Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

spyware.spyeyes

Started by lthsinc , Oct 28 2010 05:40 PM

  • Please log in to reply
177 replies to this topic

#1 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 28 October 2010 - 05:40 PM

I'm helping a friend with his computer, he has Vista, and it was infected with the spyware.spyeyes and spyware.password malware. I removed his hard drive, and connected to my computer, running full malwarebytes scan,(licensed version), removed 35 infections of these. Put back into his computer, but still problems, finally just reformatted, reinstalled OS, programs, etc.. Computer ran well for a couple of hours, then still same infections, and computer now running glacially slow. Last scan said Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.SpyEyes) -> Data: c:\program files\microsoft\desktoplayer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe), and Files Infected: C:\Program Files\Microsoft\DesktopLayer.exe (Spyware.SpyEyes) C:\Windows\System32\spoolsvSrv.exe (Spyware.SpyEyes) I quarantined all for now, and am thinking of replacing the registry items with the same files from another computer, same version of Vista, but otherwise, at my wits end as to how to get rid of this. Please help. Thank you.

    Advertisements

Register to Remove

#2 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 29 October 2010 - 04:00 AM

Hello there, lthsinc

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

**In any case where you happen to be busy or unable to give us a reply, we would be more than grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 29 October 2010 - 06:04 AM

Hello,

I would need to gather more information on the machine.

1. All tools MUST be run from the executable. (.exe)
With Admin Rights (Right click, choose "Run as Administrator")

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
===================================================

Scan With RootKitUnHooker

  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
===================================================

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
===================================================

On your next reply please post :
OTL log
RKU log
MBRCheck log

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#4 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 29 October 2010 - 03:55 PM

Keep trying to post logs, even from different computers, and it's not working. Any options?

#5 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 29 October 2010 - 04:04 PM

Here's the extras log:


OTL Extras logfile created on: 10/29/2010 10:36:13 AM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Clarence\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 112.66 Gb Free Space | 81.75% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 4.24 Gb Free Space | 43.44% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.36 Gb Free Space | 24.89% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Clarence | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ED21DC-5F9C-456A-87B1-47609D28B4AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{09736454-06B1-4048-B6C6-28250D0701E3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{0DF073A6-53F1-421A-AF9A-C2CB1F14FF56}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{100F0A53-6344-4C04-B82D-C7DB2172D423}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1659545E-2C95-4709-9C1A-9A84D9E00BB1}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{1A4E5538-A68A-4679-9FF4-167D55C4E3A8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1287944660\ee\aolsoftware.exe |
"{28EEBB42-4024-49DA-A4B1-3788D0FB2858}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{34915F26-B05D-4F7E-91B9-AC09ADA2FDEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{4EE5C745-E85D-4CAE-9EF4-8D39B1A410B5}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{6028903D-ECAB-4DE3-8E57-6784B8B8E341}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{63C38DE4-2BD3-4065-BE97-9A0CA510BAA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{774E23C7-1F11-49CD-AAA7-E57652B1E73D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{882E0F79-6440-48BD-94BC-BB12D1936D1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{99CAE37A-33EC-4B01-A4EA-713FE8BE0DDC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1287943460\ee\aolsoftware.exe |
"{AB6B15AF-0D9B-4B76-B563-9F18F63ABBEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADBD0C9E-6E21-4730-95CA-BE99532E6349}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B755A682-11E8-4526-B525-72A77AA760FA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{BBFC15A6-BA5C-4C13-B3BA-581DC6643991}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1287944660\ee\aolsoftware.exe |
"{BE468AAF-90F2-4B90-9C40-3E1CEEA9C82F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CE2D68FC-1A79-49E4-802C-F7ED0A09D4BE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1287943460\ee\aolsoftware.exe |
"{DBADFEC7-E62E-44D9-B06A-C25C1F2DE4F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E33B2E9A-EBA8-4CE3-A911-273331DBF7FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{E79823D4-F92F-485B-A2E1-255F520CFE25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{F1786002-A2FA-46AC-9041-118CA0A31DF6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{F87C1C49-9874-452C-8A5C-A994EF7D9F27}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3763A2B4-B07A-4E4D-994D-7D2C6AF0CF9E}" = Safari
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECB82093-A207-4B57-A0C3-81202EBC39D8}" = AT&T Communication Manager
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"EasyCapture3.0" = EasyCapture
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Live Toolbar" = Windows Live Toolbar
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2010 1:28:37 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176

Error - 10/29/2010 1:28:38 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2010 1:28:38 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8190

Error - 10/29/2010 1:28:38 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8190

Error - 10/29/2010 1:28:39 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/29/2010 1:28:39 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9204

Error - 10/29/2010 1:28:39 PM | Computer Name = laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9204

Error - 10/29/2010 1:31:39 PM | Computer Name = laptop | Source = EventSystem | ID = 4609
Description =

Error - 10/29/2010 1:31:44 PM | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2010 1:37:46 PM | Computer Name = laptop | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 10/29/2010 1:26:40 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 10/29/2010 1:27:49 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 10/29/2010 1:30:12 PM | Computer Name = laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:28:10 AM on 10/29/2010 was unexpected.

