My PC is infected with a virus. I have run several fixes but nothing has worked. I have run combofix as instructed in other messages but to no avail. Help Please.
ComboFix 11-12-31.03 - SJB 01/01/2012 12:18:25.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9748 [GMT -5:00]
Running from: c:\users\SJB.FBRANH\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 17:22 . 2012-01-01 17:22 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72DDE5F-5BA1-4B4C-92D6-BCC6D28889E0}\offreg.dll
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\SJB\AppData\Local\temp
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\users\SJB.FBRANH\AppData\Roaming\SUPERAntiSpyware.com
2012-01-01 16:43 . 2012-01-01 16:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-01 16:37 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72DDE5F-5BA1-4B4C-92D6-BCC6D28889E0}\mpengine.dll
2012-01-01 16:17 . 2012-01-01 16:17 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-01-01 15:51 . 2012-01-01 15:51 -------- d-----w- c:\windows\system32\Macromed
2011-12-31 17:35 . 2011-12-31 17:35 -------- d--h--w- c:\windows\Sun
2011-12-14 17:23 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:23 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 17:23 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-05 20:24 . 2011-12-05 20:31 -------- d--h--w- c:\programdata\AutodeskRendering
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-05-05 20:16 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:56 . 2011-06-15 11:48 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2011-05-09 12:18 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 12:20 . 2011-10-11 12:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFEB5076-8844-4EFF-B2FE-9FBB6F8E8AF9}\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-01_16.29.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-01 16:48 35262 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-01 16:48 35046 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-01 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-01 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-06 12:08 . 2012-01-01 16:48 5020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4089952224-1957405234-155898677-1118_UserData.bin
+ 2012-01-01 17:22 . 2012-01-01 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-01 17:22 . 2012-01-01 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-01 16:29 . 2012-01-01 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 665350 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-01 16:53 665350 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 123118 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-01 16:53 123118 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-09 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-01 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\SJB.FBRANH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Driver performer.lnk - c:\users\SJB.FBRANH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM8A187H\DriverPerformer_16i[1].exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EC_NLM;ENERCALC NLM;c:\program files (x86)\ENERCALC_6_NLM\ENERCALC_NetworkLicenseManager.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1431888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S3 PrivacyProtectorMP;PrivacyProtectorMP;c:\windows\system32\DRIVERS\PPFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-03-07 38560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.5.52 208.67.222.222 208.67.222.220 192.168.0.10
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\astsrv.exe
.
**************************************************************************
.
Completion time: 2012-01-01 12:23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 17:23
ComboFix2.txt 2012-01-01 16:30
.
Pre-Run: 59,727,474,688 bytes free
Post-Run: 59,754,385,408 bytes free
.
- - End Of File - - F80F6E93A2B35ED0F48BE64D6550EA94
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision WorkStation T3500
Logical Drives Mask: 0x00e80dfc
Kernel Drivers (total 188):
0x02808000 \SystemRoot\system32\ntoskrnl.exe
0x02DF1000 \SystemRoot\system32\hal.dll
0x00BC5000 \SystemRoot\system32\kdcom.dll
0x00CF0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3F000 \SystemRoot\system32\PSHED.dll
0x00D53000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EFF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\drivers\volmgr.sys
0x010FD000 \SystemRoot\System32\drivers\volmgrx.sys
0x01159000 \SystemRoot\System32\drivers\mountmgr.sys
0x01173000 \SystemRoot\system32\drivers\atapi.sys
0x0117C000 \SystemRoot\system32\drivers\ataport.SYS
0x011A6000 \SystemRoot\system32\drivers\msahci.sys
0x011B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011C1000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01060000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01422000 \SystemRoot\System32\Drivers\cng.sys
0x01494000 \SystemRoot\System32\drivers\pcw.sys
0x014A5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014AF000 \SystemRoot\system32\drivers\ndis.sys
0x0165B000 \SystemRoot\system32\drivers\NETIO.SYS
0x016BB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018FE000 \SystemRoot\System32\drivers\tcpip.sys
0x01B02000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B4C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B5C000 \SystemRoot\system32\drivers\volsnap.sys
0x01BA8000 \SystemRoot\System32\Drivers\spldr.sys
0x01BB0000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BEA000 \SystemRoot\System32\Drivers\mup.sys
0x01800000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01809000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01843000 \SystemRoot\system32\drivers\disk.sys
0x01859000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x018C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016E6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x018EB000 \SystemRoot\System32\Drivers\Null.SYS
0x018F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x01717000 \SystemRoot\System32\drivers\vga.sys
0x01725000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0174A000 \SystemRoot\System32\drivers\watchdog.sys
