Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU Utilization


  • This topic is locked This topic is locked
7 replies to this topic

#1 deeply_lost

deeply_lost

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 10 June 2012 - 07:55 AM

Found a post from a user with the same issue and performed the mbr.exe and mbrcheck.exe the following were the results of those two executibles. I am ready to begin a repair of the MBR on the two drives listed drive H: is an USB attached Backup drive. Currently is it not connected to my laptop. I am hopeful that I can proceed to clean the laptop and then the backup drive but your assistance on this will be followed to the letter. Reference rikvm_C6F09094.sys What Is this Nortorn Power Eraser Keeps catching this file (posted September 9, 2011) Thanks in advnace. deeply_lost

Results of Mbr.exe:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

Results of mbrcheck.exe

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x000000dc

Kernel Drivers (total 205):
0x02C51000 \SystemRoot\system32\ntoskrnl.exe
0x02C08000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00C03000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C52000 \SystemRoot\system32\PSHED.dll
0x00C66000 \SystemRoot\system32\CLFS.SYS
0x00CC4000 \SystemRoot\system32\CI.dll
0x00E1D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED0000 \SystemRoot\system32\drivers\ACPI.sys
0x00F27000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F30000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F3A000 \SystemRoot\system32\drivers\pci.sys
0x00F6D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F7A000 \SystemRoot\System32\drivers\partmgr.sys
0x00F8F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F98000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FA4000 \SystemRoot\system32\drivers\volmgr.sys
0x00D84000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB9000 \SystemRoot\System32\drivers\mountmgr.sys
0x01074000 \SystemRoot\system32\drivers\vmbus.sys
0x010B0000 \SystemRoot\system32\drivers\winhv.sys
0x01215000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01369000 \SystemRoot\system32\drivers\atapi.sys
0x01372000 \SystemRoot\system32\drivers\ataport.SYS
0x0139C000 \SystemRoot\system32\drivers\msahci.sys
0x013A7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x013B7000 \SystemRoot\system32\drivers\amdxata.sys
0x010C4000 \SystemRoot\system32\drivers\fltmgr.sys
0x01110000 \SystemRoot\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
0x013C2000 \SystemRoot\system32\drivers\fileinfo.sys
0x0149B000 \SystemRoot\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
0x01622000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
0x017C5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01181000 \SystemRoot\System32\Drivers\cng.sys
0x017E0000 \SystemRoot\System32\drivers\pcw.sys
0x017F1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0187B000 \SystemRoot\system32\drivers\ndis.sys
0x0196E000 \SystemRoot\system32\drivers\NETIO.SYS
0x019CE000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A3E000 \SystemRoot\System32\drivers\tcpip.sys
0x01C41000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01C8B000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01C9B000 \SystemRoot\system32\DRIVERS\wd.sys
0x01CA3000 \SystemRoot\system32\drivers\volsnap.sys
0x01CEF000 \SystemRoot\System32\Drivers\spldr.sys
0x01CF7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01D31000 \SystemRoot\System32\Drivers\mup.sys
0x01D43000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D4C000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01D56000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D90000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DA6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x031A1000 \SystemRoot\system32\drivers\cdrom.sys
0x031CB000 \SystemRoot\system32\drivers\N360x64\0602010.005\ccSetx64.sys
0x03000000 \SystemRoot\system32\drivers\N360x64\0602010.005\Ironx64.SYS
0x03031000 \SystemRoot\System32\Drivers\Null.SYS
0x031F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01DE4000 \SystemRoot\System32\drivers\vga.sys
0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
0x01A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01800000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01809000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01814000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01825000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01847000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0427C000 \SystemRoot\system32\drivers\afd.sys
0x04305000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0434A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04353000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04379000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0438F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0439E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043B9000 \SystemRoot\system32\drivers\termdd.sys
0x04200000 \SystemRoot\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
0x0145E000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x043CD000 \SystemRoot\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
0x015AC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043E2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043EE000 \SystemRoot\system32\drivers\mssmbios.sys
0x04623000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120608.001\IDSvia64.sys
0x046A0000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0471A000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04740000 \SystemRoot\System32\drivers\discache.sys
0x0474F000 \SystemRoot\system32\drivers\csc.sys
0x047D2000 \SystemRoot\System32\Drivers\dfsc.sys
