Solved Direct Console trying to communicate with WinMail

[ConchitaInOz]

Hi,
Something new is going on with my Vista w/Zone Alarm, some of the issues:
- sometimes Zone Alarm registers a new network
- I get a za alert "Direct Console 2.0 is trying to communicate with c:\Program Files\Windows Mail\WinMail.exe by opening its process"
- IE does not open. When clicked multiple times, after waiting a while, ie opens multiple screens.

I am attaching the files from the multiple step process.
(have not attached the file attached.txt because I would have to install a zipper to zip) let me know if you want me to install 7zip and upload.

Any help greatly appreciated!
ConchitaInOz

 

[Broni]

Attach.txt part of DDS log is missing.
Please, post it.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[ConchitaInOz]

attach

here 'tis - thanks

 

[Broni]

Go on.........

 

[ConchitaInOz]

Combofix error incompatible OS

Hi Broni, I am running Vista.
Combofix gives me an error saying it will only run on Windows 2000 or XP.

 

[Broni]

Ooops, my fault.
Combofix won't run on 64-bit.
Sorry for that

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

• 
  Close browsers before scanning.
  Scan for tracking cookies.
  Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

• 
  Click Preferences, then click the Statistics/Logs tab.
  Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[ConchitaInOz]

Posts as requested

1.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/13/2010 at 02:11 PM

Application Version : 4.41.1000

Core Rules Database Version : 5352
Trace Rules Database Version: 3164

Scan type : Complete Scan
Total Scan Time : 01:14:17

Memory items scanned : 275
Memory threats detected : 0
Registry items scanned : 12532
Registry threats detected : 5
File items scanned : 152877
File threats detected : 8

Adware.Tracking Cookie
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\conchitavista@msnportal.112.2o7[1].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\conchitavista@imrworldwide[2].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\conchitavista@atdmt[2].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@atdmt[1].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@bs.serving-sys[1].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@collective-media[2].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@doubleclick[1].txt
C:\Users\ConchitaVista\AppData\Roaming\Microsoft\Windows\Cookies\Low\conchitavista@serving-sys[2].txt

Adware.IST/ISTBar (Slotch Bar)
(x86) HKCR\Pugi.PugiObj
(x86) HKCR\Pugi.PugiObj\CLSID
(x86) HKCR\Pugi.PugiObj\CurVer
(x86) HKCR\Pugi.PugiObj.1
(x86) HKCR\Pugi.PugiObj.1\CLSID

 

[Broni]

Go on..........

 

[ConchitaInOz]

MBR Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: G71GX
Logical Drives Mask: 0x00000014

