw5v64 - ok 19:32:52.0798 6104nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:32:52.0798 6104nfrd960 - ok 19:32:52.0876 6104Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:32:52.0876 6104Npfs - ok 19:32:53.0017 6104nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:32:53.0017 6104nsiproxy - ok 19:32:53.0438 6104Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 19:32:53.0454 6104Ntfs - ok 19:32:53.0625 6104Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:32:53.0625 6104Null - ok 19:32:53.0703 6104nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 19:32:53.0703 6104nvraid - ok 19:32:53.0875 6104nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 19:32:53.0875 6104nvstor - ok 19:32:53.0984 6104nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 19:32:53.0984 6104nv_agp - ok 19:32:54.0031 6104ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 19:32:54.0031 6104ohci1394 - ok 19:32:54.0249 6104Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:32:54.0249 6104Parport - ok 19:32:54.0343 6104partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 19:32:54.0343 6104partmgr - ok 19:32:54.0546 6104pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 19:32:54.0546 6104pci - ok 19:32:54.0764 6104pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 19:32:54.0764 6104pciide - ok 19:32:54.0904 6104pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:32:54.0920 6104pcmcia - ok 19:32:55.0107 6104pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:32:55.0107 6104pcw - ok 19:32:55.0294 6104PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:32:55.0294 6104PEAUTH - ok 19:32:55.0466 6104PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 19:32:55.0482 6104PptpMiniport - ok 19:32:55.0575 6104Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:32:55.0591 6104Processor - ok 19:32:55.0778 6104Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 19:32:55.0778 6104Psched - ok 19:32:55.0887 6104ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:32:55.0903 6104ql2300 - ok 19:32:56.0028 6104ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:32:56.0028 6104ql40xx - ok 19:32:56.0215 6104QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:32:56.0215 6104QWAVEdrv - ok 19:32:56.0293 6104RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:32:56.0293 6104RasAcd - ok 19:32:56.0340 6104RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:32:56.0340 6104RasAgileVpn - ok 19:32:56.0449 6104Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:32:56.0449 6104Rasl2tp - ok 19:32:56.0542 6104RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:32:56.0542 6104RasPppoe - ok 19:32:56.0620 6104RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:32:56.0620 6104RasSstp - ok 19:32:56.0652 6104rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 19:32:56.0652 6104rdbss - ok 19:32:56.0823 6104rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:32:56.0823 6104rdpbus - ok 19:32:56.0870 6104RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:32:56.0870 6104RDPCDD - ok 19:32:56.0995 6104RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:32:56.0995 6104RDPENCDD - ok 19:32:57.0042 6104RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:32:57.0042 6104RDPREFMP - ok 19:32:57.0073 6104RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 19:32:57.0073 6104RDPWD - ok 19:32:57.0166 6104rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 19:32:57.0166 6104rdyboost - ok 19:32:57.0354 6104rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:32:57.0354 6104rspndr - ok 19:32:57.0510 6104RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys 19:32:57.0510 6104RSUSBSTOR - ok 19:32:57.0666 6104RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 19:32:57.0666 6104RTL8167 - ok 19:32:57.0759 6104RtsUIR - ok 19:32:57.0853 6104SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 19:32:57.0853 6104SASDIFSV - ok 19:32:57.0884 6104SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 19:32:57.0884 6104SASKUTIL - ok 19:32:58.0009 6104sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 19:32:58.0009 6104sbp2port - ok 19:32:58.0040 6104scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 19:32:58.0040 6104scfilter - ok 19:32:58.0258 6104sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 19:32:58.0258 6104sdbus - ok 19:32:58.0321 6104secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:32:58.0321 6104secdrv - ok 19:32:58.0446 6104Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:32:58.0446 6104Serenum - ok 19:32:58.0492 6104Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:32:58.0492 6104Serial - ok 19:32:58.0524 6104sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:32:58.0524 6104sermouse - ok 19:32:58.0680 6104sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 19:32:58.0680 6104sffdisk - ok 19:32:58.0711 6104sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 19:32:58.0711 6104sffp_mmc - ok 19:32:58.0773 6104sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:32:58.0773 6104sffp_sd - ok 19:32:58.0851 6104sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:32:58.0851 6104sfloppy - ok 19:32:58.0960 6104SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:32:58.0960 6104SiSRaid2 - ok 19:32:59.0038 6104SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:32:59.0038 6104SiSRaid4 - ok 19:32:59.0132 6104Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:32:59.0132 6104Smb - ok 19:32:59.0319 6104spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:32:59.0319 6104spldr - ok 19:32:59.0413 6104SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS 19:32:59.0428 6104SRTSP - ok 19:32:59.0522 6104SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS 19:32:59.0522 6104SRTSPL - ok 19:32:59.0616 6104SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS 19:32:59.0616 6104SRTSPX - ok 19:32:59.0678 6104srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 19:32:59.0678 6104srv - ok 19:32:59.0974 6104srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 19:32:59.0974 6104srv2 - ok 19:33:00.0271 6104SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 19:33:00.0271 6104SrvHsfHDA - ok 19:33:00.0583 6104SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 19:33:00.0583 6104SrvHsfV92 - ok 19:33:00.0926 6104SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 19:33:00.0942 6104SrvHsfWinac - ok 19:33:01.0098 6104srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 19:33:01.0098 6104srvnet - ok 19:33:01.0222 6104stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:33:01.0222 6104stexstor - ok 19:33:01.0254 6104swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 19:33:01.0254 6104swenum - ok 19:33:01.0394 6104SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 19:33:01.0394 6104SymEvent - ok 19:33:01.0441 6104SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 19:33:01.0456 6104SynTP - ok 19:33:01.0753 