TechSpot

Direct Console trying to communicate with WinMail

By ConchitaInOz
Aug 12, 2010
  1. Hi,
    Something new is going on with my Vista w/Zone Alarm, some of the issues:
    - sometimes Zone Alarm registers a new network
    - I get a za alert "Direct Console 2.0 is trying to communicate with c:\Program Files\Windows Mail\WinMail.exe by opening its process"
    - IE does not open. When clicked multiple times, after waiting a while, ie opens multiple screens.

    I am attaching the files from the multiple step process.
    (have not attached the file attached.txt because I would have to install a zipper to zip) let me know if you want me to install 7zip and upload.

    Any help greatly appreciated!
    ConchitaInOz
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Attach.txt part of DDS log is missing.
    Please, post it.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    attach

    here 'tis - thanks
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on.........
     
  5. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    Combofix error incompatible OS

    Hi Broni, I am running Vista.
    Combofix gives me an error saying it will only run on Windows 2000 or XP.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Ooops, my fault.
    Combofix won't run on 64-bit.
    Sorry for that :)

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    Posts as requested

    1.
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/13/2010 at 02:11 PM

    Application Version : 4.41.1000

    Core Rules Database Version : 5352
    Trace Rules Database Version: 3164

    Scan type : Complete Scan
    Total Scan Time : 01:14:17

    Memory items scanned : 275
    Memory threats detected : 0
    Registry items scanned : 12532
    Registry threats detected : 5
    File items scanned : 152877
    File threats detected : 8

    Adware.Tracking Cookie
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\conchitavista@msnportal.112.2o7[1].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\conchitavista@imrworldwide[2].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\conchitavista@atdmt[2].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@atdmt[1].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@bs.serving-sys[1].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@collective-media[2].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@doubleclick[1].txt
    C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@serving-sys[2].txt

    Adware.IST/ISTBar (Slotch Bar)
    (x86) HKCR\Pugi.PugiObj
    (x86) HKCR\Pugi.PugiObj\CLSID
    (x86) HKCR\Pugi.PugiObj\CurVer
    (x86) HKCR\Pugi.PugiObj.1
    (x86) HKCR\Pugi.PugiObj.1\CLSID
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on..........
     