Kernel Drivers (total 159):
0x04002000 \SystemRoot\system32\ntoskrnl.exe
0x04519000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EB000 \SystemRoot\system32\drivers\acpi.sys
0x00941000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00954000 \SystemRoot\system32\drivers\pci.sys
0x00984000 \SystemRoot\System32\drivers\partmgr.sys
0x00999000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009A9000 \SystemRoot\system32\drivers\volmgr.sys
0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BD000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D0000 \SystemRoot\system32\DRIVERS\pciide.sys
0x009D7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B1F000 \SystemRoot\system32\drivers\atapi.sys
0x00B27000 \SystemRoot\system32\drivers\ataport.SYS
0x00B4B000 \SystemRoot\system32\drivers\msahci.sys
0x00B55000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B9C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BB0000 \SystemRoot\System32\Drivers\AsDsm.sys
0x00BBD000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x00C00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E03000 \SystemRoot\system32\drivers\ndis.sys
0x00C87000 \SystemRoot\system32\drivers\msrpc.sys
0x00CD7000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100E000 \SystemRoot\System32\drivers\tcpip.sys
0x01184000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138F000 \SystemRoot\system32\drivers\volsnap.sys
0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
0x013DB000 \SystemRoot\System32\Drivers\mup.sys
0x011B0000 \SystemRoot\System32\drivers\ecache.sys
0x011DC000 \SystemRoot\system32\drivers\disk.sys
0x00FC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x02328000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02331000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02F02000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02F04000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FE7000 \SystemRoot\System32\drivers\watchdog.sys
0x02344000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02350000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02396000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03001000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03208000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0336D000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x0339A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x033AC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x033BC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x033DC000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x030EE000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03105000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0315C000 \SystemRoot\system32\DRIVERS\enecir.sys
0x03178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x033F1000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x0318E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0319C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x033F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x031F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x023A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x033FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03200000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x02FF7000 \SystemRoot\system32\DRIVERS\EIO64.sys
0x023C3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x00D30000 \SystemRoot\system32\DRIVERS\storport.sys
0x011F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x00D8D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x01000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00DB0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00DE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00BC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x009E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x031FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0340D000 \SystemRoot\system32\DRIVERS\ks.sys
0x03441000 \SystemRoot\system32\DRIVERS\circlass.sys
0x03452000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0345D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0346D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x034B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04E08000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04FB5000 \SystemRoot\system32\drivers\portcls.sys
0x034C9000 \SystemRoot\system32\drivers\drmk.sys
0x04FF0000 \SystemRoot\system32\drivers\ksthunk.sys
0x034EC000 \SystemRoot\system32\DRIVERS\hidir.sys
0x034F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04FF6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03509000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03514000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0351F000 \SystemRoot\system32\DRIVERS\klif.sys
0x0357B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03585000 \SystemRoot\System32\Drivers\Null.SYS
0x0358E000 \SystemRoot\System32\drivers\vga.sys
0x0359C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x035C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x035CA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x035D3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x035DE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035EF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x007DC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0500F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0502B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x051E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x05000000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x03400000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05200000 \SystemRoot\system32\DRIVERS\kl1.sys
0x05729000 \SystemRoot\system32\DRIVERS\smb.sys
0x05744000 \SystemRoot\system32\drivers\afd.sys
0x057AF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05808000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x05899000 \SystemRoot\system32\DRIVERS\pacer.sys
0x058B7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x058C6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x058E1000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x058EB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x058F5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05942000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0594E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0596B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05987000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x05995000 \SystemRoot\System32\drivers\Dxapi.sys
0x059A1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00670000 \SystemRoot\System32\cdd.dll
0x059B4000 \SystemRoot\system32\drivers\luafv.sys
0x0900D000 \SystemRoot\system32\drivers\spsys.sys
0x090A7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x090BB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x090EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x090FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09112000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x09119000 \SystemRoot\system32\drivers\HTTP.sys
0x091BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x059D6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x091E5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A00E000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A035000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A05E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A0A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A0C6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A0F8000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A18D000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x0A195000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A201000 \SystemRoot\system32\drivers\peauth.sys
0x0A2B7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A2C2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A2D2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x77AE0000 \Windows\System32\ntdll.dll