6104Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 19:33:01.0768 6104Tcpip - ok 19:33:01.0956 6104TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 19:33:01.0971 6104TCPIP6 - ok 19:33:02.0112 6104tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 19:33:02.0112 6104tcpipreg - ok 19:33:02.0158 6104TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:33:02.0158 6104TDPIPE - ok 19:33:02.0205 6104TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:33:02.0221 6104TDTCP - ok 19:33:02.0283 6104tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 19:33:02.0299 6104tdx - ok 19:33:02.0330 6104Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys 19:33:02.0330 6104Teefer2 - ok 19:33:02.0470 6104TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 19:33:02.0470 6104TermDD - ok 19:33:02.0595 6104tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:33:02.0595 6104tssecsrv - ok 19:33:02.0642 6104tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 19:33:02.0658 6104tunnel - ok 19:33:02.0798 6104uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:33:02.0798 6104uagp35 - ok 19:33:02.0954 6104udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 19:33:02.0954 6104udfs - ok 19:33:03.0079 6104uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 19:33:03.0079 6104uliagpkx - ok 19:33:03.0110 6104umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 19:33:03.0110 6104umbus - ok 19:33:03.0141 6104UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:33:03.0141 6104UmPass - ok 19:33:03.0250 6104USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys 19:33:03.0250 6104USBAAPL64 - ok 19:33:03.0313 6104usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 19:33:03.0313 6104usbccgp - ok 19:33:03.0453 6104USBCCID - ok 19:33:03.0547 6104usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 19:33:03.0547 6104usbcir - ok 19:33:03.0656 6104usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 19:33:03.0656 6104usbehci - ok 19:33:03.0812 6104usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 19:33:03.0812 6104usbhub - ok 19:33:03.0968 6104usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 19:33:03.0968 6104usbohci - ok 19:33:04.0030 6104usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:33:04.0030 6104usbprint - ok 19:33:04.0233 6104USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:33:04.0233 6104USBSTOR - ok 19:33:04.0483 6104usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys 19:33:04.0483 6104usbuhci - ok 19:33:04.0982 6104usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 19:33:04.0982 6104usbvideo - ok 19:33:05.0154 6104usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 19:33:05.0154 6104usb_rndisx - ok 19:33:05.0341 6104vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 19:33:05.0341 6104vdrvroot - ok 19:33:05.0434 6104vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:33:05.0434 6104vga - ok 19:33:05.0528 6104VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:33:05.0528 6104VgaSave - ok 19:33:05.0653 6104vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 19:33:05.0653 6104vhdmp - ok 19:33:05.0762 6104viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 19:33:05.0778 6104viaide - ok 19:33:05.0887 6104volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 19:33:05.0887 6104volmgr - ok 19:33:05.0980 6104volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 19:33:05.0980 6104volmgrx - ok 19:33:06.0105 6104volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 19:33:06.0121 6104volsnap - ok 19:33:06.0246 6104vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:33:06.0261 6104vsmraid - ok 19:33:06.0417 6104vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:33:06.0417 6104vwifibus - ok 19:33:06.0573 6104vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:33:06.0573 6104vwififlt - ok 19:33:06.0667 6104WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:33:06.0667 6104WacomPen - ok 19:33:06.0792 6104WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:33:06.0792 6104WANARP - ok 19:33:06.0823 6104Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:33:06.0823 6104Wanarpv6 - ok 19:33:06.0963 6104Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:33:06.0979 6104Wd - ok 19:33:07.0088 6104Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:33:07.0088 6104Wdf01000 - ok 19:33:07.0244 6104WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:33:07.0244 6104WfpLwf - ok 19:33:07.0291 6104WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:33:07.0291 6104WIMMount - ok 19:33:07.0462 6104winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 19:33:07.0478 6104winachsf - ok 19:33:07.0603 6104WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:33:07.0603 6104WmiAcpi - ok 19:33:07.0712 6104WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys 19:33:07.0712 6104WPS - ok 19:33:07.0743 6104WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys 19:33:07.0743 6104WpsHelper - ok 19:33:07.0837 6104ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:33:07.0837 6104ws2ifsl - ok 19:33:07.0884 6104WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 19:33:07.0884 6104WudfPf - ok 19:33:07.0993 6104WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:33:07.0993 6104WUDFRd - ok 19:33:08.0071 6104XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 19:33:08.0071 6104XAudio - ok 19:33:08.0180 6104yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 19:33:08.0180 6104yukonw7 - ok 19:33:08.0227 6104MBR (0x1B8) (de23ad1285d12ab3358945dc7628786c) \Device\Harddisk0\DR0 19:33:08.0289 6104\Device\Harddisk0\DR0 - ok 19:33:08.0305 6104Boot (0x1200) (fb66b5aa8fc754b3e8d6cbe53e923388) \Device\Harddisk0\DR0\Partition0 19:33:08.0305 6104\Device\Harddisk0\DR0\Partition0 - ok 19:33:08.0336 6104Boot (0x1200) (eb4ff44826345e9bf9d9ee2dffa708a8) \Device\Harddisk0\DR0\Partition1 19:33:08.0352 6104\Device\Harddisk0\DR0\Partition1 - ok 19:33:08.0398 6104Boot (0x1200) (4bd104a4728070cb0b19a1e50009d080) \Device\Harddisk0\DR0\Partition2 19:33:08.0445 6104\Device\Harddisk0\DR0\Partition2 - ok 19:33:08.0445 6104============================================================ 19:33:08.0445 6104Scan finished 19:33:08.0445 6104============================================================ 19:33:08.0461 2376Detected object count: 0 19:33:08.0461 2376Actual detected object count: 0 Could you please run aswMBR.exe as described in Reply # 16?aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-03-13 20:40:03 ----------------------------- 20:40:03.044 OS Version: Windows x64 6.1.7600 20:40:03.044 Number of processors: 2 586 0x170A 20:40:03.044 ComputerName: INVISIGOTH-PC UserName: Invisigoth 20:40:04.589 Initialize success 20:41:05.