Help
This topic is locked
Download
TDSSkiller
Launch it.Click on change parameters-Select TDLFS file system
Click on "Scan".Please post the LOG report
Download
aswMBR
Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log
Post the log results here
google redirect is fixed, windows firewall error I can't turn windows firewall on
#16
- Forum Addict
-
- Group: BC Advisor
- Posts: 2,735
- Joined: 24-October 11
- Gender:Male
- Location:India
Posted 31 January 2012 - 10:19 PM
Back to top
#17
- Member
-
- Group: Members
- Posts: 30
- Joined: 04-January 12
Posted 01 February 2012 - 04:53 AM
Here is the report of tdsskiller,I can't find the log file,
10:47:47.0560 4720 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:47:48.0174 4720 ============================================================
10:47:48.0174 4720 Current date / time: 2012/02/01 10:47:48.0174
10:47:48.0174 4720 SystemInfo:
10:47:48.0174 4720
10:47:48.0174 4720 OS Version: 6.1.7600 ServicePack: 0.0
10:47:48.0174 4720 Product type: Workstation
10:47:48.0175 4720 ComputerName: LOLA-PC
10:47:48.0175 4720 UserName: lola
10:47:48.0175 4720 Windows directory: C:\Windows
10:47:48.0175 4720 System windows directory: C:\Windows
10:47:48.0175 4720 Running under WOW64
10:47:48.0175 4720 Processor architecture: Intel x64
10:47:48.0175 4720 Number of processors: 4
10:47:48.0175 4720 Page size: 0x1000
10:47:48.0175 4720 Boot type: Normal boot
10:47:48.0175 4720 ============================================================
10:47:48.0984 4720 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:47:48.0999 4720 \Device\Harddisk0\DR0:
10:47:48.0999 4720 GPT used
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00000F79-2389-0000-AE54-00003D270000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {000012A0-2B14-0000-AC7F-0000FF030000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x3A352940
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9ADD74F1-56B0-4259-8EAD-10394B35C1BA}, Name: BOOTCAMP, StartLBA 0x3A3F7000, BlocksNum 0x3A30F800
10:47:49.0000 4720 Initialize success
10:47:49.0000 4720 ============================================================
10:47:50.0987 2680 ============================================================
10:47:50.0987 2680 Scan started
10:47:50.0987 2680 Mode: Manual;
10:47:50.0987 2680 ============================================================
10:47:51.0438 2680 1394ohci - ok
10:47:51.0446 2680 25932738 - ok
10:47:51.0449 2680 ACPI - ok
10:47:51.0451 2680 AcpiPmi - ok
10:47:51.0457 2680 adp94xx - ok
10:47:51.0459 2680 adpahci - ok
10:47:51.0463 2680 adpu320 - ok
10:47:51.0472 2680 AFD - ok
10:47:51.0476 2680 agp440 - ok
10:47:51.0483 2680 aliide - ok
10:47:51.0487 2680 amdide - ok
10:47:51.0490 2680 AmdK8 - ok
10:47:51.0492 2680 amdkmdag - ok
10:47:51.0502 2680 amdkmdap - ok
10:47:51.0505 2680 AmdPPM - ok
10:47:51.0507 2680 amdsata - ok