Error - 10/29/2010 1:30:37 PM | Computer Name = laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 10/29/2010 1:31:31 PM | Computer Name = laptop | Source = DCOM | ID = 10005
Description =

Error - 10/29/2010 1:31:39 PM | Computer Name = laptop | Source = DCOM | ID = 10005
Description =

Error - 10/29/2010 1:31:45 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 10/29/2010 1:31:45 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 10/29/2010 1:31:47 PM | Computer Name = laptop | Source = DCOM | ID = 10005
Description =

Error - 10/29/2010 1:31:48 PM | Computer Name = laptop | Source = DCOM | ID = 10005
Description =


< End of report >

#6 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 29 October 2010 - 04:06 PM

Here's the RKUnhookerLE log: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6001 (Service Pack 1) Number of processors #2 ============================================== >Drivers ============================================== 0x8B002000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7221248 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver) 0x81C15000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System) 0x81C15000 PnpManager 3907584 bytes 0x81C15000 RAW 3907584 bytes 0x81C15000 WMIxWDM 3907584 bytes 0x946D0000 Win32k 2109440 bytes 0x946D0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xB2000000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101028.041\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine) 0x8B802000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1216512 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver) 0x82A0A000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver) 0x822E2000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x8BE86000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver) 0x82866000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver) 0x804C5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module) 0xA866B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x8C004000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver) 0xA7809000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor) 0x8B6E5000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x80609000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x8CE08000 C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver) 0x82271000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xA790F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x8C944000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0x8C8E9000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101028.001\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver) 0xA8767000 C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect) 0x82201000 C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes) 0xA8601000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver) 0x94920000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x80745000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8BFB1000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x80692000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT) 0x8CE83000 C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver) 0x80484000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x8BA02000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x8B7A1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x8BE49000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver) 0x8C8A1000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x8BE0F000 C:\Windows\system32\drivers\CHDRT32.sys 237568 bytes (Conexant Systems Inc., High Definition Audio Function Driver) 0x8282C000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem) 0x8CFA9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x82B19000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x8C199000 C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver) 0x8BB4E000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x81FCF000 ACPI_HAL 208896 bytes 0x81FCF000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x805A5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x8C80B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x8B92B000 C:\Windows\system32\DRIVERS\b57nd60x.sys 200704 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.) 0x829A9000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8B973000 C:\Windows\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver) 0x8BBB4000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x82801000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8BB0D000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0xA78C8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0x8C9D6000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x82B69000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x806E9000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x82983000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver) 0x829D7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x8C1CD000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library) 0x8BA85000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x82BA1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8BB93000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI) 0x8C0D2000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver) 0x8C12B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0xA79C7000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x8CF8A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x807A7000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x8C9A2000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver) 0xA797C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver) 0x82950000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x8CF00000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver) 0xA7999000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x8B9B8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x8CF30000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component) 0x8296B000 C:\Windows\system32\DRIVERS\jmcr.sys 98304 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver) 0xA79E7000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x8C9BF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x8CF73000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component) 0x82250000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver) 0x8BA63000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x8C0B9000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xB2170000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver) 0x8CF5D000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component) 0x8C846000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x8C17E000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0xA79B2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8BACB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x8BF88000 C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver) 0xB214E000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101028.041\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine) 0x8BAB7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x8BF9D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x8B960000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver) 0xA78FC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x8C884000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x8B7EE000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x82B90000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x8C873000 C:\Windows\System32\Drivers\funfrm.SYS 69632 bytes (-, -) 0x8BB82000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x8046B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver) 0x807DD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0xA78B8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8078F000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x8BAED000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x8B9D0000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0x8CEF1000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x82B5A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x8071A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8BAA8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x8B7DF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x80736000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0x94910000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x8C865000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8C167000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x807CF000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x8C1F2000 C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver) 0x8CEC5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x8BA56000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver) 0x8BB41000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8B784000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x80685000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xA8753000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8C11F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8CF24000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager) 0x8CED2000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes 0x8B9AB000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver) 0x8B9A0000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver) 0x8C15C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x8BA7A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x8BA43000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x82BEF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x8B796000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x8072C000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver) 0x8CEDD000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes 0x8CEE7000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x80710000 C:\Windows\system32\DRIVERS\LPCFilter.sys 40960 bytes (COMPAL ELECTRONIC INC., LPCFilter) 0x807C5000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver) 0x8BB37000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA78F2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver) 0x8C8DD000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x82267000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xA8749000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x8C897000 C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect) 0x82BC2000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x8C102000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0xB2162000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x8C175000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0x8C85C000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista) 0x948F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x82A00000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x8CF1B000 C:\Windows\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver) 0x806D8000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8C83D000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer) 0x8079F000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8047C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x80403000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x806E1000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x8C14C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8C154000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8BA4E000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver) 0x82B52000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x8BB03000 C:\Windows\system32\DRIVERS\Tvti2c.sys 32768 bytes (Lenovo (United States) Inc., SMBUS Driver) 0xA875F000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver) 0x8C112000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8CF4F000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component) 0x8CF56000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component) 0x8C10B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x8BAE6000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver) 0x8C119000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component) 0x8BAFD000 C:\Windows\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver) 0x8BAE0000 C:\Windows\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW)) 0x8CF48000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component) 0x8B791000 C:\Windows\System32\drivers\swmsflt.sys 20480 bytes (-, Sierra Wireless USB Mass Storage Filter Driver) 0x8C194000 C:\Windows\system32\drivers\tcpipBM.sys 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider) 0x8B95C000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0xA8667000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver) 0x80729000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0x82BCB000 C:\Windows\system32\drivers\BMLoad.sys 8192 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader) 0x8B9B6000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component) 0x8CF4D000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component) 0x8C8E7000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system) 0x8BB0B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x8C0D0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x8CF2F000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component) ============================================== >Stealth ==============================================