Processes (total 97):
0 System Idle Process
4 System
560 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\svchost.exe
608 C:\Windows\System32\audiodg.exe
620 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\SLsvc.exe
432 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\winlogon.exe
1212 C:\Windows\System32\svchost.exe
1296 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1408 C:\Windows\System32\wlanext.exe
1584 C:\Windows\System32\nvvsvc.exe
1716 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1756 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1816 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1972 C:\Windows\System32\spoolsv.exe
1184 C:\Windows\System32\svchost.exe
2112 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2156 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2304 C:\Windows\System32\taskeng.exe
2364 C:\Windows\System32\svchost.exe
2404 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2560 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2596 C:\Windows\System32\svchost.exe
2656 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
2672 C:\Windows\System32\svchost.exe
2688 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2808 C:\Windows\System32\SearchIndexer.exe
2896 C:\Windows\System32\taskeng.exe
2816 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1800 C:\Windows\System32\taskeng.exe
1920 WmiPrvSE.exe
3116 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
3128 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
3216 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
3232 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
3240 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
3456 WmiPrvSE.exe
3536 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
3544 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
3572 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
3608 C:\Windows\System32\alg.exe
3664 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
3772 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
3788 ACEngSvr.exe
3828 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3968 C:\Windows\System32\dwm.exe
4008 C:\Windows\explorer.exe
3356 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3556 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3856 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3636 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1564 WmiPrvSE.exe
2768 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3324 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
4144 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4168 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
4244 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
4268 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
4308 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
4332 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
4400 C:\Program Files\Windows Media Player\wmpnscfg.exe
4408 C:\Windows\AsScrPro.exe
4496 C:\Program Files\Windows Media Player\wmpnetwk.exe
4540 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
4580 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
4644 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4960 C:\Program Files\Windows Mail\WinMail.exe
4224 C:\Program Files\Windows NT\Accessories\wordpad.exe
2928 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3764 C:\Windows\System32\wbem\WmiApSrv.exe
2572 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
2420 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3428 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3840 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
5888 C:\Windows\System32\notepad.exe
5568 C:\Windows\System32\SearchProtocolHost.exe
156 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5984 C:\Windows\System32\SearchProtocolHost.exe
1632 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1672 C:\Windows\System32\dllhost.exe
5512 dllhost.exe
3724 dllhost.exe
4816 C:\Users\ConchitaVista\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: mbrdumpof0.txtDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: mbrdumpof0.txt

==============================
3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ |…
ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á
tþFf`€~ t&fh fÿvh h |h
h ´BŠV ‹ôÍŸƒÄžë¸
» |ŠV Šv
ŠNŠnÍfasþN… €~ €„Š ²€ë‚U2äŠV Í]ëœ>þ}Uªunÿv èŠ … °Ñædè °ßæ`èx dèq ¸ »Íf#Àu;fûTCPAu2ù
r,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í*·ë*¶ë*µ2ä ‹ð¬< tü» ´Íëò+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system bz™)ld—

þÿÿ? ;
w
€þÿÿþÿÿz
w
¶JÁ8 Uª

 

[Broni]

OK. We have a problem here, so hold on with OTL log for now.

 

[Broni]

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

 

[ConchitaInOz]

OTL log and Extra log

Attached, as they are too long to paste.
Thanks,
c

 

[Broni]

Please, read my previous reply.

 

[ConchitaInOz]

MBRCheck first

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: G71GX
Logical Drives Mask: 0x00000014