0x04600000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0446C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
0x0458C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x045B2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04400000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x05011000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04831000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04925000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0496B000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0498F000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x049A0000 \SystemRoot\system32\drivers\usbehci.sys
0x01000000 \SystemRoot\system32\drivers\USBPORT.SYS
0x05C9F000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x0650B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06518000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0656E000 \SystemRoot\system32\drivers\i8042prt.sys
0x0658C000 \SystemRoot\system32\drivers\kbdclass.sys
0x0401C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04177000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04179000 \SystemRoot\system32\drivers\mouclass.sys
0x04188000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04195000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x041A1000 \SystemRoot\system32\drivers\wmiacpi.sys
0x041AA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x041C0000 \SystemRoot\system32\drivers\CompositeBus.sys
0x041D0000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x0659B000 \SystemRoot\system32\DRIVERS\ks.sys
0x041D6000 \SystemRoot\system32\drivers\ksthunk.sys
0x041DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05C36000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05C5A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x065DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x049B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05C89000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05C94000 \SystemRoot\system32\DRIVERS\serscan.sys
0x041FE000 \SystemRoot\system32\drivers\swenum.sys
0x049CB000 \SystemRoot\system32\DRIVERS\circlass.sys
0x049DD000 \SystemRoot\system32\drivers\umbus.sys
0x06C2F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06C89000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06C9E000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x06CC1000 \SystemRoot\system32\drivers\portcls.sys
0x06CFE000 \SystemRoot\system32\drivers\drmk.sys
0x06D20000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06DA2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0303A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06DB0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x06DC3000 \SystemRoot\System32\drivers\Dxapi.sys
0x06DCF000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x06DEA000 \SystemRoot\system32\drivers\WinUSB.SYS
0x06C00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04800000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06C1D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00720000 \SystemRoot\System32\cdd.dll
0x057CC000 \SystemRoot\system32\drivers\luafv.sys
0x0444A000 \SystemRoot\system32\drivers\WudfPf.sys
0x045B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x066B4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06707000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0671A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06732000 \SystemRoot\system32\drivers\HTTP.sys
0x06600000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0661E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06636000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06663000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x045CC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08247000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
0x0881C000 \SystemRoot\system32\drivers\peauth.sys
0x088C2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x088CD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x088FE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08910000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08CA0000 \SystemRoot\System32\DRIVERS\srv.sys
0x08D38000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x094F3000 \SystemRoot\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
0x09602000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120608.033\EX64.SYS
0x095B2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120608.033\ENG64.SYS
0x09400000 \SystemRoot\system32\drivers\spsys.sys
0x77890000 \Windows\System32\ntdll.dll
0x483C0000 \Windows\System32\smss.exe
0xFFBB0000 \Windows\System32\apisetschema.dll
0xFF410000 \Windows\System32\autochk.exe
0xFFB20000 \Windows\System32\shlwapi.dll
0xFFB10000 \Windows\System32\lpk.dll
0x77A60000 \Windows\System32\normaliz.dll
0xFFAB0000 \Windows\System32\Wldap32.dll
0xFFA80000 \Windows\System32\imm32.dll
0xFF970000 \Windows\System32\msctf.dll
0x77730000 \Windows\System32\wininet.dll
0xFF8A0000 \Windows\System32\usp10.dll
0x77A50000 \Windows\System32\psapi.dll
0xFF880000 \Windows\System32\imagehlp.dll
0xFF7E0000 \Windows\System32\comdlg32.dll
0xFEA50000 \Windows\System32\shell32.dll
0x77520000 \Windows\System32\iertutil.dll
0xFE840000 \Windows\System32\ole32.dll
0xFE7F0000 \Windows\System32\ws2_32.dll
0xFE710000 \Windows\System32\advapi32.dll
0xFE670000 \Windows\System32\clbcatq.dll
0xFE650000 \Windows\System32\sechost.dll
0xFE5D0000 \Windows\System32\difxapi.dll
0xFE4F0000 \Windows\System32\oleaut32.dll
0xFE480000 \Windows\System32\gdi32.dll
0xFE2A0000 \Windows\System32\setupapi.dll
0x77420000 \Windows\System32\user32.dll
0x772D0000 \Windows\System32\urlmon.dll
0xFE170000 \Windows\System32\rpcrt4.dll
0x771B0000 \Windows\System32\kernel32.dll
0xFE160000 \Windows\System32\nsi.dll
0xFE0C0000 \Windows\System32\msvcrt.dll
0xFE020000 \Windows\System32\comctl32.dll