#7 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 29 October 2010 - 04:06 PM

Here's the MBR Check log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Basic Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 444623U Logical Drives Mask: 0x00050014 Kernel Drivers (total 119): 0x81C00000 \SystemRoot\system32\ntkrnlpa.exe 0x81FBA000 \SystemRoot\system32\hal.dll 0x80406000 \SystemRoot\system32\kdcom.dll 0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8046E000 \SystemRoot\system32\PSHED.dll 0x8047F000 \SystemRoot\system32\BOOTVID.dll 0x80487000 \SystemRoot\system32\CLFS.SYS 0x804C8000 \SystemRoot\system32\CI.dll 0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80689000 \SystemRoot\system32\drivers\acpi.sys 0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E0000 \SystemRoot\system32\drivers\pci.sys 0x80707000 \SystemRoot\system32\DRIVERS\LPCFilter.sys 0x80711000 \SystemRoot\System32\drivers\partmgr.sys 0x80720000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80723000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8072D000 \SystemRoot\system32\drivers\volmgr.sys 0x8073C000 \SystemRoot\System32\drivers\volmgrx.sys 0x80786000 \SystemRoot\System32\drivers\mountmgr.sys 0x80796000 \SystemRoot\system32\drivers\atapi.sys 0x8079E000 \SystemRoot\system32\drivers\ataport.SYS 0x807BC000 \SystemRoot\system32\drivers\msahci.sys 0x807C6000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x805A8000 \SystemRoot\system32\drivers\fltmgr.sys 0x807D4000 \SystemRoot\system32\drivers\fileinfo.sys 0x8220F000 \SystemRoot\system32\drivers\NIS\1008000.029\SYMEFA.SYS 0x8225E000 \SystemRoot\System32\Drivers\DRVMCDB.SYS 0x82275000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8227F000 \SystemRoot\System32\Drivers\ksecdd.sys 0x822F0000 \SystemRoot\system32\drivers\ndis.sys 0x8280F000 \SystemRoot\system32\drivers\msrpc.sys 0x8283A000 \SystemRoot\system32\drivers\NETIO.SYS 0x82874000 \SystemRoot\System32\drivers\tcpip.sys 0x8295E000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x82A0A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x82B19000 \SystemRoot\system32\drivers\volsnap.sys 0x82B5A000 \SystemRoot\System32\Drivers\mup.sys 0x82B69000 \SystemRoot\System32\drivers\ecache.sys 0x82B90000 \SystemRoot\system32\drivers\disk.sys 0x82BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x82BC2000 \SystemRoot\system32\drivers\crcdisk.sys 0x82BCB000 \SystemRoot\system32\drivers\BMLoad.sys 0x82BEF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x82A00000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x82B52000 \SystemRoot\System32\drivers\swmsflt.sys 0x82979000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x82984000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x829C2000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x829D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8B602000 \SystemRoot\system32\DRIVERS\bcmwl6.sys 0x8B72B000 \SystemRoot\system32\DRIVERS\b57nd60x.sys 0x8B75C000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8B76F000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x8B79C000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8B7A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8B7B2000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0x8B7B4000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B7CC000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8BA02000 \SystemRoot\system32\DRIVERS\storport.sys 0x8BA43000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8BA4E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8BA65000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8BA70000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8BA93000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8BAA2000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8BAB6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8BACB000 \SystemRoot\system32\DRIVERS\wanatw4.sys 0x8BAD1000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8BAE1000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8BAE3000 \SystemRoot\system32\DRIVERS\ks.sys 0x8BB0D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8BB17000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8BB24000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8BB58000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8BB69000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8BB72000 \SystemRoot\System32\Drivers\Null.SYS 0x8BB79000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BB80000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0x8BB86000 \SystemRoot\System32\drivers\vga.sys 0x8BB92000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BBB3000 \SystemRoot\System32\drivers\watchdog.sys 0x8BBC0000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BBC8000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BBD3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BBE1000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8BBEA000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B7FA000 \??\C:\Windows\system32\drivers\tcpipBM.sys 0x829E3000 \SystemRoot\system32\DRIVERS\smb.sys 0x8BC0B000 \SystemRoot\system32\drivers\afd.sys 0x8BC53000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8BC85000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8BC8E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8BCA4000 \SystemRoot\system32\DRIVERS\SymIMv.sys 0x8BCAD000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8BCBB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8BCF7000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8BD01000 \SystemRoot\System32\Drivers\dfsc.sys 0x8BD18000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8BD2F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8BD31000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8BD3E000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8BD49000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x92E60000 \SystemRoot\System32\win32k.sys 0x8BD53000 \SystemRoot\System32\drivers\Dxapi.sys 0x93070000 \SystemRoot\System32\drivers\dxg.sys 0x930A0000 \SystemRoot\System32\TSDDD.dll 0x93120000 \SystemRoot\System32\framebuf.dll 0x93130000 \SystemRoot\System32\ATMFD.DLL 0x8BD5D000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8BD87000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8BD91000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8BDAA000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8BDBF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x95000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x95039000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x95051000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x775E0000 \Windows\System32\ntdll.dll Processes (total 23): 0 System Idle Process 4 System 324 C:\Windows\System32\smss.exe 384 csrss.exe 424 csrss.exe 432 C:\Windows\System32\wininit.exe 468 C:\Windows\System32\winlogon.exe 508 C:\Windows\System32\services.exe 520 C:\Windows\System32\lsass.exe 528 C:\Windows\System32\lsm.exe 664 C:\Windows\System32\svchost.exe 720 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\svchost.exe 904 C:\Windows\System32\svchost.exe 944 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 980 C:\Windows\System32\svchost.exe 1168 C:\Windows\System32\svchost.exe 1264 C:\Windows\System32\svchost.exe 1680 C:\Windows\explorer.exe 1072 C:\Program Files\Safari\Safari.exe 1784 C:\Users\Clarence\Desktop\OTL.exe 1672 C:\Users\Clarence\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dc00000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS) \\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: HITACHIHTS543216L9SA00, Rev: FB2ZC4EC Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: DE49F2D91E2B210E0F9D0C37BD45EBEEF2ABD7CE Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!