Kernel Drivers (total 159):
0x04051000 \SystemRoot\system32\ntoskrnl.exe
0x0400B000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00619000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00654000 \SystemRoot\system32\PSHED.dll
0x00668000 \SystemRoot\system32\CLFS.SYS
0x006C5000 \SystemRoot\system32\CI.dll
0x00804000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EC000 \SystemRoot\system32\drivers\acpi.sys
0x00942000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00955000 \SystemRoot\system32\drivers\pci.sys
0x00985000 \SystemRoot\System32\drivers\partmgr.sys
0x0099A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AA000 \SystemRoot\system32\drivers\volmgr.sys
0x00777000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BE000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D1000 \SystemRoot\system32\DRIVERS\pciide.sys
0x009D8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B1F000 \SystemRoot\system32\drivers\atapi.sys
0x00B27000 \SystemRoot\system32\drivers\ataport.SYS
0x00B4B000 \SystemRoot\system32\drivers\msahci.sys
0x00B55000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B9C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BB0000 \SystemRoot\System32\Drivers\AsDsm.sys
0x00BBD000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E02000 \SystemRoot\system32\drivers\ndis.sys
0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
0x01005000 \SystemRoot\System32\drivers\tcpip.sys
0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01384000 \SystemRoot\system32\drivers\volsnap.sys
0x013C8000 \SystemRoot\System32\Drivers\spldr.sys
0x013D0000 \SystemRoot\System32\Drivers\mup.sys
0x011A7000 \SystemRoot\System32\drivers\ecache.sys
0x013E2000 \SystemRoot\system32\drivers\disk.sys
0x011D3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013F6000 \SystemRoot\system32\drivers\crcdisk.sys
0x02529000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02532000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02603000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03100000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03102000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x031E5000 \SystemRoot\System32\drivers\watchdog.sys
0x02545000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02551000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02597000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03403000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03568000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x03595000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x035A7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x035B7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x035D7000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x032ED000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03304000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0335B000 \SystemRoot\system32\DRIVERS\enecir.sys
0x03377000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x035EC000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x0338D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0339B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x033F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x025A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x035F6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x031F5000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x025C4000 \SystemRoot\system32\DRIVERS\EIO64.sys
0x00D3B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x00D74000 \SystemRoot\system32\DRIVERS\storport.sys
0x025CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x025DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00BC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00FE3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x009E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x035FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03606000 \SystemRoot\system32\DRIVERS\ks.sys
0x0363A000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0364B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03656000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03666000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x036AE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04DB9000 \SystemRoot\system32\drivers\portcls.sys
0x036C2000 \SystemRoot\system32\drivers\drmk.sys
0x04DF4000 \SystemRoot\system32\drivers\ksthunk.sys
0x04C00000 \SystemRoot\system32\DRIVERS\hidir.sys
0x036E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x036F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x036FF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0370A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03715000 \SystemRoot\system32\DRIVERS\klif.sys
0x03771000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0377B000 \SystemRoot\System32\Drivers\Null.SYS
0x03784000 \SystemRoot\System32\drivers\vga.sys
0x03792000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x037B7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x037C0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x037C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x037D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x037E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x007DD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04E0A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04E26000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x04FE3000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x04FF4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x04E00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05000000 \SystemRoot\system32\DRIVERS\kl1.sys
0x05529000 \SystemRoot\system32\DRIVERS\smb.sys
0x05544000 \SystemRoot\system32\drivers\afd.sys
0x055AF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05607000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x05698000 \SystemRoot\system32\DRIVERS\pacer.sys
0x056B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x056C5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x056E0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x056EA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x056F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05741000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0574D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0576A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05786000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0240C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x05794000 \SystemRoot\System32\drivers\Dxapi.sys
0x057A0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x057B3000 \SystemRoot\system32\drivers\luafv.sys
0x08E05000 \SystemRoot\system32\drivers\spsys.sys
0x08E9F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08EB3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x08EE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x08EF2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08F0A000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x08F11000 \SystemRoot\system32\drivers\HTTP.sys
0x08FB4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08FDD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x057D5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A00D000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A034000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A05D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A0A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A0C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A0F7000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A18C000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x0A194000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A40F000 \SystemRoot\system32\drivers\peauth.sys
0x0A4C5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A4D0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A4E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x77150000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
560 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\nvvsvc.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\svchost.exe
592 C:\Windows\System32\audiodg.exe
616 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\SLsvc.exe
1032 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\winlogon.exe
1184 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\wlanext.exe
1592 C:\Windows\System32\nvvsvc.exe
1848 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1868 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1892 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1988 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
2192 C:\Windows\System32\taskeng.exe
2240 C:\Windows\System32\taskeng.exe
2248 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
2300 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2320 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
2336 C:\Windows\System32\taskeng.exe
2432 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
2452 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2504 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2612 C:\Windows\System32\svchost.exe
2648 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2696 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
2720 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2788 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2920 C:\Windows\System32\svchost.exe
3004 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
3048 C:\Windows\System32\svchost.exe
796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1192 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2004 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
780 C:\Windows\System32\SearchIndexer.exe
2072 C:\Windows\System32\dwm.exe
2800 C:\Windows\explorer.exe
3220 ACEngSvr.exe
3272 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
3484 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3492 WmiPrvSE.exe
3504 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3552 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3624 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4020 C:\Windows\System32\alg.exe
1492 C:\Program Files\Windows Media Player\wmpnscfg.exe
4004 WmiPrvSE.exe
3808 C:\Program Files\Windows Media Player\wmpnetwk.exe
2368 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4188 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4216 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
4244 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
4332 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
4432 C:\Windows\AsScrPro.exe
4476 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
4564 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3848 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1764 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1572 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
3728 taskeng.exe
5848 C:\Program Files\Windows NT\Accessories\wordpad.exe
1620 C:\Windows\System32\SearchProtocolHost.exe
4012 dllhost.exe
5148 dllhost.exe
5384 C:\Users\ConchitaVista\Desktop\Computer Stuff\Malware Cleanup Instructions and Programs and Logs\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