0x0175A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01763000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0176C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01775000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01780000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01791000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017B3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E12000 \SystemRoot\system32\drivers\afd.sys
0x02E9B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EE0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02EE9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F0F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F1E000 \SystemRoot\system32\DRIVERS\serial.sys
0x02F3B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F56000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F6A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FBB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02FC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02FD2000 \SystemRoot\System32\drivers\discache.sys
0x03CF8000 \SystemRoot\system32\drivers\csc.sys
0x03D7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D99000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DAA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DD0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F259000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FEB6000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FEB8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FFAC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FFF2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0F200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03DEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C24000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x03C6C000 \SystemRoot\system32\DRIVERS\parport.sys
0x03C89000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03C95000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03CA5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03CBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03CDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x017C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03CEB000 \SystemRoot\system32\DRIVERS\PPFlt.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0163B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0164A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0F256000 \SystemRoot\system32\DRIVERS\swenum.sys
0x015A2000 \SystemRoot\system32\DRIVERS\ks.sys
0x015E5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04435000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0448F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x044A4000 \SystemRoot\system32\drivers\HdAudio.sys
0x04500000 \SystemRoot\system32\drivers\portcls.sys
0x0453D000 \SystemRoot\system32\drivers\drmk.sys
0x0455F000 \SystemRoot\system32\drivers\ksthunk.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x04565000 \SystemRoot\System32\drivers\Dxapi.sys
0x04571000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0457F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0458B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04596000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x045A9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x045B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x045D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045D9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045DB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x04400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x01889000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0441B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0121B000 \SystemRoot\system32\drivers\luafv.sys
0x01400000 \SystemRoot\system32\drivers\WudfPf.sys
0x018A6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x010BE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x00FB2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0524F000 \SystemRoot\system32\drivers\HTTP.sys
0x05318000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05335000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05353000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0536B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05398000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05879000 \SystemRoot\system32\drivers\peauth.sys
0x0591F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0592A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0595B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0596D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05A26000 \SystemRoot\System32\DRIVERS\srv.sys
0x05ABE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x05ACE000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x05AE6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05B88000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77AA0000 \Windows\System32\ntdll.dll
0x47910000 \Windows\System32\smss.exe
0xFFDC0000 \Windows\System32\apisetschema.dll
0xFFCF0000 \Windows\System32\autochk.exe
0x77C70000 \Windows\System32\normaliz.dll
0x77C60000 \Windows\System32\psapi.dll
0xFFD10000 \Windows\System32\msvcrt.dll
0xFFCB0000 \Windows\System32\Wldap32.dll
0xFFA50000 \Windows\System32\iertutil.dll
0xFFA40000 \Windows\System32\nsi.dll
0xFF9D0000 \Windows\System32\gdi32.dll
0xFF8F0000 \Windows\System32\advapi32.dll
0xFF8E0000 \Windows\System32\lpk.dll
0x77980000 \Windows\System32\kernel32.dll
0xFF810000 \Windows\System32\usp10.dll
0xFF790000 \Windows\System32\difxapi.dll
0xFF6B0000 \Windows\System32\oleaut32.dll
0xFF660000 \Windows\System32\ws2_32.dll
0xFF5C0000 \Windows\System32\comdlg32.dll
0xFE830000 \Windows\System32\shell32.dll
0xFE650000 \Windows\System32\setupapi.dll
0xFE5B0000 \Windows\System32\clbcatq.dll
0xFE430000 \Windows\System32\urlmon.dll
0xFE410000 \Windows\System32\imagehlp.dll
0xFE3E0000 \Windows\System32\imm32.dll
0xFE1D0000 \Windows\System32\ole32.dll
0xFE1B0000 \Windows\System32\sechost.dll
0xFE080000 \Windows\System32\rpcrt4.dll
0xFE000000 \Windows\System32\shlwapi.dll