  9. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    MBR Log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer INC.
    System Product Name: G71GX
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 159):
    0x04002000 \SystemRoot\system32\ntoskrnl.exe
    0x04519000 \SystemRoot\system32\hal.dll
    0x0060E000 \SystemRoot\system32\kdcom.dll
    0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00653000 \SystemRoot\system32\PSHED.dll
    0x00667000 \SystemRoot\system32\CLFS.SYS
    0x006C4000 \SystemRoot\system32\CI.dll
    0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EB000 \SystemRoot\system32\drivers\acpi.sys
    0x00941000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094A000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00954000 \SystemRoot\system32\drivers\pci.sys
    0x00984000 \SystemRoot\System32\drivers\partmgr.sys
    0x00999000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x0099D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009A9000 \SystemRoot\system32\drivers\volmgr.sys
    0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009BD000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009D0000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x009D7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x00B1F000 \SystemRoot\system32\drivers\atapi.sys
    0x00B27000 \SystemRoot\system32\drivers\ataport.SYS
    0x00B4B000 \SystemRoot\system32\drivers\msahci.sys
    0x00B55000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B9C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00BB0000 \SystemRoot\System32\Drivers\AsDsm.sys
    0x00BBD000 \SystemRoot\system32\DRIVERS\lullaby.sys
    0x00C00000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E03000 \SystemRoot\system32\drivers\ndis.sys
    0x00C87000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CD7000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0100E000 \SystemRoot\System32\drivers\tcpip.sys
    0x01184000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138F000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
    0x013DB000 \SystemRoot\System32\Drivers\mup.sys
    0x011B0000 \SystemRoot\System32\drivers\ecache.sys
    0x011DC000 \SystemRoot\system32\drivers\disk.sys
    0x00FC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x013ED000 \SystemRoot\system32\drivers\crcdisk.sys
    0x02328000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02331000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x02F02000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x02F04000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02FE7000 \SystemRoot\System32\drivers\watchdog.sys
    0x02344000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02350000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02396000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03001000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03208000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x0336D000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x0339A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x033AC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x033BC000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x033DC000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x030EE000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x03105000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x0315C000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x03178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x033F1000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x0318E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0319C000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x033F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x031F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x023A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x033FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x03200000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x02FF7000 \SystemRoot\system32\DRIVERS\EIO64.sys
    0x023C3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x00D30000 \SystemRoot\system32\DRIVERS\storport.sys
    0x011F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x00D8D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x01000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00DB0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00DE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00BC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x009E7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x031FD000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0340D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03441000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x03452000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x0345D000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0346D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x034B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04E08000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04FB5000 \SystemRoot\system32\drivers\portcls.sys
    0x034C9000 \SystemRoot\system32\drivers\drmk.sys
    0x04FF0000 \SystemRoot\system32\drivers\ksthunk.sys
    0x034EC000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x034F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04FF6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03509000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x03514000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x0351F000 \SystemRoot\system32\DRIVERS\klif.sys
    0x0357B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x03585000 \SystemRoot\System32\Drivers\Null.SYS
    0x0358E000 \SystemRoot\System32\drivers\vga.sys
    0x0359C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x035C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x035CA000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x035D3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x035DE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x035EF000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x007DC000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0500F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0502B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x051E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x05000000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x03400000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05200000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x05729000 \SystemRoot\system32\DRIVERS\smb.sys
    0x05744000 \SystemRoot\system32\drivers\afd.sys
    0x057AF000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x05808000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x05899000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x058B7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x058C6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x058E1000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x058EB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x058F5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x05942000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0594E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0596B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x05987000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x05995000 \SystemRoot\System32\drivers\Dxapi.sys
    0x059A1000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00480000 \SystemRoot\System32\TSDDD.dll
    0x00670000 \SystemRoot\System32\cdd.dll
    0x059B4000 \SystemRoot\system32\drivers\luafv.sys
    0x0900D000 \SystemRoot\system32\drivers\spsys.sys
    0x090A7000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x090BB000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x090EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x090FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x09112000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
    0x09119000 \SystemRoot\system32\drivers\HTTP.sys
    0x091BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x059D6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x091E5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0A00E000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0A035000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0A05E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0A0A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0A0C6000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0A0F8000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0A18D000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0x0A195000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0A201000 \SystemRoot\system32\drivers\peauth.sys
    0x0A2B7000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0A2C2000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0A2D2000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x77AE0000 \Windows\System32\ntdll.dll

    Processes (total 97):
    0 System Idle Process
    4 System
    560 C:\Windows\System32\smss.exe
    628 csrss.exe
    672 C:\Windows\System32\wininit.exe
    692 csrss.exe
    728 C:\Windows\System32\services.exe
    740 C:\Windows\System32\lsass.exe
    748 C:\Windows\System32\lsm.exe
    884 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\nvvsvc.exe
    960 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    408 C:\Windows\System32\svchost.exe
    428 C:\Windows\System32\svchost.exe
    608 C:\Windows\System32\audiodg.exe
    620 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\SLsvc.exe
    432 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\winlogon.exe
    1212 C:\Windows\System32\svchost.exe
    1296 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1408 C:\Windows\System32\wlanext.exe
    1584 C:\Windows\System32\nvvsvc.exe
    1716 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1756 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    1816 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1972 C:\Windows\System32\spoolsv.exe
    1184 C:\Windows\System32\svchost.exe
    2112 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2156 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2304 C:\Windows\System32\taskeng.exe
    2364 C:\Windows\System32\svchost.exe
    2404 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2560 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2596 C:\Windows\System32\svchost.exe
    2656 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    2672 C:\Windows\System32\svchost.exe
    2688 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2808 C:\Windows\System32\SearchIndexer.exe
    2896 C:\Windows\System32\taskeng.exe
    2816 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1800 C:\Windows\System32\taskeng.exe
    1920 WmiPrvSE.exe
    3116 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    3128 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
    3216 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    3232 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    3240 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
    3456 WmiPrvSE.exe
    3536 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    3544 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
    3572 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    3608 C:\Windows\System32\alg.exe
    3664 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    3772 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    3788 ACEngSvr.exe
    3828 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    3968 C:\Windows\System32\dwm.exe
    4008 C:\Windows\explorer.exe
    3356 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3556 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3856 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3636 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    1564 WmiPrvSE.exe
    2768 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3324 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    4108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    4144 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    4168 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    4244 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    4268 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
    4308 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
    4332 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
    4400 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4408 C:\Windows\AsScrPro.exe
    4496 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4540 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    4580 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    4644 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    4960 C:\Program Files\Windows Mail\WinMail.exe
    4224 C:\Program Files\Windows NT\Accessories\wordpad.exe
    2928 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3764 C:\Windows\System32\wbem\WmiApSrv.exe
    2572 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    2420 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3428 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3840 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    5888 C:\Windows\System32\notepad.exe
    5568 C:\Windows\System32\SearchProtocolHost.exe
    156 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5984 C:\Windows\System32\SearchProtocolHost.exe
    1632 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1672 C:\Windows\System32\dllhost.exe
    5512 dllhost.exe
    3724 dllhost.exe
    4816 C:\Users\ConchitaVista\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

    PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
    Enter filename to dump to: mbrdumpof0.txtDumped successfully!

    Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
    Enter filename to dump to: mbrdumpof0.txt

    ==============================
    3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ | …ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh fÿvh h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþN… €~ €„Š ²€ë‚U2äŠV Í]ëœ>þ}Uªunÿv èŠ … °Ñædè °ßæ`èx dèq ¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í*·ë*¶ë*µ2ä ‹ð¬< tü» ´Íëò+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system bz™)ld—  þÿÿ? ;
    w€þÿÿþÿÿz
    w¶JÁ8 Uª
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK. We have a problem here, so hold on with OTL log for now.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Pres the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 3 for Windows Vista, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
     
  12. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    OTL log and Extra log

    Attached, as they are too long to paste.
    Thanks,
    c
     

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, read my previous reply.
     
  14. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    MBRCheck first

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer INC.
    System Product Name: G71GX
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 159):
    0x04051000 \SystemRoot\system32\ntoskrnl.exe
    0x0400B000 \SystemRoot\system32\hal.dll
    0x0060F000 \SystemRoot\system32\kdcom.dll
    0x00619000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00654000 \SystemRoot\system32\PSHED.dll
    0x00668000 \SystemRoot\system32\CLFS.SYS
    0x006C5000 \SystemRoot\system32\CI.dll
    0x00804000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008DE000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EC000 \SystemRoot\system32\drivers\acpi.sys
    0x00942000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094B000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00955000 \SystemRoot\system32\drivers\pci.sys
    0x00985000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099A000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x0099E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009AA000 \SystemRoot\system32\drivers\volmgr.sys
    0x00777000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009BE000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009D1000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x009D8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x00B1F000 \SystemRoot\system32\drivers\atapi.sys
    0x00B27000 \SystemRoot\system32\drivers\ataport.SYS
    0x00B4B000 \SystemRoot\system32\drivers\msahci.sys
    0x00B55000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B9C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00BB0000 \SystemRoot\System32\Drivers\AsDsm.sys
    0x00BBD000 \SystemRoot\system32\DRIVERS\lullaby.sys
    0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E02000 \SystemRoot\system32\drivers\ndis.sys
    0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01005000 \SystemRoot\System32\drivers\tcpip.sys
    0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01204000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01384000 \SystemRoot\system32\drivers\volsnap.sys
    0x013C8000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D0000 \SystemRoot\System32\Drivers\mup.sys
    0x011A7000 \SystemRoot\System32\drivers\ecache.sys
    0x013E2000 \SystemRoot\system32\drivers\disk.sys
    0x011D3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x013F6000 \SystemRoot\system32\drivers\crcdisk.sys
    0x02529000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02532000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02603000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03100000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03102000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x031E5000 \SystemRoot\System32\drivers\watchdog.sys
    0x02545000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02551000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02597000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03403000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x03568000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x03595000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x035A7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x035B7000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x035D7000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x032ED000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x03304000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x0335B000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x03377000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x035EC000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x0338D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0339B000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x035F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x033F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x025A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x035F6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x031F5000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x025C4000 \SystemRoot\system32\DRIVERS\EIO64.sys
    0x00D3B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x00D74000 \SystemRoot\system32\DRIVERS\storport.sys
    0x025CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x025DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00BC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00FD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00FE3000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x009E8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x035FB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03606000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0363A000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x0364B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03656000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03666000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x036AE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04C0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04DB9000 \SystemRoot\system32\drivers\portcls.sys
    0x036C2000 \SystemRoot\system32\drivers\drmk.sys
    0x04DF4000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x036E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x036F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x036FF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0370A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03715000 \SystemRoot\system32\DRIVERS\klif.sys
    0x03771000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x0377B000 \SystemRoot\System32\Drivers\Null.SYS
    0x03784000 \SystemRoot\System32\drivers\vga.sys