[ConchitaInOz]

MBRCheck second

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: G71GX
Logical Drives Mask: 0x00000014

Kernel Drivers (total 159):
0x04005000 \SystemRoot\system32\ntoskrnl.exe
0x0451C000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00649000 \SystemRoot\system32\PSHED.dll
0x0065D000 \SystemRoot\system32\CLFS.SYS
0x006BA000 \SystemRoot\system32\CI.dll
0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F2000 \SystemRoot\system32\drivers\acpi.sys
0x00948000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00951000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095B000 \SystemRoot\system32\drivers\pci.sys
0x0098B000 \SystemRoot\System32\drivers\partmgr.sys
0x009A0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009B0000 \SystemRoot\system32\drivers\volmgr.sys
0x0076C000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C4000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x009DE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00A07000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B24000 \SystemRoot\system32\drivers\atapi.sys
0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS
0x00B50000 \SystemRoot\system32\drivers\msahci.sys
0x00B5A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00BA1000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BB5000 \SystemRoot\System32\Drivers\AsDsm.sys
0x00BC2000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x00C0D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0E000 \SystemRoot\system32\drivers\ndis.sys
0x00C94000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE4000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100B000 \SystemRoot\System32\drivers\tcpip.sys
0x01181000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01382000 \SystemRoot\system32\drivers\volsnap.sys
0x013C6000 \SystemRoot\System32\Drivers\spldr.sys
0x013CE000 \SystemRoot\System32\Drivers\mup.sys
0x011AD000 \SystemRoot\System32\drivers\ecache.sys
0x013E0000 \SystemRoot\system32\drivers\disk.sys
0x00FD1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013F4000 \SystemRoot\system32\drivers\crcdisk.sys
0x0232A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02333000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0240C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02F09000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02F0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02346000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0238C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0300F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03202000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03367000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x03394000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x033A6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x033B6000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x033D6000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x030FC000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03113000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0316A000 \SystemRoot\system32\DRIVERS\enecir.sys
0x03186000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x033EB000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x0319C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x031AA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x033F3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0239D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x033F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x023B9000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x023C1000 \SystemRoot\system32\DRIVERS\EIO64.sys
0x00D3D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x00D76000 \SystemRoot\system32\DRIVERS\storport.sys
0x023CA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x023D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00BCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x011E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DD3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x007D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x007EA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x033FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03609000 \SystemRoot\system32\DRIVERS\ks.sys
0x0363D000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0364E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03659000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03669000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x036B1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04E03000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04FB0000 \SystemRoot\system32\drivers\portcls.sys
0x036C5000 \SystemRoot\system32\drivers\drmk.sys
0x04FEB000 \SystemRoot\system32\drivers\ksthunk.sys
0x04FF1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x036E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x036FA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03702000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0370D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03718000 \SystemRoot\system32\DRIVERS\klif.sys
0x03774000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0377E000 \SystemRoot\System32\Drivers\Null.SYS
0x03787000 \SystemRoot\System32\drivers\vga.sys
0x03795000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x037BA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x037C3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x037CC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x037D7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x037E8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04C00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04C1D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04C39000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x009EE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x04DF6000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x037F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05002000 \SystemRoot\system32\DRIVERS\kl1.sys
0x0552B000 \SystemRoot\system32\DRIVERS\smb.sys
0x05546000 \SystemRoot\system32\drivers\afd.sys