0xFDEF0000 \Windows\System32\msctf.dll
0xFDDC0000 \Windows\System32\wininet.dll
0x77880000 \Windows\System32\user32.dll
0xFDD80000 \Windows\System32\wintrust.dll
0xFDC10000 \Windows\System32\crypt32.dll
0xFDBD0000 \Windows\System32\cfgmgr32.dll
0xFDBB0000 \Windows\System32\devobj.dll
0xFDB40000 \Windows\System32\KernelBase.dll
0xFDAA0000 \Windows\System32\comctl32.dll
0xFDA90000 \Windows\System32\msasn1.dll
0x75F40000 \Windows\SysWOW64\normaliz.dll
Processes (total 50):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
364 csrss.exe
432 C:\Windows\System32\wininit.exe
440 csrss.exe
496 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
796 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
876 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\spoolsv.exe
1344 C:\Windows\System32\svchost.exe
1476 C:\Windows\SysWOW64\ASTSRV.EXE
1516 C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
1612 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1764 C:\Windows\System32\svchost.exe
2072 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2268 WUDFHost.exe
2828 C:\Windows\System32\SearchIndexer.exe
1232 C:\Windows\System32\dwm.exe
1108 C:\Windows\explorer.exe
1316 C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
1632 C:\Program Files\Microsoft Security Client\msseces.exe
2200 C:\Users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
1992 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1980 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
1304 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3556 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3152 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2736 C:\Windows\System32\audiodg.exe
4948 C:\Program Files\Internet Explorer\iexplore.exe
4168 C:\Program Files\Internet Explorer\iexplore.exe
1312 C:\Windows\splwow64.exe
4900 C:\Windows\System32\SearchProtocolHost.exe
3780 C:\Windows\System32\SearchFilterHost.exe
4252 C:\Program Files\Internet Explorer\iexplore.exe
4832 MpCmdRun.exe
1772 C:\Users\SJB.FBRANH\Desktop\MBRCheck.exe
3568 C:\Windows\System32\conhost.exe
3376 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`02738a00 (NTFS)
PhysicalDrive0 Model Number: KINGSTONSVP100S2128G, Rev: CJRA0202
PhysicalDrive1 Model Number: ST3250318AS, Rev: CC45
Size Device Name MBR Status
--------------------------------------------
119 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
Done!
ComboFix 11-12-31.03 - SJB 01/01/2012 12:18:25.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9748 [GMT -5:00]
Running from: c:\users\SJB.FBRANH\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 17:22 . 2012-01-01 17:22 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72DDE5F-5BA1-4B4C-92D6-BCC6D28889E0}\offreg.dll
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\SJB\AppData\Local\temp
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 17:21 . 2012-01-01 17:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\users\SJB.FBRANH\AppData\Roaming\SUPERAntiSpyware.com
2012-01-01 16:43 . 2012-01-01 16:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-01 16:43 . 2012-01-01 16:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-01 16:37 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72DDE5F-5BA1-4B4C-92D6-BCC6D28889E0}\mpengine.dll
2012-01-01 16:17 . 2012-01-01 16:17 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-01-01 15:51 . 2012-01-01 15:51 -------- d-----w- c:\windows\system32\Macromed
2011-12-31 17:35 . 2011-12-31 17:35 -------- d--h--w- c:\windows\Sun
2011-12-14 17:23 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 17:23 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 17:23 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-05 20:24 . 2011-12-05 20:31 -------- d--h--w- c:\programdata\AutodeskRendering
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-05-05 20:16 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:56 . 2011-06-15 11:48 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2011-05-09 12:18 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-11 12:20 . 2011-10-11 12:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFEB5076-8844-4EFF-B2FE-9FBB6F8E8AF9}\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-01_16.29.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-01 16:48 35262 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-01 16:48 35046 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-01 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 20:55 . 2012-01-01 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-05 20:55 . 2012-01-01 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-06 12:08 . 2012-01-01 16:48 5020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4089952224-1957405234-155898677-1118_UserData.bin
+ 2012-01-01 17:22 . 2012-01-01 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-01 17:22 . 2012-01-01 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-01 16:29 . 2012-01-01 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 665350 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-01 16:53 665350 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-01 15:31 123118 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-01 16:53 123118 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-09 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-01 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\SJB.FBRANH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Driver performer.lnk - c:\users\SJB.FBRANH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EM8A187H\DriverPerformer_16i[1].exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EC_NLM;ENERCALC NLM;c:\program files (x86)\ENERCALC_6_NLM\ENERCALC_NetworkLicenseManager.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1431888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S3 PrivacyProtectorMP;PrivacyProtectorMP;c:\windows\system32\DRIVERS\PPFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-03-07 38560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.5.52 208.67.222.222 208.67.222.220 192.168.0.10
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\astsrv.exe
.