Processes (total 104):
0 System Idle Process
4 System
372 C:\Windows\System32\smss.exe
488 csrss.exe
568 C:\Windows\System32\wininit.exe
592 csrss.exe
632 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\atiesrxx.exe
1004 C:\Windows\System32\svchost.exe
400 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
492 C:\Program Files\IDT\WDM\stacsv64.exe
1248 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\hpservice.exe
1348 C:\Windows\System32\vcsFPService.exe
1408 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\atieclxx.exe
1624 C:\Windows\System32\spoolsv.exe
1656 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1748 C:\Windows\System32\svchost.exe
1892 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1920 C:\Program Files\IDT\WDM\AESTSr64.exe
1952 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1972 C:\Windows\System32\CISVC.EXE
2032 C:\Windows\System32\svchost.exe
1036 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1300 C:\Windows\SysWOW64\svchost.exe
1440 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
428 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
2236 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccsvchst.exe
2272 C:\Windows\System32\svchost.exe
2312 C:\Windows\System32\svchost.exe
2340 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2400 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
2448 C:\Windows\System32\svchost.exe
2480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2648 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2784 WmiPrvSE.exe
2932 C:\Windows\System32\svchost.exe
1876 WUDFHost.exe
2112 C:\Windows\System32\svchost.exe
4044 C:\Windows\System32\SearchIndexer.exe
2992 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
1684 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
296 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
1572 WmiPrvSE.exe
2684 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1596 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3328 C:\Program Files\Windows Media Player\wmpnetwk.exe
3508 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3472 C:\Windows\System32\taskhost.exe
3912 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccsvchst.exe
2168 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
2512 C:\Windows\System32\dwm.exe
472 C:\Windows\explorer.exe
4212 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4232 C:\Program Files\IDT\WDM\sttray64.exe
4300 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
4312 C:\Program Files\Zune\ZuneLauncher.exe
4332 C:\Program Files\Windows Sidebar\sidebar.exe
4436 C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
4476 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4512 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
4580 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4684 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
4692 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4740 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
4832 C:\Windows\System32\rundll32.exe
5060 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
4192 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
820 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
1096 C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
4624 C:\Windows\SysWOW64\rundll32.exe
5556 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
5640 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
6004 C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
6016 C:\Windows\System32\svchost.exe
5328 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
5580 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
3884 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
5456 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4496 C:\Windows\System32\taskeng.exe
5824 C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
3952 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
5476 dllhost.exe
6300 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
6380 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4676 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
6696 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
7096 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1092 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5360 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
1000 C:\Windows\System32\svchost.exe
7120 C:\Windows\System32\notepad.exe
6904 C:\Windows\System32\taskeng.exe
2944 C:\Windows\System32\audiodg.exe
6908 C:\Users\Larry\Desktop\MBRCheck.exe
4504 C:\Windows\System32\sppsvc.exe
6272 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e0`f0300000 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1059GSMP, Rev: GU001C
PhysicalDrive2 Model Number: SeagateGoFlex Desk, Rev: 0D19

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F38DCB39955652E381108DE3B54454598879EC9B
1863 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Edited by deeply_lost, 10 June 2012 - 10:25 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 AM

Posted 10 June 2012 - 05:31 PM

Please run item 2.