0x055B1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05802000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x05893000 \SystemRoot\system32\DRIVERS\pacer.sys
0x058B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x058C0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x058DB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x058EF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0593C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05948000 \SystemRoot\System32\Drivers\dfsc.sys
0x05965000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05981000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0220C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x0598F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0599B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x059AE000 \SystemRoot\system32\drivers\luafv.sys
0x09605000 \SystemRoot\system32\drivers\spsys.sys
0x0969F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x096B3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x096E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x096F2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0970A000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x09711000 \SystemRoot\system32\drivers\HTTP.sys
0x097B4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x097DD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x059D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A200000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A227000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A250000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A299000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A2B8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A2EA000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A37F000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x0A805000 \SystemRoot\system32\drivers\peauth.sys
0x0A8BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A8C6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A8FB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A90B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x76FA0000 \Windows\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\nvvsvc.exe
956 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
592 C:\Windows\System32\audiodg.exe
500 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
684 C:\Windows\System32\SLsvc.exe
1060 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1264 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1404 C:\Windows\System32\wlanext.exe
1568 C:\Windows\System32\nvvsvc.exe
1792 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1828 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1872 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1996 C:\Windows\System32\spoolsv.exe
1860 C:\Windows\System32\svchost.exe
2140 C:\Windows\System32\taskeng.exe
2176 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2188 C:\Windows\System32\taskeng.exe
2196 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
2248 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2260 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
2320 C:\Windows\System32\taskeng.exe
2388 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
2420 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
2444 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2576 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2620 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2716 C:\Windows\System32\svchost.exe
2772 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2800 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2820 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
2860 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2956 C:\Windows\System32\svchost.exe
2964 ACEngSvr.exe
3004 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3040 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
792 C:\Windows\System32\svchost.exe
2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2428 C:\Windows\System32\SearchIndexer.exe
2544 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
3340 WmiPrvSE.exe
3392 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3520 C:\Windows\System32\dwm.exe
3564 C:\Windows\explorer.exe
3676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3720 C:\Windows\System32\wbem\WmiApSrv.exe
3800 WmiPrvSE.exe
3908 C:\Windows\System32\alg.exe
3924 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3960 WmiPrvSE.exe
4048 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
1624 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2832 WmiPrvSE.exe
3540 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3276 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
3644 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
4164 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4196 C:\Program Files\Windows Media Player\wmpnscfg.exe
4204 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
4280 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
4396 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
4412 C:\Program Files\Windows Media Player\wmpnetwk.exe
4476 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
4560 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
4708 C:\Windows\AsScrPro.exe
4760 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
4904 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
4984 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
5004 C:\Program Files\Windows Mail\WinMail.exe
4848 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
5068 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4700 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3652 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4844 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
4768 C:\Windows\System32\SearchProtocolHost.exe
2360 C:\Windows\System32\SearchFilterHost.exe
5164 C:\Windows\System32\consent.exe
5536 dllhost.exe
5580 dllhost.exe
5608 C:\Users\ConchitaVista\Desktop\Computer Stuff\Malware Cleanup Instructions and Programs and Logs\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