10:47:51.0509 2680 amdsbs - ok
10:47:51.0511 2680 amdxata - ok
10:47:51.0513 2680 AppID - ok
10:47:51.0524 2680 applebmt - ok
10:47:51.0527 2680 AppleBtBc - ok
10:47:51.0529 2680 AppleHFS - ok
10:47:51.0531 2680 AppleMNT - ok
10:47:51.0535 2680 arc - ok
10:47:51.0537 2680 arcsas - ok
10:47:51.0549 2680 AsyncMac - ok
10:47:51.0551 2680 atapi - ok
10:47:51.0556 2680 athr - ok
10:47:51.0572 2680 b06bdrv - ok
10:47:51.0574 2680 b57nd60a - ok
10:47:51.0578 2680 BC - ok
10:47:51.0581 2680 Beep - ok
10:47:51.0591 2680 blbdrive - ok
10:47:51.0602 2680 bowser - ok
10:47:51.0604 2680 BrFiltLo - ok
10:47:51.0606 2680 BrFiltUp - ok
10:47:51.0609 2680 Brserid - ok
10:47:51.0611 2680 BrSerWdm - ok
10:47:51.0613 2680 BrUsbMdm - ok
10:47:51.0616 2680 BrUsbSer - ok
10:47:51.0618 2680 BthEnum - ok
10:47:51.0620 2680 BTHMODEM - ok
10:47:51.0622 2680 BthPan - ok
10:47:51.0624 2680 BTHPORT - ok
10:47:51.0627 2680 BTHUSB - ok
10:47:51.0637 2680 CBDisk - ok
10:47:51.0639 2680 cdfs - ok
10:47:51.0641 2680 cdrom - ok
10:47:51.0644 2680 circlass - ok
10:47:51.0646 2680 CirrusFilter - ok
10:47:51.0648 2680 CLFS - ok
10:47:51.0654 2680 CmBatt - ok
10:47:51.0656 2680 cmdide - ok
10:47:51.0658 2680 CNG - ok
10:47:51.0660 2680 Compbatt - ok
10:47:51.0662 2680 CompositeBus - ok
10:47:51.0665 2680 crcdisk - ok
10:47:51.0673 2680 DfsC - ok
10:47:51.0676 2680 discache - ok
10:47:51.0678 2680 Disk - ok
10:47:51.0683 2680 drmkaud - ok
10:47:51.0685 2680 DXGKrnl - ok
10:47:51.0688 2680 ebdrv - ok
10:47:51.0693 2680 elxstor - ok
10:47:51.0695 2680 ErrDev - ok
10:47:51.0700 2680 exfat - ok
10:47:51.0702 2680 fastfat - ok
10:47:51.0705 2680 fdc - ok
10:47:51.0709 2680 FileInfo - ok
10:47:51.0711 2680 Filetrace - ok
10:47:51.0716 2680 flpydisk - ok
10:47:51.0718 2680 FltMgr - ok
10:47:51.0722 2680 FsDepends - ok
10:47:51.0724 2680 Fs_Rec - ok
10:47:51.0726 2680 fvevol - ok
10:47:51.0728 2680 gagp30kx - ok
10:47:51.0730 2680 GEARAspiWDM - ok
10:47:51.0733 2680 hcw85cir - ok
10:47:51.0735 2680 HdAudAddService - ok
10:47:51.0737 2680 HDAudBus - ok
10:47:51.0739 2680 HidBatt - ok
10:47:51.0741 2680 HidBth - ok
10:47:51.0743 2680 HidIr - ok
10:47:51.0746 2680 HidUsb - ok
10:47:51.0751 2680 HpSAMD - ok
10:47:51.0753 2680 HTTP - ok
10:47:51.0755 2680 hwpolicy - ok
10:47:51.0757 2680 i8042prt - ok
10:47:51.0759 2680 iaStorV - ok
10:47:51.0762 2680 iirsp - ok
10:47:51.0768 2680 intelide - ok
10:47:51.0771 2680 intelppm - ok
10:47:51.0774 2680 IpFilterDriver - ok
10:47:51.0776 2680 IPMIDRV - ok
10:47:51.0778 2680 IPNAT - ok
10:47:51.0781 2680 IRENUM - ok
10:47:51.0783 2680 IRRemoteFlt - ok
10:47:51.0785 2680 isapnp - ok
10:47:51.0787 2680 iScsiPrt - ok
10:47:51.0790 2680 kbdclass - ok
10:47:51.0792 2680 kbdhid - ok
10:47:51.0793 2680 KeyAgent - ok
10:47:51.0802 2680 KeyMagic - ok
10:47:51.0804 2680 KSecDD - ok
10:47:51.0806 2680 KSecPkg - ok
10:47:51.0809 2680 ksfmonsys - ok