Then

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 deeply_lost

deeply_lost
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 11 June 2012 - 09:49 AM

Ran Option 2 from MBRcheck as requested, then ran th aswMBR scan and here are the results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 09:30:09
-----------------------------
09:30:09.606 OS Version: Windows x64 6.1.7601 Service Pack 1
09:30:09.606 Number of processors: 8 586 0x2A07
09:30:09.606 ComputerName: LARRYSBUSINESS UserName: Larry
09:30:11.603 Initialize success
09:30:18.919 AVAST engine defs: 12061100
09:30:54.846 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:30:54.862 Disk 0 Vendor: TOSHIBA_ GU00 Size: 953869MB BusType: 3
09:30:54.877 Disk 0 MBR read successfully
09:30:54.877 Disk 0 MBR scan
09:30:54.893 Disk 0 unknown MBR code
09:30:54.908 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:30:54.924 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 921147 MB offset 409600
09:30:54.971 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 32419 MB offset 1886918656
09:30:55.002 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1953312768
09:30:55.049 Disk 0 scanning C:\Windows\system32\drivers
09:31:05.524 Service scanning
09:31:58.736 Modules scanning
09:31:58.751 Disk 0 trace - called modules:
09:31:58.767 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
09:31:58.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800807f790]
09:31:58.782 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8007f82b10]
09:31:58.782 5 hpdskflt.sys[fffff88001dd8289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e36050]
09:32:00.218 AVAST engine scan C:\Windows
09:32:03.946 AVAST engine scan C:\Windows\system32
09:36:28.757 AVAST engine scan C:\Windows\system32\drivers
09:36:49.848 AVAST engine scan C:\Users\Larry
09:39:04.289 AVAST engine scan C:\ProgramData
09:42:26.824 Scan finished successfully
09:43:56.696 Disk 0 MBR has been saved successfully to "C:\Users\Larry\Desktop\MBR.dat"
09:43:56.696 The log file has been saved successfully to "C:\Users\Larry\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 AM

Posted 11 June 2012 - 08:33 PM

Forgot to have you do this..
Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.


One more please.
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 deeply_lost

deeply_lost
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 11 June 2012 - 10:34 PM

Results of MBR.exe:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

======================================================================================
TDSSKiller report: (Note it did not require a reboot)

22:31:00.0531 6348 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:31:01.0124 6348 ============================================================
22:31:01.0124 6348 Current date / time: 2012/06/11 22:31:01.0124
22:31:01.0124 6348 SystemInfo:
22:31:01.0124 6348
22:31:01.0124 6348 OS Version: 6.1.7601 ServicePack: 1.0
22:31:01.0124 6348 Product type: Workstation
22:31:01.0124 6348 ComputerName: LARRYSBUSINESS
22:31:01.0124 6348 UserName: Larry
22:31:01.0124 6348 Windows directory: C:\Windows
22:31:01.0124 6348 System windows directory: C:\Windows
22:31:01.0124 6348 Running under WOW64
22:31:01.0124 6348 Processor architecture: Intel x64
22:31:01.0124 6348 Number of processors: 8
22:31:01.0124 6348 Page size: 0x1000
22:31:01.0124 6348 Boot type: Normal boot
22:31:01.0124 6348 ============================================================
22:31:01.0701 6348 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:01.0717 6348 ============================================================
22:31:01.0717 6348 \Device\Harddisk0\DR0:
22:31:01.0717 6348 MBR partitions:
22:31:01.0717 6348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:31:01.0717 6348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x7071D800
22:31:01.0717 6348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x70781800, BlocksNum 0x3F51800
22:31:01.0717 6348 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x746D3000, BlocksNum 0x335B0
22:31:01.0717 6348 ============================================================
22:31:01.0717 6348 C: <-> \Device\Harddisk0\DR0\Partition1
22:31:01.0764 6348 D: <-> \Device\Harddisk0\DR0\Partition2
22:31:01.0764 6348 ============================================================
22:31:01.0764 6348 Initialize success
22:31:01.0764 6348 ============================================================

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 AM

Posted 12 June 2012 - 08:42 PM

OK,that looks clear,still have the high CPU?

If so we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 deeply_lost

deeply_lost
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 13 June 2012 - 08:00 AM

I am still having high CPU utilization, thanks for your help. I have run the DDS and posted its results and attached the attach.txt as instructed. Again thanks!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 AM

Posted 13 June 2012 - 09:24 PM

You're welcome!
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users