 

[Broni]

Our fix didn't work.

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.
At first screen click on Repair your computer:

This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

 

[ConchitaInOz]

What appears to be the problem?

This ASUS laptop has a dual boot partition, one that allows a proprietary asus interface (allowing direct internet access without booting into windows).

Could this be the problem you are detecting with the hard drive?

I do not want to do anything that would wipe this out.

 

[Broni]

I see no issue here, since only Windows use MBR.

 

[ConchitaInOz]

Hi Broni, dug out my ASUS OEM Vista disks, but when I boot disk 1/2 Recovery DVD ASUSTek Computer Inc. "Windowsw Vista Recovery Media for Windows Vista Products 64-bit" it takes me to a menu with three options. There is NO command prompt option here and ALL the 3 options will erase all my files. This is a worry.

I am now downloading as you suggested, can you please let me know what you see in these logs that points to a problem? I have been using computers since dos 2, although my background last 15+ yrs is mostly on the network side of things.

Thanks again,

 

[ConchitaInOz]

Option 1: Vista: http://www.c4consulting.com.au/soluc...SOLUCTIONS.htm
... does not work, hung @83% then says you have used all your free credit or something.

Option2: Stuck on uTorrent, says 100% but File not found in log (attached pic)

 

[ConchitaInOz]

MBR Fixed - see New MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: G71GX
Logical Drives Mask: 0x00000014

Kernel Drivers (total 159):
0x04003000 \SystemRoot\system32\ntoskrnl.exe
0x0451A000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064C000 \SystemRoot\system32\PSHED.dll
0x00660000 \SystemRoot\system32\CLFS.SYS
0x006BD000 \SystemRoot\system32\CI.dll
0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EF000 \SystemRoot\system32\drivers\acpi.sys
0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00958000 \SystemRoot\system32\drivers\pci.sys
0x00988000 \SystemRoot\System32\drivers\partmgr.sys
0x0099D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AD000 \SystemRoot\system32\drivers\volmgr.sys
0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D4000 \SystemRoot\system32\DRIVERS\pciide.sys
0x009DB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00A0D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B2A000 \SystemRoot\system32\drivers\atapi.sys
0x00B32000 \SystemRoot\system32\drivers\ataport.SYS
0x00B56000 \SystemRoot\system32\drivers\msahci.sys
0x00B60000 \SystemRoot\system32\drivers\fltmgr.sys
0x00BA7000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BBB000 \SystemRoot\System32\Drivers\AsDsm.sys
0x00BC8000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x00C0E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
0x00C95000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE5000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100F000 \SystemRoot\System32\drivers\tcpip.sys
0x01185000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01207000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01387000 \SystemRoot\system32\drivers\volsnap.sys
0x013CB000 \SystemRoot\System32\Drivers\spldr.sys
0x013D3000 \SystemRoot\System32\Drivers\mup.sys
0x011B1000 \SystemRoot\System32\drivers\ecache.sys
0x013E5000 \SystemRoot\system32\drivers\disk.sys
0x00FD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011DD000 \SystemRoot\system32\drivers\crcdisk.sys
0x0232C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02335000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0240E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02F0B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02F0D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FF0000 \SystemRoot\System32\drivers\watchdog.sys
0x02400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02348000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0238E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0300A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03200000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03365000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x03392000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x033A4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x033B4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x033D4000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x033E9000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x030F7000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0314E000 \SystemRoot\system32\DRIVERS\enecir.sys
0x0316A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03180000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x03188000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03196000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x031EB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x031ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0239F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x031F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03000000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x023BB000 \SystemRoot\system32\DRIVERS\EIO64.sys
0x023C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x00D3E000 \SystemRoot\system32\DRIVERS\storport.sys
0x02200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x00D9B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x01000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00DBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00DEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00BD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x007D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x009EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03008000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03408000 \SystemRoot\system32\DRIVERS\ks.sys
0x0343C000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0344D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03458000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03468000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x034B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04E0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04FB9000 \SystemRoot\system32\drivers\portcls.sys
0x034C4000 \SystemRoot\system32\drivers\drmk.sys
0x04FF4000 \SystemRoot\system32\drivers\ksthunk.sys
0x04E00000 \SystemRoot\system32\DRIVERS\hidir.sys
0x034E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x034F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03501000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0350C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03517000 \SystemRoot\system32\DRIVERS\klif.sys
0x03573000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0357D000 \SystemRoot\System32\Drivers\Null.SYS
0x03586000 \SystemRoot\System32\drivers\vga.sys
0x03594000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x035B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x035C2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x035CB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x035D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04C03000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04C20000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04C3C000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x00BEF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x035F0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x011F5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05001000 \SystemRoot\system32\DRIVERS\kl1.sys
