bearman
2013-03-29, 18:12
Erunt link per sticky note does not open ?
found and deleted search protect in programs and features, but it keeps coming back each time computer is restarted. following is what i believe is asked for. Erunt link won't open /
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by owner at 12:19:35 on 2013-03-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2510 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\vVX3000.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SelectionLinksBHO Class: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - LocalServer32 - <no file>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\users\owner\appdata\roaming\SearchProtect"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2355BBAB-36D4-43BB-933D-BB8CA93B184C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{79103156-EA72-47F5-B82D-6E83A8A3BA76} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8DDE8485-AAD9-4154-8643-9790337DE667} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{972CFF22-923E-4FB9-A445-B2B6ECEE2CDC} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-8-23 12464]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2013-3-29 578368]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-1-29 451072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-10-20 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-10-20 8456]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2012-10-20 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-15 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-15 49664]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-21 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2011-8-30 500736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-29 15:51:27 -------- d-----w- c:\users\owner\appdata\PerformerSoft
2013-03-29 15:51:25 18096 ----a-w- c:\windows\system32\roboot.exe
2013-03-29 15:50:49 -------- d-----w- c:\users\owner\appdata\SearchProtect
2013-03-29 15:50:13 -------- d-----w- c:\users\owner\appdata\File Scout
2013-03-29 15:50:11 -------- d-----w- c:\programdata\IBUpdaterService
2013-03-29 14:55:52 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c29b2d8d-4ea0-4a96-8a51-36f57b8c8c73}\mpengine.dll
2013-03-29 12:38:06 -------- d-----w- C:\components
2013-03-25 22:39:44 -------- d-----w- c:\users\owner\appdata\WinBatch
2013-03-22 23:57:44 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-22 23:57:16 -------- d-sh--w- C:\AI_RecycleBin
2013-03-22 20:14:20 388096 ----a-r- c:\users\owner\appdata\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-03-22 19:32:46 -------- d-----w- c:\users\owner\appdata\local\WinZip
2013-03-21 17:24:01 -------- d-----w- c:\users\owner\appdata\local\AVG SafeGuard toolbar
2013-03-21 17:23:37 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-03-21 17:23:34 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-03-15 17:40:48 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-15 17:40:48 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-15 17:40:48 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-15 17:39:23 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-15 17:39:23 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-15 17:39:22 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-15 17:39:22 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-15 17:39:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-15 17:39:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-15 17:39:20 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-15 17:36:09 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-15 17:31:31 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-03-15 17:30:27 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-03-15 17:29:56 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-03-13 21:14:39 -------- d-----w- c:\program files\Conduit
2013-03-13 21:14:35 -------- d-----w- c:\users\owner\appdata\local\Conduit
2013-03-07 15:43:41 -------- d-----w- c:\programdata\Licenses
2013-03-04 17:57:56 -------- dc----w- c:\users\owner\appdata\local\MigWiz
2013-02-27 17:17:30 -------- d-----w- c:\programdata\Visan
2013-02-27 17:17:30 -------- d-----w- c:\programdata\PrintProjects
2013-02-27 17:17:30 -------- d-----w- c:\program files\PrintProjects
2013-02-27 17:16:10 -------- d-----w- c:\users\owner\appdata\local\Eastman_Kodak_Company
2013-02-27 17:15:03 -------- d-----w- c:\users\owner\appdata\local\Eastman Kodak Company
2013-02-27 17:14:23 -------- d-----w- c:\windows\system32\kodak
2013-02-27 16:58:31 -------- d-----w- c:\program files\Kodak
2013-02-27 16:52:08 -------- d-----w- c:\users\owner\appdata\Temp
2013-02-27 16:52:08 -------- d-----w- c:\programdata\Kodak
.
==================== Find3M ====================
.
