Windows Vist has begun running unusably slow and I have been unable to un any Anti-Virus software. I've had MSE installed and when it failed. I disabled it and attempted to install MalwareBytes and HouseCall, however neither will not run. I have successfully run rKill, but even after running it, Anti-Virus will not run. I attempted to run DDS (In Windows Safe Mode). It launched and appeared to hang -- no logs for 45+ minutes.
-
Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.
Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!
Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.
We'll also start using the forum for small bits of information, announcements and more again.
Win Vista x64 Infection
- Thread starter skydyvyr
- Start date
ken545
Emeritus-Security Expert
:snwelcome:
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Please download OTH to your desktop ( if you use Firefox, right click on the OTH link and select Save as )
Double-click the OTH file to run it and click Kill All Processes, your desktop will go blank.
Then select Start Misc Program. Browse to DDS and then attempt to run another scan.
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Please download OTH to your desktop ( if you use Firefox, right click on the OTH link and select Save as )
Double-click the OTH file to run it and click Kill All Processes, your desktop will go blank.
Then select Start Misc Program. Browse to DDS and then attempt to run another scan.
- Click the Internet Explorer button, post these logs in your Virus Removal topic.
Unable to run OTH
I downloaded OTH.scr from the link you provided, but when I double clicked it, it opened in Notepad. I tried to right-mouse click on it to see if there was an option to run the script from the menu, but there was not. I did notice that at the top of the Notepad window the text: This program must be run under Win32. Will this script work on my Windows x64 OS?
Thanks in advance for your help
--Andy
I downloaded OTH.scr from the link you provided, but when I double clicked it, it opened in Notepad. I tried to right-mouse click on it to see if there was an option to run the script from the menu, but there was not. I did notice that at the top of the Notepad window the text: This program must be run under Win32. Will this script work on my Windows x64 OS?
Thanks in advance for your help
--Andy
ken545
Emeritus-Security Expert
Good Morning Andy,
My apologies, I should have been a bit more clearer on the instructions.
Right click on the link and select Save Link As, and save it to your desktop. On the dropdown menu , save it as All Files, then click on Test
See if you can run this program also
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
My apologies, I should have been a bit more clearer on the instructions.
Right click on the link and select Save Link As, and save it to your desktop. On the dropdown menu , save it as All Files, then click on Test
See if you can run this program also
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Last edited:
Thanks for the clarification, but...
I did download it to the desktop and attempt to run it. After my last post, I renamed the file to OTH.exe, right clicked the file and selected Run as Administrator. The application launched and I clicked "Kill All Processes" as directed. Nothing appeared to happen. Specifically the desktop did not go black. After about a half hour, I tried to take the next step and run dds.exe from the OTH console as directed.
When I clicked the button and got the window to browse for files, it was empty. No matter what directory I pointed it at, no files or subdirectories were visible. I ended up pointing it at the Desktop directory and entering the file name "dds.exe" and clicking the "Open" button. DDS launched, but acted exactly as before.
I am now running aswMBR. It asked to download Avast definitions which I accepted. It is downloading now and I will post the results in my next reply.
--Andy
I did download it to the desktop and attempt to run it. After my last post, I renamed the file to OTH.exe, right clicked the file and selected Run as Administrator. The application launched and I clicked "Kill All Processes" as directed. Nothing appeared to happen. Specifically the desktop did not go black. After about a half hour, I tried to take the next step and run dds.exe from the OTH console as directed.
When I clicked the button and got the window to browse for files, it was empty. No matter what directory I pointed it at, no files or subdirectories were visible. I ended up pointing it at the Desktop directory and entering the file name "dds.exe" and clicking the "Open" button. DDS launched, but acted exactly as before.
I am now running aswMBR. It asked to download Avast definitions which I accepted. It is downloading now and I will post the results in my next reply.
--Andy
Yes, It ran
Here are the results -- sorry for the delay, but I had to leave for work.