0x0552A000 \SystemRoot\system32\DRIVERS\smb.sys
0x05545000 \SystemRoot\system32\drivers\afd.sys
0x055B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05604000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x05695000 \SystemRoot\system32\DRIVERS\pacer.sys
0x056B3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x056C2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x056DD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x056E7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x056F1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0573E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0574A000 \SystemRoot\System32\Drivers\dfsc.sys
0x05767000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0220D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x05775000 \SystemRoot\System32\drivers\Dxapi.sys
0x05781000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x05794000 \SystemRoot\system32\drivers\luafv.sys
0x0900F000 \SystemRoot\system32\drivers\spsys.sys
0x090A9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x090BD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x090F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x090FC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09114000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x0911B000 \SystemRoot\system32\drivers\HTTP.sys
0x091BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x057B6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x057D4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A20D000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A234000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A25D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A2A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A2C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A2F7000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A38C000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x0A394000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A60B000 \SystemRoot\system32\drivers\peauth.sys
0x0A6C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A6CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A6DC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0A6F8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x77750000 \Windows\System32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
560 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\svchost.exe
592 C:\Windows\System32\audiodg.exe
616 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\SLsvc.exe
376 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\winlogon.exe
1184 C:\Windows\System32\svchost.exe
1264 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1392 C:\Windows\System32\wlanext.exe
1564 C:\Windows\System32\nvvsvc.exe
1628 C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
1920 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1944 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1996 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1656 C:\Windows\System32\spoolsv.exe
1812 C:\Windows\System32\taskeng.exe
1220 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
1700 C:\Windows\System32\taskeng.exe
2072 C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
2096 C:\Windows\System32\svchost.exe
2124 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2144 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
2184 C:\Windows\System32\taskeng.exe
2308 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
2420 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2464 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2732 C:\Windows\System32\svchost.exe
2756 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2856 C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
2924 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2972 C:\Windows\System32\svchost.exe
3060 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
1852 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
1676 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1480 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
892 C:\Windows\System32\dwm.exe
1540 C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
2240 C:\Windows\System32\SearchIndexer.exe
1868 C:\Windows\explorer.exe
3112 ACEngSvr.exe
3184 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
3276 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
3388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3440 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3504 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3512 WmiPrvSE.exe
3700 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3816 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3936 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
3972 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
1056 C:\Windows\System32\alg.exe
2716 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
1508 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
3828 WmiPrvSE.exe
1964 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
3672 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
3024 C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
3640 C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
4208 C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
4296 WmiPrvSE.exe
4316 C:\Windows\AsScrPro.exe
4384 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
4404 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
4492 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4640 C:\Program Files\Windows Media Player\wmpnscfg.exe
4720 C:\Program Files\Windows Media Player\wmpnetwk.exe
4916 C:\Program Files\Windows Mail\WinMail.exe
4928 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
4276 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3332 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5112 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
3740 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4816 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5948 C:\Windows\System32\wbem\WmiApSrv.exe
4264 C:\Windows\System32\SearchProtocolHost.exe
4480 C:\Windows\System32\SearchFilterHost.exe
2080 C:\Windows\System32\dllhost.exe
2020 dllhost.exe
5876 dllhost.exe
5908 C:\Users\ConchitaVista\Desktop\Computer Stuff\Malware Cleanup Instructions and Programs and Logs\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

[ConchitaInOz]

OTL only created one file OTL.txt

See attached as it is too large to cut & paste.
Thanks,
c

 

[Broni]

I uploaded .iso file for you HERE

 

[ConchitaInOz]

Sorry, forgot to mention I already got it working w/ Option 2
See last posts above for new MBRCheck (post #21) and OTC.txt file (post #22).
Thanks,

 

[Broni]

Very nice
MBRCheck looks good

How is computer doing at the moment?

=========================================================================

Please, uninstall Ask.com

======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
  O33 - MountPoints2\{6fb9aa78-6c00-11de-960f-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{6fb9aa78-6c00-11de-960f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006/09/01 05:56:53 | 000,126,976 | R--- | M] ()
  O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
  O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found
  [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
  @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\Ask.com
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.