10:47:51.0811 2680 ksthunk - ok
10:47:51.0824 2680 LFSys - ok
10:47:51.0826 2680 lltdio - ok
10:47:51.0831 2680 LSI_FC - ok
10:47:51.0833 2680 LSI_SAS - ok
10:47:51.0835 2680 LSI_SAS2 - ok
10:47:51.0837 2680 LSI_SCSI - ok
10:47:51.0839 2680 luafv - ok
10:47:51.0849 2680 MacHALDriver - ok
10:47:51.0852 2680 MDFSYSNT - ok
10:47:51.0854 2680 MDPMGRNT - ok
10:47:51.0856 2680 megasas - ok
10:47:51.0858 2680 MegaSR - ok
10:47:51.0867 2680 Modem - ok
10:47:51.0869 2680 monitor - ok
10:47:51.0871 2680 mouclass - ok
10:47:51.0873 2680 mouhid - ok
10:47:51.0875 2680 mountmgr - ok
10:47:51.0877 2680 MpFilter - ok
10:47:51.0879 2680 mpio - ok
10:47:51.0881 2680 MpNWMon - ok
10:47:51.0883 2680 mpsdrv - ok
10:47:51.0886 2680 MRxDAV - ok
10:47:51.0888 2680 mrxsmb - ok
10:47:51.0891 2680 mrxsmb10 - ok
10:47:51.0893 2680 mrxsmb20 - ok
10:47:51.0895 2680 msahci - ok
10:47:51.0897 2680 msdsm - ok
10:47:51.0902 2680 Msfs - ok
10:47:51.0904 2680 mshidkmdf - ok
10:47:51.0906 2680 msisadrv - ok
10:47:51.0910 2680 MSKSSRV - ok
10:47:51.0914 2680 MSPCLOCK - ok
10:47:51.0916 2680 MSPQM - ok
10:47:51.0918 2680 MsRPC - ok
10:47:51.0921 2680 mssmbios - ok
10:47:51.0923 2680 MSTEE - ok
10:47:51.0926 2680 MTConfig - ok
10:47:51.0928 2680 Mup - ok
10:47:51.0931 2680 NativeWifiP - ok
10:47:51.0933 2680 NDIS - ok
10:47:51.0935 2680 NdisCap - ok
10:47:51.0937 2680 NdisTapi - ok
10:47:51.0939 2680 Ndisuio - ok
10:47:51.0941 2680 NdisWan - ok
10:47:51.0943 2680 NDProxy - ok
10:47:51.0946 2680 NetBIOS - ok
10:47:51.0948 2680 NetBT - ok
10:47:51.0958 2680 nfrd960 - ok
10:47:51.0960 2680 NisDrv - ok
10:47:51.0964 2680 Npfs - ok
10:47:51.0967 2680 nsiproxy - ok
10:47:51.0970 2680 Ntfs - ok
10:47:51.0973 2680 Null - ok
10:47:51.0975 2680 nvraid - ok
10:47:51.0977 2680 nvstor - ok
10:47:51.0979 2680 nv_agp - ok
10:47:51.0981 2680 ohci1394 - ok
10:47:51.0990 2680 Parport - ok
10:47:51.0992 2680 partmgr - ok
10:47:51.0995 2680 pci - ok
10:47:51.0997 2680 pciide - ok
10:47:51.0999 2680 pcmcia - ok
10:47:52.0001 2680 PCTCore - ok
10:47:52.0004 2680 pctDS - ok
10:47:52.0006 2680 pctEFA - ok
10:47:52.0008 2680 pcw - ok
10:47:52.0010 2680 PEAUTH - ok
10:47:52.0021 2680 Point64 - ok
10:47:52.0026 2680 PptpMiniport - ok
10:47:52.0028 2680 Processor - ok
10:47:52.0032 2680 Prot6Flt - ok
10:47:52.0035 2680 Psched - ok
10:47:52.0037 2680 ql2300 - ok
10:47:52.0039 2680 ql40xx - ok
10:47:52.0042 2680 QWAVEdrv - ok
10:47:52.0044 2680 RasAcd - ok
10:47:52.0046 2680 RasAgileVpn - ok
10:47:52.0049 2680 Rasl2tp - ok
10:47:52.0052 2680 RasPppoe - ok
10:47:52.0055 2680 RasSstp - ok
10:47:52.0068 2680 rdbss - ok
10:47:52.0071 2680 rdpbus - ok
10:47:52.0073 2680 RDPCDD - ok
10:47:52.0076 2680 RDPENCDD - ok
10:47:52.0079 2680 RDPREFMP - ok
10:47:52.0081 2680 RDPWD - ok
10:47:52.0083 2680 rdyboost - ok
10:47:52.0087 2680 RFCOMM - ok
10:47:52.0092 2680 rspndr - ok
10:47:52.0095 2680 SASDIFSV - ok