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 08:41:50
-----------------------------
08:41:50.239 OS Version: Windows x64 6.0.6002 Service Pack 2
08:41:50.240 Number of processors: 4 586 0xF07
08:41:50.240 ComputerName: ANDY-PC UserName: Andy
08:41:53.319 Initialize success
08:45:46.619 AVAST engine defs: 12012600
08:47:28.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:47:28.667 Disk 0 Vendor: Intel___ 1.0. Size: 476945MB BusType: 8
08:47:28.671 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
08:47:28.674 Disk 1 Vendor: Maxtor_6 BACE Size: 194481MB BusType: 3
08:47:28.692 Disk 0 MBR read successfully
08:47:28.695 Disk 0 MBR scan
08:47:28.702 Disk 0 Windows VISTA default MBR code
08:47:28.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476943 MB offset 2048
08:47:28.743 Service scanning
08:47:29.427 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:47:30.044 Modules scanning
08:47:30.049 Disk 0 trace - called modules:
08:47:30.065 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:47:30.073 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f37790]
08:47:30.079 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800615b050]
08:47:31.836 AVAST engine scan C:\Windows
08:47:38.898 AVAST engine scan C:\Windows\system32
08:57:17.301 AVAST engine scan C:\Windows\system32\drivers
08:57:55.205 AVAST engine scan C:\Users\Andy
09:40:37.692 AVAST engine scan C:\ProgramData
10:05:09.317 Scan finished successfully
16:31:32.018 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
16:31:32.024 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"
Here are the results -- sorry for the delay, but I had to leave for work.
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 08:41:50
-----------------------------
08:41:50.239 OS Version: Windows x64 6.0.6002 Service Pack 2
08:41:50.240 Number of processors: 4 586 0xF07
08:41:50.240 ComputerName: ANDY-PC UserName: Andy
08:41:53.319 Initialize success
08:45:46.619 AVAST engine defs: 12012600
08:47:28.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:47:28.667 Disk 0 Vendor: Intel___ 1.0. Size: 476945MB BusType: 8
08:47:28.671 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
08:47:28.674 Disk 1 Vendor: Maxtor_6 BACE Size: 194481MB BusType: 3
08:47:28.692 Disk 0 MBR read successfully
08:47:28.695 Disk 0 MBR scan
08:47:28.702 Disk 0 Windows VISTA default MBR code
08:47:28.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476943 MB offset 2048
08:47:28.743 Service scanning
08:47:29.427 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:47:30.044 Modules scanning
08:47:30.049 Disk 0 trace - called modules:
08:47:30.065 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:47:30.073 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f37790]
08:47:30.079 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800615b050]
08:47:31.836 AVAST engine scan C:\Windows
08:47:38.898 AVAST engine scan C:\Windows\system32
08:57:17.301 AVAST engine scan C:\Windows\system32\drivers
08:57:55.205 AVAST engine scan C:\Users\Andy
09:40:37.692 AVAST engine scan C:\ProgramData
10:05:09.317 Scan finished successfully
16:31:32.018 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
16:31:32.024 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"
ken545
Emeritus-Security Expert
Thats fine, see if you can run these programs
Download MBRCheck.exe to your desktop.