    0x03792000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x037B7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x037C0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x037C9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x037D4000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x037E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x007DD000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04E0A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04E26000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x04FE3000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x04FF4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x04E00000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05000000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x05529000 \SystemRoot\system32\DRIVERS\smb.sys
    0x05544000 \SystemRoot\system32\drivers\afd.sys
    0x055AF000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x05607000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x05698000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x056B6000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x056C5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x056E0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x056EA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x056F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x05741000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0574D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0576A000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x05786000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0240C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x05794000 \SystemRoot\System32\drivers\Dxapi.sys
    0x057A0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004B0000 \SystemRoot\System32\TSDDD.dll
    0x00610000 \SystemRoot\System32\cdd.dll
    0x057B3000 \SystemRoot\system32\drivers\luafv.sys
    0x08E05000 \SystemRoot\system32\drivers\spsys.sys
    0x08E9F000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x08EB3000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x08EE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x08EF2000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x08F0A000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
    0x08F11000 \SystemRoot\system32\drivers\HTTP.sys
    0x08FB4000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08FDD000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x057D5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0A00D000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0A034000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0A05D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0A0A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0A0C5000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0A0F7000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0A18C000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0x0A194000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0A40F000 \SystemRoot\system32\drivers\peauth.sys
    0x0A4C5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0A4D0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0A4E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x77150000 \Windows\System32\ntdll.dll

    Processes (total 79):
    0 System Idle Process
    4 System
    560 C:\Windows\System32\smss.exe
    628 csrss.exe
    672 C:\Windows\System32\wininit.exe
    692 csrss.exe
    728 C:\Windows\System32\services.exe
    740 C:\Windows\System32\lsass.exe
    748 C:\Windows\System32\lsm.exe
    884 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\nvvsvc.exe
    956 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    344 C:\Windows\System32\svchost.exe
    408 C:\Windows\System32\svchost.exe
    592 C:\Windows\System32\audiodg.exe
    616 C:\Windows\System32\svchost.exe
    552 C:\Windows\System32\SLsvc.exe
    1032 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\winlogon.exe
    1184 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\wlanext.exe
    1592 C:\Windows\System32\nvvsvc.exe
    1848 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1868 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    1892 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1988 C:\Windows\System32\spoolsv.exe
    1784 C:\Windows\System32\svchost.exe
    2192 C:\Windows\System32\taskeng.exe
    2240 C:\Windows\System32\taskeng.exe
    2248 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
    2300 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    2320 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
    2336 C:\Windows\System32\taskeng.exe
    2432 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    2452 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2504 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2612 C:\Windows\System32\svchost.exe
    2648 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2696 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
    2720 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    2788 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2920 C:\Windows\System32\svchost.exe
    3004 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    3048 C:\Windows\System32\svchost.exe
    796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1192 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    2004 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    780 C:\Windows\System32\SearchIndexer.exe
    2072 C:\Windows\System32\dwm.exe
    2800 C:\Windows\explorer.exe
    3220 ACEngSvr.exe
    3272 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    3484 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    3492 WmiPrvSE.exe
    3504 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3552 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3624 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4020 C:\Windows\System32\alg.exe
    1492 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4004 WmiPrvSE.exe
    3808 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2368 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    4188 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    4216 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    4244 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    4332 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
    4432 C:\Windows\AsScrPro.exe
    4476 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    4564 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3848 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1764 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1572 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    3728 taskeng.exe
    5848 C:\Program Files\Windows NT\Accessories\wordpad.exe
    1620 C:\Windows\System32\SearchProtocolHost.exe
    4012 dllhost.exe
    5148 dllhost.exe
    5384 C:\Users\ConchitaVista\Desktop\Computer Stuff\Malware Cleanup Instructions and Programs and Logs\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

    PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows Vista)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 3
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
  15. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    MBRCheck second

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer INC.
    System Product Name: G71GX
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 159):
    0x04005000 \SystemRoot\system32\ntoskrnl.exe
    0x0451C000 \SystemRoot\system32\hal.dll
    0x00604000 \SystemRoot\system32\kdcom.dll
    0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00649000 \SystemRoot\system32\PSHED.dll
    0x0065D000 \SystemRoot\system32\CLFS.SYS
    0x006BA000 \SystemRoot\system32\CI.dll
    0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F2000 \SystemRoot\system32\drivers\acpi.sys
    0x00948000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00951000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095B000 \SystemRoot\system32\drivers\pci.sys
    0x0098B000 \SystemRoot\System32\drivers\partmgr.sys
    0x009A0000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x009A4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009B0000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076C000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009C4000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009D7000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x009DE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00A07000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x00B24000 \SystemRoot\system32\drivers\atapi.sys
    0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS
    0x00B50000 \SystemRoot\system32\drivers\msahci.sys
    0x00B5A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00BA1000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00BB5000 \SystemRoot\System32\Drivers\AsDsm.sys
    0x00BC2000 \SystemRoot\system32\DRIVERS\lullaby.sys
    0x00C0D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E0E000 \SystemRoot\system32\drivers\ndis.sys
    0x00C94000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE4000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0100B000 \SystemRoot\System32\drivers\tcpip.sys
    0x01181000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01382000 \SystemRoot\system32\drivers\volsnap.sys
    0x013C6000 \SystemRoot\System32\Drivers\spldr.sys
    0x013CE000 \SystemRoot\System32\Drivers\mup.sys
    0x011AD000 \SystemRoot\System32\drivers\ecache.sys
    0x013E0000 \SystemRoot\system32\drivers\disk.sys
    0x00FD1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x013F4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x0232A000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02333000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0240C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x02F09000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x02F0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02FEE000 \SystemRoot\System32\drivers\watchdog.sys
    0x02400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02346000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0238C000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0300F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03202000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x03367000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x03394000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x033A6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x033B6000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x033D6000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x030FC000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x03113000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x0316A000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x03186000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x033EB000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x0319C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x031AA000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x033F3000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03000000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0239D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x033F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x023B9000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x023C1000 \SystemRoot\system32\DRIVERS\EIO64.sys
    0x00D3D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x00D76000 \SystemRoot\system32\DRIVERS\storport.sys
    0x023CA000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x023D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00BCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x011E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00DD3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x007D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x007EA000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x033FA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03609000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0363D000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x0364E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03659000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03669000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x036B1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04E03000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04FB0000 \SystemRoot\system32\drivers\portcls.sys
    0x036C5000 \SystemRoot\system32\drivers\drmk.sys
    0x04FEB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04FF1000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x036E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x036FA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03702000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0370D000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03718000 \SystemRoot\system32\DRIVERS\klif.sys
    0x03774000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x0377E000 \SystemRoot\System32\Drivers\Null.SYS
    0x03787000 \SystemRoot\System32\drivers\vga.sys
    0x03795000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x037BA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x037C3000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x037CC000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x037D7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x037E8000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04C1D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04C39000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x009EE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x04DF6000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x037F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05002000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x0552B000 \SystemRoot\system32\DRIVERS\smb.sys
    0x05546000 \SystemRoot\system32\drivers\afd.sys
    0x055B1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x05802000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x05893000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x058B1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x058C0000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x058DB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x058EF000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0593C000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x05948000 \SystemRoot\System32\Drivers\dfsc.sys
    0x05965000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x05981000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0220C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x0598F000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0599B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00690000 \SystemRoot\System32\cdd.dll
    0x059AE000 \SystemRoot\system32\drivers\luafv.sys
    0x09605000 \SystemRoot\system32\drivers\spsys.sys
    0x0969F000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x096B3000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x096E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x096F2000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0970A000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
    0x09711000 \SystemRoot\system32\drivers\HTTP.sys
    0x097B4000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x097DD000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x059D0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0A200000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0A227000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0A250000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0A299000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0A2B8000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0A2EA000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0A37F000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0x0A805000 \SystemRoot\system32\drivers\peauth.sys
    0x0A8BB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0A8C6000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0A8FB000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0A90B000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x76FA0000 \Windows\System32\ntdll.dll