10:47:52.0098 2680 SASKUTIL - ok
10:47:52.0101 2680 SAVOnAccess - ok
10:47:52.0103 2680 sbp2port - ok
10:47:52.0106 2680 scfilter - ok
10:47:52.0111 2680 secdrv - ok
10:47:52.0116 2680 Serenum - ok
10:47:52.0118 2680 Serial - ok
10:47:52.0120 2680 sermouse - ok
10:47:52.0126 2680 sffdisk - ok
10:47:52.0128 2680 sffp_mmc - ok
10:47:52.0130 2680 sffp_sd - ok
10:47:52.0132 2680 sfloppy - ok
10:47:52.0137 2680 SiSRaid2 - ok
10:47:52.0140 2680 SiSRaid4 - ok
10:47:52.0142 2680 Smb - ok
10:47:52.0147 2680 SophosBootDriver - ok
10:47:52.0150 2680 spldr - ok
10:47:52.0155 2680 srv - ok
10:47:52.0157 2680 srv2 - ok
10:47:52.0159 2680 srvnet - ok
10:47:52.0163 2680 stexstor - ok
10:47:52.0166 2680 SWDUMon - ok
10:47:52.0168 2680 swenum - ok
10:47:52.0177 2680 Tcpip - ok
10:47:52.0179 2680 TCPIP6 - ok
10:47:52.0182 2680 tcpipreg - ok
10:47:52.0185 2680 TDPIPE - ok
10:47:52.0187 2680 TDTCP - ok
10:47:52.0190 2680 tdx - ok
10:47:52.0192 2680 TermDD - ok
10:47:52.0201 2680 tssecsrv - ok
10:47:52.0203 2680 tunnel - ok
10:47:52.0205 2680 uagp35 - ok
10:47:52.0207 2680 udfs - ok
10:47:52.0212 2680 uliagpkx - ok
10:47:52.0214 2680 umbus - ok
10:47:52.0216 2680 UmPass - ok
10:47:52.0220 2680 usbccgp - ok
10:47:52.0222 2680 usbcir - ok
10:47:52.0224 2680 usbehci - ok
10:47:52.0226 2680 usbhub - ok
10:47:52.0228 2680 usbohci - ok
10:47:52.0230 2680 usbprint - ok
10:47:52.0232 2680 USBSTOR - ok
10:47:52.0234 2680 usbuhci - ok
10:47:52.0236 2680 usbvideo - ok
10:47:52.0241 2680 vdrvroot - ok
10:47:52.0244 2680 vga - ok
10:47:52.0245 2680 VgaSave - ok
10:47:52.0247 2680 vhdmp - ok
10:47:52.0250 2680 viaide - ok
10:47:52.0251 2680 volmgr - ok
10:47:52.0253 2680 volmgrx - ok
10:47:52.0256 2680 volsnap - ok
10:47:52.0258 2680 vsmraid - ok
10:47:52.0261 2680 vwifibus - ok
10:47:52.0263 2680 vwififlt - ok
10:47:52.0265 2680 vwifimp - ok
10:47:52.0270 2680 WacomPen - ok
10:47:52.0273 2680 WANARP - ok
10:47:52.0275 2680 Wanarpv6 - ok
10:47:52.0282 2680 Wd - ok
10:47:52.0284 2680 Wdf01000 - ok
10:47:52.0292 2680 WfpLwf - ok
10:47:52.0294 2680 WIMMount - ok
10:47:52.0306 2680 WmiAcpi - ok
10:47:52.0314 2680 ws2ifsl - ok
10:47:52.0320 2680 WudfPf - ok
10:47:52.0322 2680 WUDFRd - ok
10:47:52.0332 2680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:47:52.0379 2680 \Device\Harddisk0\DR0 - ok
10:47:52.0383 2680 Boot (0x1200) (3bbc7c1c8f91845a58ff07219ee597d9) \Device\Harddisk0\DR0\Partition0
10:47:52.0384 2680 \Device\Harddisk0\DR0\Partition0 - ok
10:47:52.0408 2680 Boot (0x1200) (07ae51a5b2b7b7bf9e0b06796fb0146a) \Device\Harddisk0\DR0\Partition1
10:47:52.0408 2680 \Device\Harddisk0\DR0\Partition1 - ok
10:47:52.0411 2680 Boot (0x1200) (b0bc5dfb92fcf605b1ce9cdcfe603613) \Device\Harddisk0\DR0\Partition2
10:47:52.0412 2680 \Device\Harddisk0\DR0\Partition2 - ok
10:47:52.0412 2680 ============================================================
10:47:52.0412 2680 Scan finished