2013-03-12 21:25:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 21:25:06 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 13:37:29 981504 ----a-w- c:\windows\system32\wininet.dll
2013-02-28 11:38:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-26 04:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-26 04:22:36 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-26 04:22:34 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-26 04:22:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-26 04:22:32 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-26 04:22:32 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-26 04:22:30 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-26 04:22:26 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-26 04:22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-26 04:22:08 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-26 04:22:06 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-26 04:22:06 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-18 14:21:00 4133664 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 14:21:00 3005728 ----a-w- c:\windows\system32\nvsvc.dll
2013-01-18 14:20:08 639776 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 14:20:08 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 14:20:08 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 14:20:08 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 12:15:24 550176 ----a-w- c:\windows\system32\nvStreaming.exe
2013-01-17 05:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-16 09:51:14 163328 ----a-w- c:\windows\system32\EKAiO2COI11.dll
2013-01-16 09:51:14 1374720 ----a-w- c:\windows\system32\EKAiO2MON.dll
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
============= FINISH: 12:20:34.06 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-29 12:34:07
-----------------------------
12:34:07.328 OS Version: Windows 6.1.7601 Service Pack 1
12:34:07.328 Number of processors: 2 586 0x404
12:34:07.328 ComputerName: OWNER-PC UserName: owner
12:34:08.279 Initialize success
12:34:22.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:34:22.578 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
12:34:22.687 Disk 0 MBR read successfully
12:34:22.687 Disk 0 MBR scan
12:34:22.687 Disk 0 Windows 7 default MBR code
12:34:22.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:34:22.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:34:22.703 Disk 0 scanning sectors +976771072
12:34:22.750 Disk 0 scanning C:\Windows\system32\drivers
12:34:28.693 Service scanning
12:34:40.003 Modules scanning
12:34:44.621 Disk 0 trace - called modules:
12:34:44.652 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
12:34:44.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86517030]
12:34:44.668 3 CLASSPNP.SYS[8c7a659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8642d030]
12:34:44.683 Scan finished successfully
12:35:04.027 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
12:35:04.027 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
attach zip file attached.
now downloaded and registry copy saved....................
wheres all the help !!
Please post and acknowledge then I may merge posts.
ok, i got it now.
found and deleted search protect in programs and features, but it keeps coming back each time computer is restarted. following is what i believe is asked for. Erunt link won't open /
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by owner at 12:19:35 on 2013-03-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2510 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\vVX3000.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SelectionLinksBHO Class: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - LocalServer32 - <no file>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\users\owner\appdata\roaming\SearchProtect"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2355BBAB-36D4-43BB-933D-BB8CA93B184C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{79103156-EA72-47F5-B82D-6E83A8A3BA76} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8DDE8485-AAD9-4154-8643-9790337DE667} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{972CFF22-923E-4FB9-A445-B2B6ECEE2CDC} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-8-23 12464]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2013-3-29 578368]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-1-29 451072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-10-20 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-10-20 8456]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2012-10-20 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-15 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-15 49664]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-21 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2011-8-30 500736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-29 15:51:27 -------- d-----w- c:\users\owner\appdata\PerformerSoft
2013-03-29 15:51:25 18096 ----a-w- c:\windows\system32\roboot.exe
2013-03-29 15:50:49 -------- d-----w- c:\users\owner\appdata\SearchProtect
2013-03-29 15:50:13 -------- d-----w- c:\users\owner\appdata\File Scout
2013-03-29 15:50:11 -------- d-----w- c:\programdata\IBUpdaterService
2013-03-29 14:55:52 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c29b2d8d-4ea0-4a96-8a51-36f57b8c8c73}\mpengine.dll
2013-03-29 12:38:06 -------- d-----w- C:\components
2013-03-25 22:39:44 -------- d-----w- c:\users\owner\appdata\WinBatch