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:41:05.462 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 11 20:41:05.493 Disk 0 MBR read successfully 20:41:05.493 Disk 0 MBR scan 20:41:05.493 Disk 0 unknown MBR code 20:41:05.509 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 20:41:05.524 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600 20:41:05.555 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320 20:41:05.587 Disk 0 scanning C:\Windows\system32\drivers 20:41:11.795 Service scanning 20:41:27.333 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32 20:41:30.032 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32 20:41:30.094 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32 20:41:31.592 Modules scanning 20:41:32.107 Disk 0 trace - called modules: 20:41:32.138 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 20:41:32.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004922660] 20:41:32.153 3 CLASSPNP.SYS[fffff880010fa43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046fa060] 20:41:32.169 Scan finished successfully 20:43:45.783 Disk 0 MBR has been saved successfully to "C:\Users\Invisigoth\Desktop\MBR.dat" 20:43:45.799 The log file has been saved successfully to "C:\Users\Invisigoth\Desktop\aswMBR.txt" Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. Link 1 Link 2 Link 3 •Double-click on MBRCheck.exe to run it. •It will open a black window...please do not fix anything (if it gives you an option). •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop. •Please copy and paste the contents of that log in your next reply.MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version:Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board MANUFACTURER:Wistron BIOS Manufacturer:Hewlett-Packard System Manufacturer:Hewlett-Packard System Product Name:HP G60 Notebook PC Logical Drives Mask:0x0000001c Kernel Drivers (total 240): 0x02C49000 \SystemRoot\system32\ntoskrnl.exe 0x02C00000 \SystemRoot\system32\hal.dll 0x00BC7000 \SystemRoot\system32\kdcom.dll 0x00CC5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D09000 \SystemRoot\system32\PSHED.dll 0x00D1D000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00EF7000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F9B000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys 0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00EAA000 \SystemRoot\system32\DRIVERS\isapnp.sys 0x00EB3000 \SystemRoot\system32\DRIVERS\mpio.sys 0x00EDD000 \SystemRoot\System32\drivers\partmgr.sys 0x00FAA000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00FB3000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FBF000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D7B000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FD4000 \SystemRoot\system32\DRIVERS\intelide.sys 0x00FDC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00FEC000 \SystemRoot\system32\DRIVERS\aliide.sys 0x00FF3000 \SystemRoot\system32\DRIVERS\amdide.sys 0x00DD7000 \SystemRoot\system32\DRIVERS\cmdide.sys 0x00DDF000 \SystemRoot\System32\drivers\mountmgr.sys 0x0105C000 \SystemRoot\system32\DRIVERS\msdsm.sys 0x01082000 \SystemRoot\system32\drivers\nvraid.sys 0x010AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x010DA000 \SystemRoot\system32\DRIVERS\pciide.sys 0x010E1000 \SystemRoot\system32\DRIVERS\viaide.sys 0x0129E000 \SystemRoot\system32\drivers\iaStorV.sys 0x013BC000 \SystemRoot\system32\DRIVERS\atapi.sys 0x013C5000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x01200000 \SystemRoot\system32\DRIVERS\lsi_sas.sys 0x0121D000 \SystemRoot\system32\DRIVERS\storport.sys 0x0127F000 \SystemRoot\system32\DRIVERS\msahci.sys 0x010E9000 \SystemRoot\system32\DRIVERS\HpSAMD.sys 0x01100000 \SystemRoot\system32\DRIVERS\adp94xx.sys 0x0117B000 \SystemRoot\system32\DRIVERS\adpahci.sys 0x011D1000 \SystemRoot\system32\DRIVERS\adpu320.sys 0x01000000 \SystemRoot\system32\drivers\amdsata.sys 0x01434000 \SystemRoot\system32\DRIVERS\amdsbs.sys 0x0147B000 \SystemRoot\system32\drivers\amdxata.sys 0x01486000 \SystemRoot\system32\DRIVERS\arc.sys 0x0149F000 \SystemRoot\system32\DRIVERS\arcsas.sys 0x014BA000 \SystemRoot\system32\DRIVERS\elxstor.sys 0x01541000 \SystemRoot\system32\DRIVERS\iirsp.sys 0x01552000 \SystemRoot\system32\DRIVERS\lsi_fc.sys 0x01571000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys 0x01584000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys 0x015A3000 \SystemRoot\system32\DRIVERS\megasas.sys 0x016E4000 \SystemRoot\system32\DRIVERS\MegaSR.sys 0x01788000 \SystemRoot\system32\DRIVERS\nfrd960.sys 0x01798000 \SystemRoot\system32\drivers\nvstor.sys 0x0181F000 \SystemRoot\system32\DRIVERS\ql2300.sys 0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys 0x019C3000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys 0x019D1000 \SystemRoot\system32\DRIVERS\sisraid4.sys 0x019E9000 \SystemRoot\system32\DRIVERS\stexstor.sys 0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x01689000 \SystemRoot\system32\drivers\fltmgr.sys 0x01800000 \SystemRoot\system32\drivers\fileinfo.sys 0x01A5A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01C9B000 \SystemRoot\System32\Drivers\msrpc.sys 0x01CF9000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01D13000 \SystemRoot\System32\Drivers\cng.sys 0x01D86000 \SystemRoot\System32\drivers\pcw.sys 0x01D97000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01E8B000 \SystemRoot\system32\drivers\ndis.sys 0x01F7D000 \SystemRoot\system32\drivers\NETIO.SYS 0x01E00000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x02000000 \SystemRoot\System32\drivers\tcpip.sys 0x01E2B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01E75000 \SystemRoot\system32\DRIVERS\wd.sys 0x01DA1000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01E7D000 \SystemRoot\System32\Drivers\spldr.sys 0x01FDD000 \SystemRoot\system32\DRIVERS\sbp2port.sys 0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys 0x01C3A000 \SystemRoot\System32\Drivers\mup.sys 0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01C55000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01A00000 \SystemRoot\system32\DRIVERS\disk.sys 0x017C3000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x034C6000 \SystemRoot\System32\Drivers\SRTSP64.SYS 0x04204000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\EX64.SYS 0x0353A000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 0x03570000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120213.002\ENG64.SYS 0x03590000 \SystemRoot\System32\Drivers\SRTSPX64.SYS 0x035A4000 \SystemRoot\System32\Drivers\Null.SYS 0x035AD000 \SystemRoot\System32\Drivers\Beep.SYS 0x035B4000 \SystemRoot\System32\drivers\vga.sys 0x035C2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x035E7000 \SystemRoot\System32\drivers\watchdog.sys 0x035F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03400000 \SystemRoot\system32\drivers\rdpencdd.sys 0x03409000 \SystemRoot\system32\drivers\rdprefmp.sys 0x03412000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0341D000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0342E000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0344C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03459000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys 0x044B7000 \SystemRoot\system32\drivers\afd.sys 0x04540000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04585000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04590000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04599000 \SystemRoot\system32\DRIVERS\pacer.sys 0x045BF000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x045D5000 \SystemRoot\system32\DRIVERS\netbios.sys 0x0441D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04438000 \SystemRoot\system32\DRIVERS\termdd.sys 0x0444C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x04456000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x04460000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x045E4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x045F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x04698000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 0x04711000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0x04737000 \SystemRoot\System32\drivers\discache.sys 0x04746000 \SystemRoot\System32\Drivers\dfsc.sys 0x04764000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04775000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0479B000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x047B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x050F9000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x05000000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x05B18000 \SystemRoot\System32\drivers\dxgmms1.sys 0x05B5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x05B6B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x05BC1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x05BD2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x047BA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x05E7C000 \SystemRoot\system32\DRIVERS\NETw5s64.sys 0x065DB000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x05E00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x05E1E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x05E2A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04600000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x05E39000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x05E3B000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x05E4A000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x05E4F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x05E5C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x065E8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04649000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x05E6C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0346C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0466D000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0349B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x01A34000 \SystemRoot\system32\DRIVERS\teefer2.sys 0x05E78000 \SystemRoot\system32\DRIVERS\swenum.sys 0x015AF000 \SystemRoot\system32\DRIVERS\ks.sys 0x017ED000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04A79000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04AD3000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04AE8000 \SystemRoot\system32\drivers\CHDRT64.sys 0x04B94000 \SystemRoot\system32\drivers\portcls.sys 0x04BD1000 \SystemRoot\system32\drivers\drmk.sys 0x04BF3000 \SystemRoot\system32\drivers\ksthunk.sys 0x04A00000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys 0x08218000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys 0x08477000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys 0x08542000 \SystemRoot\system32\drivers\modem.sys 0x08551000 \SystemRoot\system32\drivers\IntcHdmi.sys 0x08578000 \SystemRoot\System32\Drivers\crashdmp.sys 0x08586000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x08592000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x085AF000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x085BA000 \SystemRoot\System32\Drivers\usbvideo.sys 0x085E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00030000 \SystemRoot\System32\win32k.sys 0x08400000 \SystemRoot\System32\drivers\Dxapi.sys 0x0840C000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00540000 \SystemRoot\System32\TSDDD.dll 0x007B0000 \SystemRoot\System32\cdd.dll 0x00940000 \SystemRoot\System32\ATMFD.DLL 0x0841A000 \SystemRoot\system32\drivers\luafv.sys 0x0843D000 \SystemRoot\system32\drivers\WudfPf.sys 0x0845E000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0838C000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x083DF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x08200000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0309A000 \SystemRoot\system32\drivers\HTTP.sys 0x03162000 \??\C:\Windows\system32\drivers\WpsHelper.sys 0x0319D000 \SystemRoot\system32\DRIVERS\bowser.sys 0x031BB000 \SystemRoot\System32\drivers\mpsdrv.sys 0x031D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0304E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03071000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys 0x0307A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x09426000 \SystemRoot\system32\drivers\peauth.sys 0x094CC000 \SystemRoot\System32\Drivers\secdrv.SYS 0x094D7000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x09504000 \SystemRoot\System32\drivers\tcpipreg.sys 0x09516000 \SystemRoot\system32\DRIVERS\XAudio64.sys 0x0951E000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09A18000 \SystemRoot\System32\DRIVERS\srv.sys 0x09AAD000 \??\C:\Windows\system32\drivers\mbam.sys 0x778B0000 \Windows\System32\ntdll.dll 0x47BE0000 \Windows\System32\smss.exe 0xFFBD0000 \Windows\System32\apisetschema.dll 0xFF850000 \Windows\System32\autochk.exe 0xFFAE0000 \Windows\System32\advapi32.dll 0xFFA70000 \Windows\System32\gdi32.dll 0xFFA40000 \Windows\System32\imm32.dll 0xFFA30000 \Windows\System32\lpk.dll 0xFF990000 \Windows\System32\clbcatq.dll 0x77750000 \Windows\System32\wininet.dll 0xFF8B0000 \Windows\System32\oleaut32.dll 0xFEB20000 \Windows\System32\shell32.dll 0xFEA10000 \Windows\System32\msctf.dll 0xFE9F0000 \Windows\System32\sechost.dll 0x77600000 \Windows\System32\urlmon.dll 0x77A80000 \Windows\System32\normaliz.dll 0xFE9D0000 \Windows\System32\imagehlp.dll 0xFE7C0000 \Windows\System32\ole32.dll 0xFE6F0000 \Windows\System32\usp10.dll 0xFE6A0000 \Windows\System32\ws2_32.dll 0x77500000 \Windows\System32\user32.dll 0xFE4C0000 \Windows\System32\setupapi.dll 0x773E0000 \Windows\System32\kernel32.dll 0x771D0000 \Windows\System32\iertutil.dll 0xFE420000 \Windows\System32\msvcrt.dll 0xFE380000 \Windows\System32\comdlg32.dll 0xFE330000 \Windows\System32\Wldap32.dll 0xFE2B0000 \Windows\System32\difxapi.dll 0xFE230000 \Windows\System32\shlwapi.dll 0xFE220000 \Windows\System32\nsi.dll 0x77A70000 \Windows\System32\psapi.dll 0xFE0F0000 \Windows\System32\rpcrt4.dll 0xFDF80000 \Windows\System32\crypt32.dll 0xFDF10000 \Windows\System32\KernelBase.dll 0xFDED0000 \Windows\System32\wintrust.dll 0xFDE90000 \Windows\System32\cfgmgr32.dll 0xFDE70000 \Windows\System32\devobj.dll 0xFDDD0000 \Windows\System32\comctl32.dll 0xFDDC0000 \Windows\System32\msasn1.dll Processes (total 84): 0 System Idle Process 4 System 280 C:\Windows\System32\smss.exe 388 csrss.exe 448 csrss.exe 456 C:\Windows\System32\wininit.exe 504 C:\Windows\System32\winlogon.exe 552 C:\Windows\System32\services.exe 560 C:\Windows\System32\lsass.exe 572 C:\Windows\System32\lsm.exe 660 C:\Windows\System32\svchost.exe 740 C:\Windows\System32\svchost.exe 840 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\svchost.exe 900 C:\Windows\System32\svchost.exe 248 C:\Windows\System32\svchost.exe 452 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 336 C:\Windows\System32\svchost.exe 1144 C:\Windows\explorer.exe 1180 C:\Windows\System32\dwm.exe 1196 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 1572 C:\Windows\System32\taskhost.exe 1620 C:\Windows\System32\spoolsv.exe 1704 C:\Windows\System32\svchost.exe 1744 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1896 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe 1904 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe 1980 C:\Program Files\Java\jre6\bin\jusched.exe 1296 C:\Windows\System32\igfxtray.exe 1152 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 1380 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1736 C:\Windows\System32\hkcmd.exe 948 C:\Windows\System32\igfxpers.exe 2060 C:\Windows\WindowsMobile\wmdc.exe 2100 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 2120 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2312 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 2320 C:\Program Files (x86)\HP\QuickPlay\QPService.exe 2424 C:\Users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe 2436 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 2444 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe 2496 C:\Windows\System32\svchost.exe 2632 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2648 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 2692 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe 2764 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 2772 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe 2860 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 2872 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2952 C:\Program Files (x86)\iTunes\iTunesHelper.exe 2988 C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe 3004 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 1336 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2276 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe 2216 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 1244 C:\Windows\System32\svchost.exe 2540 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 1524 C:\Windows\SysWOW64\schtasks.exe 2520 C:\Windows\System32\conhost.exe 1684 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe 3100 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe 3732 C:\Program Files\iPod\bin\iPodService.exe 3928 C:\Windows\System32\SearchIndexer.exe 4008 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 3332 C:\Windows\System32\svchost.exe 2240 C:\Windows\System32\svchost.exe 3764 WmiPrvSE.exe 4108 C:\Windows\System32\svchost.exe 4336 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4564 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4944 C:\Program Files\Windows Media Player\wmpnetwk.exe 4200 C:\Windows\System32\svchost.exe 4772 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 4840 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe 3296 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 4224 C:\Windows\System32\svchost.exe 4384 C:\Windows\System32\taskhost.exe 3532 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3228 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3640 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe 6040 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe 2972 C:\Users\Invisigoth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ0AHTSU\MBRCheck.exe 5512 C:\Windows\System32\conhost.exe 5008 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`8e200000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OCA0G Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: A2373E353ECEDDBAE737B434911DAC16176437C B Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Please Boot to the System Recovery Options If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article). It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)... NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it. On the System Recovery Options menu you will get the following options:
Choose Command Prompt You should see X:\SOURCES>... Execute the following commands in bold. Press Enter after every one of them. bootrec /fixmbr (<--- there is a "space" after "bootrec") bootrec /fixboot (<--- there is a "space" after "bootrec") exit Restart computer.Thanks again SuperDave and sorry about the delay in response. Followed the steps you suggested but under command prompt no X:\SOURCES>... popped up and when I typed it in it said "access denied". I ran both bootrec /fixmbr and bootrec /fixboot anyways then restrated cpu. I hope that was the right thing to do?Please run MBRCheck.exe as outlined in Reply # 22 and post the log.Here is MBRcheck.exe MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version:Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer:Wistron BIOS Manufacturer:Hewlett-Packard System Manufacturer:Hewlett-Packard System Product Name:HP G60 Notebook PC Logical Drives Mask:0x0000001c Kernel Drivers (total 241): 0x02C67000 \SystemRoot\system32\ntoskrnl.exe 0x02C1E000 \SystemRoot\system32\hal.dll 0x00B9B000 \SystemRoot\system32\kdcom.dll 0x00C7F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CC3000 \SystemRoot\system32\PSHED.dll 0x00CD7000 \SystemRoot\system32\CLFS.SYS 0x00D35000 \SystemRoot\system32\CI.dll 0x00EAD000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F51000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F60000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FB7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FC0000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00FCA000 \SystemRoot\system32\DRIVERS\pci.sys 0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00E0D000 \SystemRoot\system32\DRIVERS\isapnp.sys 0x00E16000 \SystemRoot\system32\DRIVERS\mpio.sys 0x00E40000 \SystemRoot\System32\drivers\partmgr.sys 0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E7F000 \SystemRoot\system32\DRIVERS\intelide.sys 0x00E87000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E97000 \SystemRoot\system32\DRIVERS\aliide.sys 0x00E9E000 \SystemRoot\system32\DRIVERS\amdide.sys 0x00EA5000 \SystemRoot\system32\DRIVERS\cmdide.sys 0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys 0x01030000 \SystemRoot\system32\DRIVERS\msdsm.sys 0x01056000 \SystemRoot\system32\drivers\nvraid.sys 0x0107E000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x010AE000 \SystemRoot\system32\DRIVERS\pciide.sys 0x010B5000 \SystemRoot\system32\DRIVERS\viaide.sys 0x010BD000 \SystemRoot\system32\drivers\iaStorV.sys 0x011DB000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x0127A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys 0x01297000 \SystemRoot\system32\DRIVERS\storport.sys 0x012F9000 \SystemRoot\system32\DRIVERS\msahci.sys 0x01304000 \SystemRoot\system32\DRIVERS\HpSAMD.sys 0x0131B000 \SystemRoot\system32\DRIVERS\adp94xx.sys 0x01396000 \SystemRoot\system32\DRIVERS\adpahci.sys 0x01200000 \SystemRoot\system32\DRIVERS\adpu320.sys 0x0122F000 \SystemRoot\system32\drivers\amdsata.sys 0x01466000 \SystemRoot\system32\DRIVERS\amdsbs.sys 0x014AD000 \SystemRoot\system32\drivers\amdxata.sys 0x014B8000 \SystemRoot\system32\DRIVERS\arc.sys 0x014D1000 \SystemRoot\system32\DRIVERS\arcsas.sys 0x014EC000 \SystemRoot\system32\DRIVERS\elxstor.sys 0x01573000 \SystemRoot\system32\DRIVERS\iirsp.sys 0x01584000 \SystemRoot\system32\DRIVERS\lsi_fc.sys 0x015A3000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys 0x015B6000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys 0x015D5000 \SystemRoot\system32\DRIVERS\megasas.sys 0x0161A000 \SystemRoot\system32\DRIVERS\MegaSR.sys 0x016BE000 \SystemRoot\system32\DRIVERS\nfrd960.sys 0x016CE000 \SystemRoot\system32\drivers\nvstor.sys 0x0181B000 \SystemRoot\system32\DRIVERS\ql2300.sys 0x016F9000 \SystemRoot\system32\DRIVERS\ql40xx.sys 0x019BF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys 0x019CD000 \SystemRoot\system32\DRIVERS\sisraid4.sys 0x019E5000 \SystemRoot\system32\DRIVERS\stexstor.sys 0x01758000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x01782000 \SystemRoot\system32\drivers\fltmgr.sys 0x01800000 \SystemRoot\system32\drivers\fileinfo.sys 0x01A47000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01400000 \SystemRoot\System32\Drivers\msrpc.sys 0x01A00000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01CDE000 \SystemRoot\System32\Drivers\cng.sys 0x01D51000 \SystemRoot\System32\drivers\pcw.sys 0x01D62000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01E11000 \SystemRoot\system32\drivers\ndis.sys 0x01F03000 \SystemRoot\system32\drivers\NETIO.SYS 0x01F63000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x02002000 \SystemRoot\System32\drivers\tcpip.sys 0x01F8E000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01FD8000 \SystemRoot\system32\DRIVERS\wd.sys 0x01D6C000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01FE0000 \SystemRoot\System32\Drivers\spldr.sys 0x01DB8000 \SystemRoot\system32\DRIVERS\sbp2port.sys 0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys 0x01FE8000 \SystemRoot\System32\Drivers\mup.sys 0x01E00000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01C3A000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01C74000 \SystemRoot\system32\DRIVERS\disk.sys 0x01DD5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x0343E000 \SystemRoot\System32\Drivers\SRTSP64.SYS 0x034B2000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 0x03508000 \SystemRoot\System32\Drivers\SRTSPX64.SYS 0x0351C000 \SystemRoot\System32\Drivers\Null.SYS 0x03525000 \SystemRoot\System32\Drivers\Beep.SYS 0x0352C000 \SystemRoot\System32\drivers\vga.sys 0x0353A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x0355F000 \SystemRoot\System32\drivers\watchdog.sys 0x0356F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03578000 \SystemRoot\system32\drivers\rdpencdd.sys 0x03581000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0358A000 \SystemRoot\System32\Drivers\Msfs.SYS 0x03595000 \SystemRoot\System32\Drivers\Npfs.SYS 0x035A6000 \SystemRoot\system32\DRIVERS\tdx.sys 0x035C4000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x035D1000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys 0x044E9000 \SystemRoot\system32\drivers\afd.sys 0x04572000 \SystemRoot\System32\DRIVERS\netbt.sys 0x045B7000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x045C2000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x045CB000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04400000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04416000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04442000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0445D000 \SystemRoot\system32\DRIVERS\termdd.sys 0x04471000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x0447B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x04485000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x044D6000 \SystemRoot\system32\drivers\nsiproxy.sys 0x045F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x046A4000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 0x0471D000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0x04743000 \SystemRoot\System32\drivers\discache.sys 0x04752000 \SystemRoot\System32\Drivers\dfsc.sys 0x04770000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04781000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x047A7000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x047BD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x050F6000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x05000000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x05B15000 \SystemRoot\System32\drivers\dxgmms1.sys 0x05B5B000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x05B68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x05BBE000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x05BCF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x047C6000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x05E14000 \SystemRoot\system32\DRIVERS\NETw5s64.sys 0x06573000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x06580000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x0659E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x065AA000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04600000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x065B9000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x065BB000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x065CA000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x065CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x065DC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04649000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0465F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x065EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03400000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x04683000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x01A1A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04425000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x017CE000 \SystemRoot\system32\DRIVERS\teefer2.sys 0x065F8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x048C9000 \SystemRoot\system32\DRIVERS\ks.sys 0x0490C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0491E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04978000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04800000 \SystemRoot\system32\drivers\CHDRT64.sys 0x0498D000 \SystemRoot\system32\drivers\portcls.sys 0x049CA000 \SystemRoot\system32\drivers\drmk.sys 0x049EC000 \SystemRoot\system32\drivers\ksthunk.sys 0x08260000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys 0x0843E000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys 0x082B2000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys 0x085B2000 \SystemRoot\system32\drivers\modem.sys 0x085C1000 \SystemRoot\system32\drivers\IntcHdmi.sys 0x085E8000 \SystemRoot\System32\Drivers\crashdmp.sys 0x08400000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x0840C000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x08417000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x0837D000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0839A000 \SystemRoot\System32\Drivers\usbvideo.sys 0x00000000 \SystemRoot\System32\win32k.sys 0x0842A000 \SystemRoot\System32\drivers\Dxapi.sys 0x083C8000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00560000 \SystemRoot\System32\TSDDD.dll 0x00650000 \SystemRoot\System32\cdd.dll 0x008E0000 \SystemRoot\System32\ATMFD.DLL 0x083D6000 \SystemRoot\system32\drivers\luafv.sys 0x08200000 \SystemRoot\system32\drivers\WudfPf.sys 0x08221000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x01C8A000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x08236000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x048AC000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x030DD000 \SystemRoot\system32\drivers\HTTP.sys 0x031A5000 \SystemRoot\system32\DRIVERS\bowser.sys 0x031C3000 \??\C:\Windows\system32\drivers\WpsHelper.sys 0x03000000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03018000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03045000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03093000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x030B6000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys 0x030BF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x096E7000 \SystemRoot\system32\drivers\peauth.sys 0x0978D000 \SystemRoot\System32\Drivers\secdrv.SYS 0x09798000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x097C5000 \SystemRoot\System32\drivers\tcpipreg.sys 0x097D7000 \SystemRoot\system32\DRIVERS\XAudio64.sys 0x09600000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09EC3000 \SystemRoot\System32\DRIVERS\srv.sys 0x09F58000 \??\C:\Windows\system32\drivers\mbam.sys 0x04206000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120322.003\EX64.SYS 0x09FD3000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120322.003\ENG64.SYS 0x77410000 \Windows\System32\ntdll.dll 0x47ED0000 \Windows\System32\smss.exe 0xFF730000 \Windows\System32\apisetschema.dll 0xFF0D0000 \Windows\System32\autochk.exe 0xFF6A0000 \Windows\System32\shlwapi.dll 0xFF690000 \Windows\System32\nsi.dll 0x772F0000 \Windows\System32\kernel32.dll 0xFF5B0000 \Windows\System32\oleaut32.dll 0x775E0000 \Windows\System32\normaliz.dll 0xFF5A0000 \Windows\System32\lpk.dll 0x77190000 \Windows\System32\wininet.dll 0xFF500000 \Windows\System32\msvcrt.dll 0xFF4B0000 \Windows\System32\Wldap32.dll 0x775D0000 \Windows\System32\psapi.dll 0xFF380000 \Windows\System32\rpcrt4.dll 0x77040000 \Windows\System32\urlmon.dll 0xFF2E0000 \Windows\System32\clbcatq.dll 0xFF260000 \Windows\System32\difxapi.dll 0xFF230000 \Windows\System32\imm32.dll 0xFF150000 \Windows\System32\advapi32.dll 0x76F40000 \Windows\System32\user32.dll 0xFE3C0000 \Windows\System32\shell32.dll 0xFE3A0000 \Windows\System32\sechost.dll 0xFE1C0000 \Windows\System32\setupapi.dll 0x76D30000 \Windows\System32\iertutil.dll 0xFDFB0000 \Windows\System32\ole32.dll 0xFDF90000 \Windows\System32\imagehlp.dll 0xFDF40000 \Windows\System32\ws2_32.dll 0xFDE30000 \Windows\System32\msctf.dll 0xFDDC0000 \Windows\System32\gdi32.dll 0xFDD20000 \Windows\System32\comdlg32.dll 0xFDC50000 \Windows\System32\usp10.dll 0xFDC10000 \Windows\System32\wintrust.dll 0xFDB70000 \Windows\System32\comctl32.dll 0xFDB50000 \Windows\System32\devobj.dll 0xFDAE0000 \Windows\System32\KernelBase.dll 0xFD970000 \Windows\System32\crypt32.dll 0xFD930000 \Windows\System32\cfgmgr32.dll 0xFD920000 \Windows\System32\msasn1.dll 0x775C0000 \Windows\SysWOW64\normaliz.dll Processes (total 84): 0 System Idle Process 4 System 272 C:\Windows\System32\smss.exe 380 csrss.exe 444 csrss.exe 452 C:\Windows\System32\wininit.exe 500 C:\Windows\System32\winlogon.exe 548 C:\Windows\System32\services.exe 556 C:\Windows\System32\lsass.exe 568 C:\Windows\System32\lsm.exe 660 C:\Windows\System32\svchost.exe 736 C:\Windows\System32\svchost.exe 832 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\svchost.exe 112 C:\Windows\System32\svchost.exe 376 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 332 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\dwm.exe 1132 C:\Windows\explorer.exe 1240 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 1516 C:\Windows\System32\spoolsv.exe 1556 C:\Windows\System32\svchost.exe 1660 C:\Windows\System32\taskhost.exe 1676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1844 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe 1920 C:\Program Files\Java\jre6\bin\jusched.exe 1976 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 2016 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe 992 C:\Windows\System32\igfxtray.exe 968 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1264 C:\Windows\System32\hkcmd.exe 932 C:\Windows\System32\igfxpers.exe 436 C:\Windows\WindowsMobile\wmdc.exe 2060 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 2088 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2200 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 2296 C:\Program Files (x86)\HP\QuickPlay\QPService.exe 2408 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 2420 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe 2444 C:\Users\Invisigoth\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe 2496 C:\Windows\System32\svchost.exe 2592 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2600 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 2676 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe 2760 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 2824 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe 2880 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 2892 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2960 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3028 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3036 C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe 1460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 728 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe 828 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2432 C:\Windows\System32\svchost.exe 2480 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 1296 C:\Windows\SysWOW64\schtasks.exe 2612 C:\Windows\System32\conhost.exe 592 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe 3104 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe 3784 C:\Program Files\iPod\bin\iPodService.exe 3812 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 3920 C:\Windows\System32\SearchIndexer.exe 4044 C:\Windows\System32\svchost.exe 2340 C:\Windows\System32\svchost.exe 3572 WmiPrvSE.exe 3316 C:\Windows\System32\svchost.exe 4212 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4412 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4540 C:\Program Files\Windows Media Player\wmpnetwk.exe 4144 C:\Windows\System32\svchost.exe 5068 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 4520 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe 1096 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 3768 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3616 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3792 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe 4432 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe 2440 C:\Windows\System32\SearchProtocolHost.exe 4308 C:\Windows\System32\SearchFilterHost.exe 3444 C:\Windows\System32\dllhost.exe 3008 C:\Users\Invisigoth\Downloads\MBRCheck.exe 2068 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`8e200000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OCA0G Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9 Done!Please give me an update on how your computer is working now? |
|
| 3192. |
Solve : Where are the files of Antivirus program?? |
|
Answer» I have Windows XP and Guardian Antivirus 13.0. When installed the antivirus program made me download more than 100mb of DATA on my computer. Later my PC crashed and I lost all the data. I was wondering if some one can tell me where does it store the files so that I can take the backup and restore it later if my PC crashes. It is an automatic updata and I don't know where it stores the files. Please HELP. Thanks in advance.You could always check with the Guardian Antivirus WEBSITE but it is probably installed in Programs Files on your harddrive which is usually the C drive. My suggestion is to get RID of this AV and download and install an AV such as MicroSoft Security Essentials which is very effective and lite weight. The links are below. |
|
| 3193. |
Solve : browser hijacker? |
|
Answer» I use FireFox browser sometimes but mostly use Google Chrome. Recently I had "Freecorder" toolbar on FireFox but didn't like THING seemed like spyware or something and was playing ads even when there was no ad visible on whatever site I was at but this thing was playing audio advertising and really annoyed me, besides the software was buggy anyway so I WENT into Control Panel and uninstalled it. Image my surprise the toolbar was still there even after UNINSTALLING! >:/ So I went on Google and found others had the same problem and was told a method to get rid of t he toolbar, which seemed to work. How do I find out how this is occurring? Do I have more spyware on that browser or what? We can't tell you until you follow our Malware Removal Guide and post the requested logs. |
|
| 3194. |
Solve : Rogue scanner threat?? |
|
Answer» Recently, after clicking on the "box score section" of the mlb.com website, I was informed that AVG detected and blocked a severe rogue scanner VIRUS threat. This is the second time in the last month that I've received this message (but TRIGGERED by completely different sites). My computer seems to be running OKAY but, as I never remember ever having this problem before, I was wondering if anyone knows if I have anything to be worried about.If your computer is running as usual that means that the AV has done it's job. We can run some SCANS just to make SURE, if you wish. |
|
| 3195. |
Solve : Whitesmoke browser hijacker?? |
|
Answer» Superdave, the ESET scan found no threats and there was not a icon to press for a list. After downloading and before scan it had a list of programs that might effect the results, which was only windows defender, and I disabled it before scanning. I also update to IE9. The hard drive, which was making a noise before, has stopped making that noise so it seems like whatever you've done has helped, but im not sure if its gone. Before the update to IE9 the default home page for IE9 was set at isearch.whitesmoke, now its not. When I installed IE9 it asked if I wanted to make that my homepage and I said no(of course) and it hasn't redirected me yet. Let me know what i should do when you get a chance. Thanks alot
****************************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ********************************************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have SAVED all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your COMPUTER. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ****************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a MEDIOCRE firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. **************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security ADDON for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! I will follow these steps. Thanks a lot for your help Superdave! You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 3196. |
Solve : Help babylon and slow pc is my problem? |
|
Answer» You're welcome. I will lock this thread. If you need it re-opened, PLEASE SEND me a PM. |
|
| 3197. |
Solve : Cannot Right-click manage without an error message??? |
|
Answer» I cannot click Manage WITHOUT some error that SAYS: |
|
| 3198. |
Solve : blocked 3rd party cookies - but still get em sent by google and youtube? |
|
Answer» why is this happening? is it because i have a gmail email? |
|
| 3199. |
Solve : Data on Hard Drive that shouldn't be there? |
|
Answer» On my boot drive, the Master Boot Record is on sector 0, as it is on all drives. The c: drive Partition Boot Sector is on sector 19 - I have data on sector 10 on one computer and nothing but zeros on all my other computers. I have zeroed out sector 10 several times, rebooted and verified that sector 10 is blank. However, data re-appears there after a random period of time. I have done several full scans using AVG, Symantec, TREND and all show nothing. Something is writing this data and I don't know what it is. http://en.wikipedia.org/wiki/FlexNet_Publisher |
|
| 3200. |
Solve : Might be a new Virus ~ tragic no less....? |
|
Answer» Roxio burning software is not very good for burning an ISO file. You need to download IMG burner and BURN it with that. If it is done correctly you should be ABLE to boot your computer with the disk.Thank you Dave for all your assistance with my problem. |
|