10:47:52.0412 2680 ============================================================
10:47:52.0420 2060 Detected object count: 0
10:47:52.0420 2060 Actual detected object count: 0
Microsoft security essentials says found one Trojan:Win64/Sirefef.M
and here the log file from aswMBR
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 10:52:52
-----------------------------
10:52:52.164 OS Version: Windows x64 6.1.7600
10:52:52.165 Number of processors: 4 586 0x1E05
10:52:52.166 ComputerName: LOLA-PC UserName: lola
10:53:01.495 Initialize success
10:54:37.586 AVAST engine defs: 12012600
10:55:00.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:55:00.153 Disk 0 Vendor: WDC_WD1001FALS-40Y6A0 05.01D06 Size: 953869MB BusType: 3
10:55:00.156 Disk 0 MBR read successfully
10:55:00.158 Disk 0 MBR scan
10:55:00.162 Disk 0 Windows 7 default MBR code
10:55:00.164 Disk 0 MBR hidden
10:55:00.166 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
10:55:00.197 Disk 0 Partition 2 00 AF HFS / HFS+ 476837 MB offset 409640
10:55:00.219 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 476703 MB offset 977235968
10:55:00.243 Service scanning
10:55:00.842 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:55:01.539 Modules scanning
10:55:01.549 Disk 0 trace - called modules:
10:55:01.890 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:55:01.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d61790]
10:55:01.909 3 CLASSPNP.SYS[fffff88001b4a43f] -> nt!IofCallDriver -> [0xfffffa8004bf6b30]
10:55:01.917 5 PCTCore64.sys[fffff8800107f094] -> nt!IofCallDriver -> [0xfffffa8004ad5520]
10:55:01.927 7 ACPI.sys[fffff88000f25781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad7060]
10:55:03.595 AVAST engine scan C:\Windows
10:55:06.088 AVAST engine scan C:\Windows\system32
10:57:56.027 AVAST engine scan C:\Windows\system32\drivers
10:58:06.226 AVAST engine scan C:\Users\lola
10:59:11.771 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
10:59:11.779 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"
11:43:11.505 AVAST engine scan C:\ProgramData
11:46:59.676 Scan finished successfully
11:52:33.191 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
11:52:33.245 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"
Thank you
10:47:47.0560 4720 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:47:48.0174 4720 ============================================================
10:47:48.0174 4720 Current date / time: 2012/02/01 10:47:48.0174
10:47:48.0174 4720 SystemInfo:
10:47:48.0174 4720
10:47:48.0174 4720 OS Version: 6.1.7600 ServicePack: 0.0
10:47:48.0174 4720 Product type: Workstation
10:47:48.0175 4720 ComputerName: LOLA-PC
10:47:48.0175 4720 UserName: lola
10:47:48.0175 4720 Windows directory: C:\Windows
10:47:48.0175 4720 System windows directory: C:\Windows
10:47:48.0175 4720 Running under WOW64