OTL by OldTimer
Download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Double click on the file to run it
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
MBRCheck Log Results
Here is the Log from MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x03c0401c
Kernel Drivers (total 161):
0x02647000 \SystemRoot\system32\ntoskrnl.exe
0x02601000 \SystemRoot\system32\hal.dll
0x0060C000 \SystemRoot\system32\kdcom.dll
0x00616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00651000 \SystemRoot\system32\PSHED.dll
0x00665000 \SystemRoot\system32\CLFS.SYS
0x006C2000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00774000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B0000 \SystemRoot\system32\drivers\intelide.sys
0x009B8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A02000 \SystemRoot\system32\drivers\iastorv.sys
0x00AC7000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00BE3000 \SystemRoot\system32\drivers\atapi.sys
0x009DB000 \SystemRoot\system32\drivers\ataport.SYS
0x00C0C000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C53000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C67000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E02000 \SystemRoot\system32\drivers\ndis.sys
0x00CEE000 \SystemRoot\system32\drivers\msrpc.sys
0x00D3E000 \SystemRoot\system32\drivers\NETIO.SYS
0x01007000 \SystemRoot\System32\drivers\tcpip.sys
0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
0x013D9000 \SystemRoot\System32\Drivers\mup.sys
0x011A7000 \SystemRoot\System32\drivers\ecache.sys
0x011D3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013EB000 \SystemRoot\system32\drivers\disk.sys
0x00FC5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02932000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0293F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02948000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02A00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x036AE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x036B3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03796000 \SystemRoot\System32\drivers\watchdog.sys
0x03803000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x038F0000 \SystemRoot\system32\DRIVERS\e1e6032e.sys
0x03943000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0394F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03995000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B71000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03B83000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03B93000 \SystemRoot\system32\DRIVERS\parport.sys
0x03BAF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03BC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03BD3000 \SystemRoot\system32\DRIVERS\serial.sys
0x03BF0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x039A6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039C2000 \SystemRoot\system32\DRIVERS\BackupReader.sys
0x03A00000 \SystemRoot\system32\DRIVERS\dsNcAdX64.sys
0x03BFC000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x039D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x039E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x037A6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0295B000 \SystemRoot\system32\DRIVERS\storport.sys
0x039EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x029B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x037DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00D97000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x037EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x029DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03C08000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03CA2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CB5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03CC1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03CC3000 \SystemRoot\system32\DRIVERS\ks.sys
0x03CF7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D02000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D12000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D5A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03D65000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x03D6C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03D80000 \SystemRoot\system32\drivers\stwrt64.sys
0x04608000 \SystemRoot\system32\drivers\portcls.sys
0x04643000 \SystemRoot\system32\drivers\drmk.sys
0x04666000 \SystemRoot\system32\drivers\ksthunk.sys
0x0466C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0469D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x046A7000 \SystemRoot\System32\Drivers\Null.SYS
0x046BB000 \SystemRoot\System32\drivers\vga.sys
0x046C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x046EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x046F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04700000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0470B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0471C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04725000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04742000 \SystemRoot\system32\DRIVERS\smb.sys
0x0475D000 \SystemRoot\system32\drivers\afd.sys
0x0480F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04853000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04871000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04880000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0489B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x048E8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048F4000 \SystemRoot\system32\drivers\csc.sys
0x0496A000 \SystemRoot\System32\Drivers\dfsc.sys
0x04987000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04997000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04999000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x049A2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x049BE000 \SystemRoot\System32\Drivers\nx6000.sys
0x049CB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x047C8000 \SystemRoot\system32\drivers\usbaudio.sys
0x047E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x03DE3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x0291C000 \SystemRoot\System32\drivers\Dxapi.sys
0x00DE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x007DA000 \SystemRoot\system32\drivers\luafv.sys