    Processes (total 94):
    0 System Idle Process
    4 System
    508 C:\Windows\System32\smss.exe
    628 csrss.exe
    672 C:\Windows\System32\wininit.exe
    692 csrss.exe
    728 C:\Windows\System32\services.exe
    740 C:\Windows\System32\lsass.exe
    748 C:\Windows\System32\lsm.exe
    884 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\nvvsvc.exe
    956 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\svchost.exe
    364 C:\Windows\System32\svchost.exe
    592 C:\Windows\System32\audiodg.exe
    500 C:\Windows\System32\winlogon.exe
    892 C:\Windows\System32\svchost.exe
    684 C:\Windows\System32\SLsvc.exe
    1060 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\svchost.exe
    1264 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1404 C:\Windows\System32\wlanext.exe
    1568 C:\Windows\System32\nvvsvc.exe
    1792 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1828 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    1872 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1996 C:\Windows\System32\spoolsv.exe
    1860 C:\Windows\System32\svchost.exe
    2140 C:\Windows\System32\taskeng.exe
    2176 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2188 C:\Windows\System32\taskeng.exe
    2196 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
    2248 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    2260 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
    2320 C:\Windows\System32\taskeng.exe
    2388 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    2420 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
    2444 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    2576 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2620 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2716 C:\Windows\System32\svchost.exe
    2772 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2800 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    2820 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    2860 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2956 C:\Windows\System32\svchost.exe
    2964 ACEngSvr.exe
    3004 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    3040 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    792 C:\Windows\System32\svchost.exe
    2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2428 C:\Windows\System32\SearchIndexer.exe
    2544 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    3340 WmiPrvSE.exe
    3392 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3520 C:\Windows\System32\dwm.exe
    3564 C:\Windows\explorer.exe
    3676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3720 C:\Windows\System32\wbem\WmiApSrv.exe
    3800 WmiPrvSE.exe
    3908 C:\Windows\System32\alg.exe
    3924 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3960 WmiPrvSE.exe
    4048 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    1624 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2832 WmiPrvSE.exe
    3540 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3276 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    3644 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    4164 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    4196 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4204 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    4280 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    4396 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
    4412 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4476 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
    4560 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
    4708 C:\Windows\AsScrPro.exe
    4760 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    4904 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    4984 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    5004 C:\Program Files\Windows Mail\WinMail.exe
    4848 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    5068 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4700 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3652 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4844 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    4768 C:\Windows\System32\SearchProtocolHost.exe
    2360 C:\Windows\System32\SearchFilterHost.exe
    5164 C:\Windows\System32\consent.exe
    5536 dllhost.exe
    5580 dllhost.exe
    5608 C:\Users\ConchitaVista\Desktop\Computer Stuff\Malware Cleanup Instructions and Programs and Logs\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

    PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:

    Done!
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Our fix didn't work.

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.
    At first screen click on Repair your computer:
    [​IMG]
    This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  17. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    What appears to be the problem?

    This ASUS laptop has a dual boot partition, one that allows a proprietary asus interface (allowing direct internet access without booting into windows).

    Could this be the problem you are detecting with the hard drive?

    I do not want to do anything that would wipe this out.

    :)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I see no issue here, since only Windows use MBR.
     
  19. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    Hi Broni, dug out my ASUS OEM Vista disks, but when I boot disk 1/2 Recovery DVD ASUSTek Computer Inc. "Windowsw Vista Recovery Media for Windows Vista Products 64-bit" it takes me to a menu with three options. There is NO command prompt option here and ALL the 3 options will erase all my files. This is a worry.