10:47:48.0175 4720 Processor architecture: Intel x64
10:47:48.0175 4720 Number of processors: 4
10:47:48.0175 4720 Page size: 0x1000
10:47:48.0175 4720 Boot type: Normal boot
10:47:48.0175 4720 ============================================================
10:47:48.0984 4720 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:47:48.0999 4720 \Device\Harddisk0\DR0:
10:47:48.0999 4720 GPT used
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00000F79-2389-0000-AE54-00003D270000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {000012A0-2B14-0000-AC7F-0000FF030000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x3A352940
10:47:49.0000 4720 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9ADD74F1-56B0-4259-8EAD-10394B35C1BA}, Name: BOOTCAMP, StartLBA 0x3A3F7000, BlocksNum 0x3A30F800
10:47:49.0000 4720 Initialize success
10:47:49.0000 4720 ============================================================
10:47:50.0987 2680 ============================================================
10:47:50.0987 2680 Scan started
10:47:50.0987 2680 Mode: Manual;
10:47:50.0987 2680 ============================================================
10:47:51.0438 2680 1394ohci - ok
10:47:51.0446 2680 25932738 - ok
10:47:51.0449 2680 ACPI - ok
10:47:51.0451 2680 AcpiPmi - ok
10:47:51.0457 2680 adp94xx - ok
10:47:51.0459 2680 adpahci - ok
10:47:51.0463 2680 adpu320 - ok
10:47:51.0472 2680 AFD - ok
10:47:51.0476 2680 agp440 - ok
10:47:51.0483 2680 aliide - ok
10:47:51.0487 2680 amdide - ok
10:47:51.0490 2680 AmdK8 - ok
10:47:51.0492 2680 amdkmdag - ok
10:47:51.0502 2680 amdkmdap - ok
10:47:51.0505 2680 AmdPPM - ok
10:47:51.0507 2680 amdsata - ok
10:47:51.0509 2680 amdsbs - ok
10:47:51.0511 2680 amdxata - ok
10:47:51.0513 2680 AppID - ok
10:47:51.0524 2680 applebmt - ok
10:47:51.0527 2680 AppleBtBc - ok
10:47:51.0529 2680 AppleHFS - ok
10:47:51.0531 2680 AppleMNT - ok
10:47:51.0535 2680 arc - ok
10:47:51.0537 2680 arcsas - ok
10:47:51.0549 2680 AsyncMac - ok
10:47:51.0551 2680 atapi - ok
10:47:51.0556 2680 athr - ok
10:47:51.0572 2680 b06bdrv - ok
10:47:51.0574 2680 b57nd60a - ok
10:47:51.0578 2680 BC - ok
10:47:51.0581 2680 Beep - ok
10:47:51.0591 2680 blbdrive - ok
10:47:51.0602 2680 bowser - ok
10:47:51.0604 2680 BrFiltLo - ok
10:47:51.0606 2680 BrFiltUp - ok
10:47:51.0609 2680 Brserid - ok
10:47:51.0611 2680 BrSerWdm - ok
10:47:51.0613 2680 BrUsbMdm - ok
10:47:51.0616 2680 BrUsbSer - ok
10:47:51.0618 2680 BthEnum - ok
10:47:51.0620 2680 BTHMODEM - ok
10:47:51.0622 2680 BthPan - ok
10:47:51.0624 2680 BTHPORT - ok
10:47:51.0627 2680 BTHUSB - ok
10:47:51.0637 2680 CBDisk - ok
10:47:51.0639 2680 cdfs - ok
10:47:51.0641 2680 cdrom - ok
10:47:51.0644 2680 circlass - ok
10:47:51.0646 2680 CirrusFilter - ok
10:47:51.0648 2680 CLFS - ok
10:47:51.0654 2680 CmBatt - ok
10:47:51.0656 2680 cmdide - ok
10:47:51.0658 2680 CNG - ok
10:47:51.0660 2680 Compbatt - ok
10:47:51.0662 2680 CompositeBus - ok