0x00BEB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x09400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x09434000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0943F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09457000 \SystemRoot\system32\drivers\spsys.sys
0x094F1000 \SystemRoot\system32\drivers\HTTP.sys
0x09594000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x095BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x095DB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A004000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A02B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A054000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A09D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A0BC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A0EE000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A181000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x0A191000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A19C000 \??\C:\Windows\system32\drivers\aksdf.sys
0x0A1AC000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A1E1000 \??\C:\Windows\system32\drivers\aksfridge.sys
0x0980E000 \??\C:\Windows\system32\drivers\hardlock.sys
0x0985B000 \SystemRoot\system32\drivers\peauth.sys
0x09911000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0991C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0992C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0994C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x09962000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x0997A000 \SystemRoot\system32\drivers\tdtcp.sys
0x09987000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x09995000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x099D1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x099ED000 \??\C:\Users\Andy\AppData\Local\Temp\aswMBR.sys
0x03A0C000 \SystemRoot\system32\DRIVERS\athrx.sys
0x77550000 \Windows\System32\ntdll.dll
Processes (total 97):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
532 csrss.exe
592 csrss.exe
600 C:\Windows\System32\wininit.exe
644 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
932 C:\Windows\System32\svchost.exe
1016 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
512 C:\Windows\System32\svchost.exe
632 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\SLsvc.exe
1232 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1244 C:\Windows\System32\nvvsvc.exe
1264 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\wisptis.exe
1456 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1488 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\spoolsv.exe
1876 C:\Windows\System32\svchost.exe
1708 C:\Windows\SysWOW64\svchost.exe
2264 C:\Windows\SysWOW64\svchost.exe
2320 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
2440 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
2460 C:\Windows\System32\svchost.exe
2472 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
2536 C:\Windows\System32\svchost.exe
2548 C:\Windows\System32\svchost.exe
2568 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\VSSVC.exe
2744 C:\Windows\System32\svchost.exe
2760 C:\Program Files\Windows Server\Bin\WhsMcClient.exe
2804 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2820 C:\Windows\System32\taskeng.exe
2884 C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
2952 C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
3028 WUDFHost.exe
1304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2492 C:\Windows\System32\Tablet.exe
3120 C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
3296 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3336 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3380 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3452 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3812 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
1664 C:\Windows\System32\svchost.exe
4120 C:\Windows\ehome\ehrecvr.exe
4136 C:\Windows\ehome\ehsched.exe
4204 C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
4376 C:\Windows\System32\svchost.exe
4412 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4584 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4624 C:\Windows\System32\svchost.exe
4656 C:\Program Files\Windows Media Player\wmpnetwk.exe
3448 C:\Windows\System32\dwm.exe
4312 C:\Windows\System32\taskeng.exe
4852 C:\Windows\System32\wisptis.exe
2892 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1668 C:\Windows\explorer.exe
5132 C:\Windows\System32\WTablet\TabUserW.exe
5148 C:\Windows\System32\Tablet.exe
5480 WmiPrvSE.exe
5664 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
5748 C:\Windows\WindowsMobile\wmdc.exe
5784 C:\Windows\sttray64.exe
5792 C:\Program Files\Zune\ZuneLauncher.exe
5800 C:\Program Files\Microsoft Security Client\msseces.exe
5808 C:\Program Files\Windows Server\Bin\Launchpad.exe
5816 C:\Program Files\Windows Sidebar\sidebar.exe
6000 C:\Program Files\BOINC\boincmgr.exe
6012 C:\Program Files\BOINC\boinctray.exe
3944 C:\Program Files\BOINC\boinc.exe
4036 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
1372 C:\Windows\System32\LMabcoms.exe
5980 C:\Program Files\Windows Sidebar\sidebar.exe
5428 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
2064 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
960 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
2284 C:\Windows\System32\msiexec.exe
1152 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
8960 C:\Program Files (x86)\Internet Explorer\iexplore.exe
8608 C:\Program Files (x86)\Internet Explorer\iexplore.exe
8200 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
8424 C:\Windows\System32\taskmgr.exe
11976 C:\Program Files\Windows Server\Bin\runtask.exe
4876 C:\Windows\servicing\TrustedInstaller.exe
12260 dllhost.exe
9568 dllhost.exe
11528 C:\Users\Andy\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\O: -->
Here is the Log from MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x03c0401c
Kernel Drivers (total 161):
0x02647000 \SystemRoot\system32\ntoskrnl.exe
0x02601000 \SystemRoot\system32\hal.dll
0x0060C000 \SystemRoot\system32\kdcom.dll
0x00616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00651000 \SystemRoot\system32\PSHED.dll
0x00665000 \SystemRoot\system32\CLFS.SYS
0x006C2000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00774000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B0000 \SystemRoot\system32\drivers\intelide.sys
0x009B8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A02000 \SystemRoot\system32\drivers\iastorv.sys