2013-03-22 23:57:44 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-22 23:57:16 -------- d-sh--w- C:\AI_RecycleBin
2013-03-22 20:14:20 388096 ----a-r- c:\users\owner\appdata\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-03-22 19:32:46 -------- d-----w- c:\users\owner\appdata\local\WinZip
2013-03-21 17:24:01 -------- d-----w- c:\users\owner\appdata\local\AVG SafeGuard toolbar
2013-03-21 17:23:37 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-03-21 17:23:34 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-03-15 17:40:48 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-15 17:40:48 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-15 17:40:48 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-15 17:39:23 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-15 17:39:23 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-15 17:39:22 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-15 17:39:22 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-15 17:39:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-15 17:39:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-15 17:39:20 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-15 17:36:09 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-15 17:31:31 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-03-15 17:30:27 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-03-15 17:29:56 317440 ----a-w- c:\windows\system32\spoolsv.exe
2013-03-13 21:14:39 -------- d-----w- c:\program files\Conduit
2013-03-13 21:14:35 -------- d-----w- c:\users\owner\appdata\local\Conduit
2013-03-07 15:43:41 -------- d-----w- c:\programdata\Licenses
2013-03-04 17:57:56 -------- dc----w- c:\users\owner\appdata\local\MigWiz
2013-02-27 17:17:30 -------- d-----w- c:\programdata\Visan
2013-02-27 17:17:30 -------- d-----w- c:\programdata\PrintProjects
2013-02-27 17:17:30 -------- d-----w- c:\program files\PrintProjects
2013-02-27 17:16:10 -------- d-----w- c:\users\owner\appdata\local\Eastman_Kodak_Company
2013-02-27 17:15:03 -------- d-----w- c:\users\owner\appdata\local\Eastman Kodak Company
2013-02-27 17:14:23 -------- d-----w- c:\windows\system32\kodak
2013-02-27 16:58:31 -------- d-----w- c:\program files\Kodak
2013-02-27 16:52:08 -------- d-----w- c:\users\owner\appdata\Temp
2013-02-27 16:52:08 -------- d-----w- c:\programdata\Kodak
.
==================== Find3M ====================
.
2013-03-12 21:25:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 21:25:06 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 13:37:29 981504 ----a-w- c:\windows\system32\wininet.dll
2013-02-28 11:38:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-26 04:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-26 04:22:36 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-26 04:22:34 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-26 04:22:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-26 04:22:32 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-26 04:22:32 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-26 04:22:30 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-26 04:22:26 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-26 04:22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-26 04:22:08 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-26 04:22:06 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-26 04:22:06 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-18 14:21:00 4133664 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 14:21:00 3005728 ----a-w- c:\windows\system32\nvsvc.dll
2013-01-18 14:20:08 639776 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 14:20:08 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 14:20:08 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 14:20:08 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 12:15:24 550176 ----a-w- c:\windows\system32\nvStreaming.exe
2013-01-17 05:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-16 09:51:14 163328 ----a-w- c:\windows\system32\EKAiO2COI11.dll
2013-01-16 09:51:14 1374720 ----a-w- c:\windows\system32\EKAiO2MON.dll
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
============= FINISH: 12:20:34.06 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-29 12:34:07
-----------------------------
12:34:07.328 OS Version: Windows 6.1.7601 Service Pack 1
12:34:07.328 Number of processors: 2 586 0x404
12:34:07.328 ComputerName: OWNER-PC UserName: owner
12:34:08.279 Initialize success
12:34:22.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:34:22.578 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
12:34:22.687 Disk 0 MBR read successfully
12:34:22.687 Disk 0 MBR scan
12:34:22.687 Disk 0 Windows 7 default MBR code
12:34:22.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:34:22.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:34:22.703 Disk 0 scanning sectors +976771072
12:34:22.750 Disk 0 scanning C:\Windows\system32\drivers
12:34:28.693 Service scanning
12:34:40.003 Modules scanning
12:34:44.621 Disk 0 trace - called modules:
12:34:44.652 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
12:34:44.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86517030]
12:34:44.668 3 CLASSPNP.SYS[8c7a659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8642d030]
12:34:44.683 Scan finished successfully
12:35:04.027 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
12:35:04.027 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
attach zip file attached.
now downloaded and registry copy saved....................
wheres all the help !!
Please post and acknowledge then I may merge posts.
ok, i got it now.