    I am now downloading as you suggested, can you please let me know what you see in these logs that points to a problem? I have been using computers since dos 2, although my background last 15+ yrs is mostly on the network side of things.

    Thanks again,
     
  20. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    Attached Files:

  21. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    MBR Fixed - see New MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer INC.
    System Product Name: G71GX
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 159):
    0x04003000 \SystemRoot\system32\ntoskrnl.exe
    0x0451A000 \SystemRoot\system32\hal.dll
    0x00607000 \SystemRoot\system32\kdcom.dll
    0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064C000 \SystemRoot\system32\PSHED.dll
    0x00660000 \SystemRoot\system32\CLFS.SYS
    0x006BD000 \SystemRoot\system32\CI.dll
    0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EF000 \SystemRoot\system32\drivers\acpi.sys
    0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00958000 \SystemRoot\system32\drivers\pci.sys
    0x00988000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099D000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x009A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009AD000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009D4000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x009DB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00A0D000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x00B2A000 \SystemRoot\system32\drivers\atapi.sys
    0x00B32000 \SystemRoot\system32\drivers\ataport.SYS
    0x00B56000 \SystemRoot\system32\drivers\msahci.sys
    0x00B60000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00BA7000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00BBB000 \SystemRoot\System32\Drivers\AsDsm.sys
    0x00BC8000 \SystemRoot\system32\DRIVERS\lullaby.sys
    0x00C0E000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
    0x00C95000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE5000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0100F000 \SystemRoot\System32\drivers\tcpip.sys
    0x01185000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01207000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01387000 \SystemRoot\system32\drivers\volsnap.sys
    0x013CB000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D3000 \SystemRoot\System32\Drivers\mup.sys
    0x011B1000 \SystemRoot\System32\drivers\ecache.sys
    0x013E5000 \SystemRoot\system32\drivers\disk.sys
    0x00FD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x011DD000 \SystemRoot\system32\drivers\crcdisk.sys
    0x0232C000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02335000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0240E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x02F0B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x02F0D000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02FF0000 \SystemRoot\System32\drivers\watchdog.sys
    0x02400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02348000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0238E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0300A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03200000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x03365000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x03392000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x033A4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x033B4000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x033D4000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x033E9000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x030F7000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x0314E000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x0316A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03180000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x03188000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03196000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x031EB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x031ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0239F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x031F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x03000000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x023BB000 \SystemRoot\system32\DRIVERS\EIO64.sys
    0x023C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x00D3E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x02200000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x00D9B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x01000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00DBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00DEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00BD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x007D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x009EB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03008000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03408000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0343C000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x0344D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03458000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03468000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x034B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04E0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04FB9000 \SystemRoot\system32\drivers\portcls.sys
    0x034C4000 \SystemRoot\system32\drivers\drmk.sys
    0x04FF4000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04E00000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x034E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x034F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03501000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0350C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03517000 \SystemRoot\system32\DRIVERS\klif.sys
    0x03573000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x0357D000 \SystemRoot\System32\Drivers\Null.SYS
    0x03586000 \SystemRoot\System32\drivers\vga.sys
    0x03594000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x035B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x035C2000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x035CB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x035D6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x035E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x04C03000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04C20000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04C3C000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x00BEF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x035F0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x011F5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05001000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x0552A000 \SystemRoot\system32\DRIVERS\smb.sys
    0x05545000 \SystemRoot\system32\drivers\afd.sys
    0x055B0000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x05604000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x05695000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x056B3000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x056C2000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x056DD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x056E7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x056F1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0573E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0574A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x05767000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0220D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x00070000 \SystemRoot\System32\win32k.sys
    0x05775000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05781000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004A0000 \SystemRoot\System32\TSDDD.dll
    0x006B0000 \SystemRoot\System32\cdd.dll
    0x05794000 \SystemRoot\system32\drivers\luafv.sys
    0x0900F000 \SystemRoot\system32\drivers\spsys.sys
    0x090A9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x090BD000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x090F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x090FC000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x09114000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
    0x0911B000 \SystemRoot\system32\drivers\HTTP.sys
    0x091BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x057B6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x057D4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0A20D000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0A234000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0A25D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0A2A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0A2C5000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0A2F7000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0A38C000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0x0A394000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0A60B000 \SystemRoot\system32\drivers\peauth.sys
    0x0A6C1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0A6CC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0A6DC000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x0A6F8000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x77750000 \Windows\System32\ntdll.dll