0x00AC7000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00BE3000 \SystemRoot\system32\drivers\atapi.sys
0x009DB000 \SystemRoot\system32\drivers\ataport.SYS
0x00C0C000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C53000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C67000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E02000 \SystemRoot\system32\drivers\ndis.sys
0x00CEE000 \SystemRoot\system32\drivers\msrpc.sys
0x00D3E000 \SystemRoot\system32\drivers\NETIO.SYS
0x01007000 \SystemRoot\System32\drivers\tcpip.sys
0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
0x013D9000 \SystemRoot\System32\Drivers\mup.sys
0x011A7000 \SystemRoot\System32\drivers\ecache.sys
0x011D3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013EB000 \SystemRoot\system32\drivers\disk.sys
0x00FC5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02932000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0293F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02948000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02A00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x036AE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x036B3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03796000 \SystemRoot\System32\drivers\watchdog.sys
0x03803000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x038F0000 \SystemRoot\system32\DRIVERS\e1e6032e.sys
0x03943000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0394F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03995000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B71000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03B83000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03B93000 \SystemRoot\system32\DRIVERS\parport.sys
0x03BAF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03BC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03BD3000 \SystemRoot\system32\DRIVERS\serial.sys
0x03BF0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x039A6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039C2000 \SystemRoot\system32\DRIVERS\BackupReader.sys
0x03A00000 \SystemRoot\system32\DRIVERS\dsNcAdX64.sys
0x03BFC000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x039D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x039E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x037A6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0295B000 \SystemRoot\system32\DRIVERS\storport.sys
0x039EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x029B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x037DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00D97000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x037EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x029DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03C08000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03CA2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CB5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03CC1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03CC3000 \SystemRoot\system32\DRIVERS\ks.sys
0x03CF7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D02000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D12000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D5A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03D65000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x03D6C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03D80000 \SystemRoot\system32\drivers\stwrt64.sys
0x04608000 \SystemRoot\system32\drivers\portcls.sys
0x04643000 \SystemRoot\system32\drivers\drmk.sys
0x04666000 \SystemRoot\system32\drivers\ksthunk.sys
0x0466C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0469D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x046A7000 \SystemRoot\System32\Drivers\Null.SYS
0x046BB000 \SystemRoot\System32\drivers\vga.sys
0x046C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x046EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x046F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04700000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0470B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0471C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04725000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04742000 \SystemRoot\system32\DRIVERS\smb.sys
0x0475D000 \SystemRoot\system32\drivers\afd.sys
0x0480F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04853000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04871000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04880000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0489B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x048E8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048F4000 \SystemRoot\system32\drivers\csc.sys
0x0496A000 \SystemRoot\System32\Drivers\dfsc.sys
0x04987000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04997000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04999000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x049A2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x049BE000 \SystemRoot\System32\Drivers\nx6000.sys
0x049CB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x047C8000 \SystemRoot\system32\drivers\usbaudio.sys
0x047E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x03DE3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x0291C000 \SystemRoot\System32\drivers\Dxapi.sys
0x00DE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x007DA000 \SystemRoot\system32\drivers\luafv.sys
0x00BEB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x09400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x09434000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0943F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09457000 \SystemRoot\system32\drivers\spsys.sys
0x094F1000 \SystemRoot\system32\drivers\HTTP.sys
0x09594000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x095BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x095DB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A004000 \SystemRoot\system32\drivers\mrxdav.sys
0x0A02B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A054000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A09D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0A0BC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A0EE000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A181000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x0A191000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A19C000 \??\C:\Windows\system32\drivers\aksdf.sys