**************************************************************************
.
Completion time: 2012-01-01 12:23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 17:23
ComboFix2.txt 2012-01-01 16:30
.
Pre-Run: 59,727,474,688 bytes free
Post-Run: 59,754,385,408 bytes free
.
- - End Of File - - F80F6E93A2B35ED0F48BE64D6550EA94
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision WorkStation T3500
Logical Drives Mask: 0x00e80dfc
Kernel Drivers (total 188):
0x02808000 \SystemRoot\system32\ntoskrnl.exe
0x02DF1000 \SystemRoot\system32\hal.dll
0x00BC5000 \SystemRoot\system32\kdcom.dll
0x00CF0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3F000 \SystemRoot\system32\PSHED.dll
0x00D53000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EFF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\drivers\volmgr.sys
0x010FD000 \SystemRoot\System32\drivers\volmgrx.sys
0x01159000 \SystemRoot\System32\drivers\mountmgr.sys
0x01173000 \SystemRoot\system32\drivers\atapi.sys
0x0117C000 \SystemRoot\system32\drivers\ataport.SYS
0x011A6000 \SystemRoot\system32\drivers\msahci.sys
0x011B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011C1000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01060000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01422000 \SystemRoot\System32\Drivers\cng.sys
0x01494000 \SystemRoot\System32\drivers\pcw.sys
0x014A5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014AF000 \SystemRoot\system32\drivers\ndis.sys
0x0165B000 \SystemRoot\system32\drivers\NETIO.SYS
0x016BB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018FE000 \SystemRoot\System32\drivers\tcpip.sys
0x01B02000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B4C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B5C000 \SystemRoot\system32\drivers\volsnap.sys
0x01BA8000 \SystemRoot\System32\Drivers\spldr.sys
0x01BB0000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BEA000 \SystemRoot\System32\Drivers\mup.sys
0x01800000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01809000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01843000 \SystemRoot\system32\drivers\disk.sys
0x01859000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x018C1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016E6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x018EB000 \SystemRoot\System32\Drivers\Null.SYS
0x018F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x01717000 \SystemRoot\System32\drivers\vga.sys
0x01725000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0174A000 \SystemRoot\System32\drivers\watchdog.sys
0x0175A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01763000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0176C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01775000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01780000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01791000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017B3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E12000 \SystemRoot\system32\drivers\afd.sys
0x02E9B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EE0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02EE9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F0F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F1E000 \SystemRoot\system32\DRIVERS\serial.sys
0x02F3B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F56000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F6A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FBB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02FC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02FD2000 \SystemRoot\System32\drivers\discache.sys
0x03CF8000 \SystemRoot\system32\drivers\csc.sys
0x03D7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D99000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DAA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DD0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F259000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FEB6000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FEB8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FFAC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FFF2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0F200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03DEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C24000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x03C6C000 \SystemRoot\system32\DRIVERS\parport.sys
0x03C89000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03C95000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03CA5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03CBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03CDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x017C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01621000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03CEB000 \SystemRoot\system32\DRIVERS\PPFlt.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0163B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0164A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0F256000 \SystemRoot\system32\DRIVERS\swenum.sys
0x015A2000 \SystemRoot\system32\DRIVERS\ks.sys
0x015E5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04435000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0448F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x044A4000 \SystemRoot\system32\drivers\HdAudio.sys
0x04500000 \SystemRoot\system32\drivers\portcls.sys
0x0453D000 \SystemRoot\system32\drivers\drmk.sys
0x0455F000 \SystemRoot\system32\drivers\ksthunk.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x04565000 \SystemRoot\System32\drivers\Dxapi.sys