    Processes (total 95):
    0 System Idle Process
    4 System
    560 C:\Windows\System32\smss.exe
    628 csrss.exe
    672 C:\Windows\System32\wininit.exe
    692 csrss.exe
    728 C:\Windows\System32\services.exe
    740 C:\Windows\System32\lsass.exe
    748 C:\Windows\System32\lsm.exe
    884 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\nvvsvc.exe
    960 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    344 C:\Windows\System32\svchost.exe
    408 C:\Windows\System32\svchost.exe
    592 C:\Windows\System32\audiodg.exe
    616 C:\Windows\System32\svchost.exe
    552 C:\Windows\System32\SLsvc.exe
    376 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\winlogon.exe
    1184 C:\Windows\System32\svchost.exe
    1264 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1392 C:\Windows\System32\wlanext.exe
    1564 C:\Windows\System32\nvvsvc.exe
    1628 C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    1920 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1944 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    1996 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1656 C:\Windows\System32\spoolsv.exe
    1812 C:\Windows\System32\taskeng.exe
    1220 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    1700 C:\Windows\System32\taskeng.exe
    2072 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
    2096 C:\Windows\System32\svchost.exe
    2124 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    2144 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
    2184 C:\Windows\System32\taskeng.exe
    2308 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    2420 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2464 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2732 C:\Windows\System32\svchost.exe
    2756 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2856 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
    2924 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2972 C:\Windows\System32\svchost.exe
    3060 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    1852 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    1676 C:\Windows\System32\svchost.exe
    1776 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1480 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    892 C:\Windows\System32\dwm.exe
    1540 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    2240 C:\Windows\System32\SearchIndexer.exe
    1868 C:\Windows\explorer.exe
    3112 ACEngSvr.exe
    3184 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    3276 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    3388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3440 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3504 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3512 WmiPrvSE.exe
    3700 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3816 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3936 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    3972 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    1056 C:\Windows\System32\alg.exe
    2716 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    1508 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    3828 WmiPrvSE.exe
    1964 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    3672 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    3024 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
    3640 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
    4208 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
    4296 WmiPrvSE.exe
    4316 C:\Windows\AsScrPro.exe
    4384 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    4404 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    4492 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    4640 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4720 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4916 C:\Program Files\Windows Mail\WinMail.exe
    4928 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    4276 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3332 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5112 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    3740 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4816 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5948 C:\Windows\System32\wbem\WmiApSrv.exe
    4264 C:\Windows\System32\SearchProtocolHost.exe
    4480 C:\Windows\System32\SearchFilterHost.exe
    2080 C:\Windows\System32\dllhost.exe
    2020 dllhost.exe
    5876 dllhost.exe
    5908 C:\Users\ConchitaVista\Desktop\Computer Stuff\Malware Cleanup Instructions and Programs and Logs\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

    PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  22. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    OTL only created one file OTL.txt

    See attached as it is too large to cut & paste.
    Thanks,
    c
     

    Attached Files:

    • OTL.Txt
      File size:
      89.1 KB
      Views:
      5
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I uploaded .iso file for you HERE
     
  24. ConchitaInOz

    ConchitaInOz TS Rookie Topic Starter Posts: 39

    Sorry, forgot to mention I already got it working w/ Option 2
    See last posts above for new MBRCheck (post #21) and OTC.txt file (post #22).
    Thanks,
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very nice :)
    MBRCheck looks good :)

    How is computer doing at the moment?

    =========================================================================

    Please, uninstall Ask.com

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O33 - MountPoints2\{6fb9aa78-6c00-11de-960f-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{6fb9aa78-6c00-11de-960f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006/09/01 05:56:53 | 000,126,976 | R--- | M] ()
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
      O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...