0x0A1AC000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A1E1000 \??\C:\Windows\system32\drivers\aksfridge.sys
0x0980E000 \??\C:\Windows\system32\drivers\hardlock.sys
0x0985B000 \SystemRoot\system32\drivers\peauth.sys
0x09911000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0991C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0992C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0994C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x09962000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x0997A000 \SystemRoot\system32\drivers\tdtcp.sys
0x09987000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x09995000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x099D1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x099ED000 \??\C:\Users\Andy\AppData\Local\Temp\aswMBR.sys
0x03A0C000 \SystemRoot\system32\DRIVERS\athrx.sys
0x77550000 \Windows\System32\ntdll.dll
Processes (total 97):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
532 csrss.exe
592 csrss.exe
600 C:\Windows\System32\wininit.exe
644 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
932 C:\Windows\System32\svchost.exe
1016 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
512 C:\Windows\System32\svchost.exe
632 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\SLsvc.exe
1232 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1244 C:\Windows\System32\nvvsvc.exe
1264 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\wisptis.exe
1456 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1488 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\spoolsv.exe
1876 C:\Windows\System32\svchost.exe
1708 C:\Windows\SysWOW64\svchost.exe
2264 C:\Windows\SysWOW64\svchost.exe
2320 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
2440 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
2460 C:\Windows\System32\svchost.exe
2472 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
2536 C:\Windows\System32\svchost.exe
2548 C:\Windows\System32\svchost.exe
2568 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\VSSVC.exe
2744 C:\Windows\System32\svchost.exe
2760 C:\Program Files\Windows Server\Bin\WhsMcClient.exe
2804 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2820 C:\Windows\System32\taskeng.exe
2884 C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
2952 C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
3028 WUDFHost.exe
1304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2492 C:\Windows\System32\Tablet.exe
3120 C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
3296 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3336 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3380 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3452 C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
3812 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
1664 C:\Windows\System32\svchost.exe
4120 C:\Windows\ehome\ehrecvr.exe
4136 C:\Windows\ehome\ehsched.exe
4204 C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
4376 C:\Windows\System32\svchost.exe
4412 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4584 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4624 C:\Windows\System32\svchost.exe
4656 C:\Program Files\Windows Media Player\wmpnetwk.exe
3448 C:\Windows\System32\dwm.exe
4312 C:\Windows\System32\taskeng.exe
4852 C:\Windows\System32\wisptis.exe
2892 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1668 C:\Windows\explorer.exe
5132 C:\Windows\System32\WTablet\TabUserW.exe
5148 C:\Windows\System32\Tablet.exe
5480 WmiPrvSE.exe
5664 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
5748 C:\Windows\WindowsMobile\wmdc.exe
5784 C:\Windows\sttray64.exe
5792 C:\Program Files\Zune\ZuneLauncher.exe
5800 C:\Program Files\Microsoft Security Client\msseces.exe
5808 C:\Program Files\Windows Server\Bin\Launchpad.exe
5816 C:\Program Files\Windows Sidebar\sidebar.exe
6000 C:\Program Files\BOINC\boincmgr.exe
6012 C:\Program Files\BOINC\boinctray.exe
3944 C:\Program Files\BOINC\boinc.exe
4036 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
1372 C:\Windows\System32\LMabcoms.exe
5980 C:\Program Files\Windows Sidebar\sidebar.exe
5428 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
2064 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
960 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
2284 C:\Windows\System32\msiexec.exe
1152 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
8960 C:\Program Files (x86)\Internet Explorer\iexplore.exe
8608 C:\Program Files (x86)\Internet Explorer\iexplore.exe
8200 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
8424 C:\Windows\System32\taskmgr.exe
11976 C:\Program Files\Windows Server\Bin\runtask.exe
4876 C:\Windows\servicing\TrustedInstaller.exe
12260 dllhost.exe
9568 dllhost.exe
11528 C:\Users\Andy\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\O: -->
OTL appears to Hang
When I run OTL as directed it begins it's scan with the words "Getting Drive Info" in the bottom of the the window, then hangs. I can reboot if you like and try again (there were several hung windows open that I forceably quit including OTH) but a reboot on this machine will take several hours.
--Andy
When I run OTL as directed it begins it's scan with the words "Getting Drive Info" in the bottom of the the window, then hangs. I can reboot if you like and try again (there were several hung windows open that I forceably quit including OTH) but a reboot on this machine will take several hours.
--Andy
ken545
Emeritus-Security Expert
Try this one in lew of OTL
Download OTS.exe by OldTimer to your Desktop.
Download OTS.exe by OldTimer to your Desktop.
- Close any open browsers.
- Double-click on OTS.exe to start the program.
- Leave all settings as they appear as default, except for the following:
- Under Drivers, select "All".
- Under Additional Scans, click on the "Extra" button.
- Now click the Run Scan button on the toolbar.
- The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Save that notepad file
ken545
Emeritus-Security Expert
Ok, looks like your computer has some serious issues.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ken545
Emeritus-Security Expert
Andy, try running it in Safemode
To Enter Safemode
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
- Then press the Enter Key on your Keyboard