0x04571000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0457F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0458B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04596000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x045A9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x045B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x045D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045D9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045DB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x04400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x01889000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0441B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0121B000 \SystemRoot\system32\drivers\luafv.sys
0x01400000 \SystemRoot\system32\drivers\WudfPf.sys
0x018A6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x010BE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x00FB2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0524F000 \SystemRoot\system32\drivers\HTTP.sys
0x05318000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05335000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05353000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0536B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05398000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05879000 \SystemRoot\system32\drivers\peauth.sys
0x0591F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0592A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0595B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0596D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05A26000 \SystemRoot\System32\DRIVERS\srv.sys
0x05ABE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x05ACE000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x05AE6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05B88000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77AA0000 \Windows\System32\ntdll.dll
0x47910000 \Windows\System32\smss.exe
0xFFDC0000 \Windows\System32\apisetschema.dll
0xFFCF0000 \Windows\System32\autochk.exe
0x77C70000 \Windows\System32\normaliz.dll
0x77C60000 \Windows\System32\psapi.dll
0xFFD10000 \Windows\System32\msvcrt.dll
0xFFCB0000 \Windows\System32\Wldap32.dll
0xFFA50000 \Windows\System32\iertutil.dll
0xFFA40000 \Windows\System32\nsi.dll
0xFF9D0000 \Windows\System32\gdi32.dll
0xFF8F0000 \Windows\System32\advapi32.dll
0xFF8E0000 \Windows\System32\lpk.dll
0x77980000 \Windows\System32\kernel32.dll
0xFF810000 \Windows\System32\usp10.dll
0xFF790000 \Windows\System32\difxapi.dll
0xFF6B0000 \Windows\System32\oleaut32.dll
0xFF660000 \Windows\System32\ws2_32.dll
0xFF5C0000 \Windows\System32\comdlg32.dll
0xFE830000 \Windows\System32\shell32.dll
0xFE650000 \Windows\System32\setupapi.dll
0xFE5B0000 \Windows\System32\clbcatq.dll
0xFE430000 \Windows\System32\urlmon.dll
0xFE410000 \Windows\System32\imagehlp.dll
0xFE3E0000 \Windows\System32\imm32.dll
0xFE1D0000 \Windows\System32\ole32.dll
0xFE1B0000 \Windows\System32\sechost.dll
0xFE080000 \Windows\System32\rpcrt4.dll
0xFE000000 \Windows\System32\shlwapi.dll
0xFDEF0000 \Windows\System32\msctf.dll
0xFDDC0000 \Windows\System32\wininet.dll
0x77880000 \Windows\System32\user32.dll
0xFDD80000 \Windows\System32\wintrust.dll
0xFDC10000 \Windows\System32\crypt32.dll
0xFDBD0000 \Windows\System32\cfgmgr32.dll
0xFDBB0000 \Windows\System32\devobj.dll
0xFDB40000 \Windows\System32\KernelBase.dll
0xFDAA0000 \Windows\System32\comctl32.dll
0xFDA90000 \Windows\System32\msasn1.dll
0x75F40000 \Windows\SysWOW64\normaliz.dll
Processes (total 50):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
364 csrss.exe
432 C:\Windows\System32\wininit.exe
440 csrss.exe
496 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
796 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
876 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\spoolsv.exe
1344 C:\Windows\System32\svchost.exe
1476 C:\Windows\SysWOW64\ASTSRV.EXE
1516 C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
1612 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1764 C:\Windows\System32\svchost.exe
2072 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2268 WUDFHost.exe
2828 C:\Windows\System32\SearchIndexer.exe
1232 C:\Windows\System32\dwm.exe
1108 C:\Windows\explorer.exe
1316 C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
1632 C:\Program Files\Microsoft Security Client\msseces.exe
2200 C:\Users\SJB.FBRANH\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
1992 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1980 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
1304 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3556 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3152 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2736 C:\Windows\System32\audiodg.exe
4948 C:\Program Files\Internet Explorer\iexplore.exe
4168 C:\Program Files\Internet Explorer\iexplore.exe
1312 C:\Windows\splwow64.exe
4900 C:\Windows\System32\SearchProtocolHost.exe
3780 C:\Windows\System32\SearchFilterHost.exe
4252 C:\Program Files\Internet Explorer\iexplore.exe
4832 MpCmdRun.exe
1772 C:\Users\SJB.FBRANH\Desktop\MBRCheck.exe
3568 C:\Windows\System32\conhost.exe
3376 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`02738a00 (NTFS)
PhysicalDrive0 Model Number: KINGSTONSVP100S2128G, Rev: CJRA0202
PhysicalDrive1 Model Number: ST3250318AS, Rev: CC45
Size Device Name MBR Status
--------------------------------------------
119 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
Done!