#8 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 29 October 2010 - 04:18 PM

Since the OTL log won't post, will try to run again. Your notes says it won't take long, I did follow your instructions exactly, but it does take quite a while, will try to upload again shortly.

#9 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 29 October 2010 - 06:49 PM

I have the OTL log that was run while in safe mode, but that won't post, I think it's too large. (txt file is 26 MB) Have been running another OTL scan in regular mode, but it's been running for more than 2 hours and hasn't finished, so I don't think it will be any smaller. Any ideas on how I can upload the original scan log? Or can you help with the other logs already posted? I really needed to have this computer by tomorrow, so any help would be appreciated. Also, may be completely unrelated, but all of a sudden, the curser will jump around while in the middle of typing. Anyway, thanks so much, hope to hear from you as soon as possible.

#10 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 30 October 2010 - 02:49 AM

Hi,

I'm sorry for the late reply, can you upload the OTL file to http://megaupload.com/?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

    Advertisements

Register to Remove

#11 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 30 October 2010 - 07:59 AM

Uploaded two files, in case it makes any difference, or helps...one was the OTL log that was run in safe mode, the other was run in normal mode. Thanks, hope to hear back soon.

#12 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 30 October 2010 - 08:54 AM

Good. I shall be waiting for the link.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#13 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 30 October 2010 - 09:22 AM

Sorry, what do you mean 'waiting for the link'? Was i supposed to do anything besides upload?

#14 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 30 October 2010 - 09:25 AM

You should be provided with a link for me to download the OTL file.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#15 lthsinc

lthsinc

    Authentic Member

  • Authentic Member
  • PipPip
  • 103 posts

Posted 30 October 2010 - 09:27 AM

I didn't see anything, wish I'd known to look for it...I'll do it again right now.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·