10:47:51.0665 2680 crcdisk - ok
10:47:51.0673 2680 DfsC - ok
10:47:51.0676 2680 discache - ok
10:47:51.0678 2680 Disk - ok
10:47:51.0683 2680 drmkaud - ok
10:47:51.0685 2680 DXGKrnl - ok
10:47:51.0688 2680 ebdrv - ok
10:47:51.0693 2680 elxstor - ok
10:47:51.0695 2680 ErrDev - ok
10:47:51.0700 2680 exfat - ok
10:47:51.0702 2680 fastfat - ok
10:47:51.0705 2680 fdc - ok
10:47:51.0709 2680 FileInfo - ok
10:47:51.0711 2680 Filetrace - ok
10:47:51.0716 2680 flpydisk - ok
10:47:51.0718 2680 FltMgr - ok
10:47:51.0722 2680 FsDepends - ok
10:47:51.0724 2680 Fs_Rec - ok
10:47:51.0726 2680 fvevol - ok
10:47:51.0728 2680 gagp30kx - ok
10:47:51.0730 2680 GEARAspiWDM - ok
10:47:51.0733 2680 hcw85cir - ok
10:47:51.0735 2680 HdAudAddService - ok
10:47:51.0737 2680 HDAudBus - ok
10:47:51.0739 2680 HidBatt - ok
10:47:51.0741 2680 HidBth - ok
10:47:51.0743 2680 HidIr - ok
10:47:51.0746 2680 HidUsb - ok
10:47:51.0751 2680 HpSAMD - ok
10:47:51.0753 2680 HTTP - ok
10:47:51.0755 2680 hwpolicy - ok
10:47:51.0757 2680 i8042prt - ok
10:47:51.0759 2680 iaStorV - ok
10:47:51.0762 2680 iirsp - ok
10:47:51.0768 2680 intelide - ok
10:47:51.0771 2680 intelppm - ok
10:47:51.0774 2680 IpFilterDriver - ok
10:47:51.0776 2680 IPMIDRV - ok
10:47:51.0778 2680 IPNAT - ok
10:47:51.0781 2680 IRENUM - ok
10:47:51.0783 2680 IRRemoteFlt - ok
10:47:51.0785 2680 isapnp - ok
10:47:51.0787 2680 iScsiPrt - ok
10:47:51.0790 2680 kbdclass - ok
10:47:51.0792 2680 kbdhid - ok
10:47:51.0793 2680 KeyAgent - ok
10:47:51.0802 2680 KeyMagic - ok
10:47:51.0804 2680 KSecDD - ok
10:47:51.0806 2680 KSecPkg - ok
10:47:51.0809 2680 ksfmonsys - ok
10:47:51.0811 2680 ksthunk - ok
10:47:51.0824 2680 LFSys - ok
10:47:51.0826 2680 lltdio - ok
10:47:51.0831 2680 LSI_FC - ok
10:47:51.0833 2680 LSI_SAS - ok
10:47:51.0835 2680 LSI_SAS2 - ok
10:47:51.0837 2680 LSI_SCSI - ok
10:47:51.0839 2680 luafv - ok
10:47:51.0849 2680 MacHALDriver - ok
10:47:51.0852 2680 MDFSYSNT - ok
10:47:51.0854 2680 MDPMGRNT - ok
10:47:51.0856 2680 megasas - ok
10:47:51.0858 2680 MegaSR - ok
10:47:51.0867 2680 Modem - ok
10:47:51.0869 2680 monitor - ok
10:47:51.0871 2680 mouclass - ok
10:47:51.0873 2680 mouhid - ok
10:47:51.0875 2680 mountmgr - ok
10:47:51.0877 2680 MpFilter - ok
10:47:51.0879 2680 mpio - ok
10:47:51.0881 2680 MpNWMon - ok
10:47:51.0883 2680 mpsdrv - ok
10:47:51.0886 2680 MRxDAV - ok
10:47:51.0888 2680 mrxsmb - ok
10:47:51.0891 2680 mrxsmb10 - ok
10:47:51.0893 2680 mrxsmb20 - ok
10:47:51.0895 2680 msahci - ok
10:47:51.0897 2680 msdsm - ok
10:47:51.0902 2680 Msfs - ok
10:47:51.0904 2680 mshidkmdf - ok
10:47:51.0906 2680 msisadrv - ok
10:47:51.0910 2680 MSKSSRV - ok
10:47:51.0914 2680 MSPCLOCK - ok
10:47:51.0916 2680 MSPQM - ok
10:47:51.0918 2680 MsRPC - ok
10:47:51.0921 2680 mssmbios - ok
10:47:51.0923 2680 MSTEE - ok
10:47:51.0926 2680 MTConfig - ok
10:47:51.0928 2680 Mup - ok
10:47:51.0931 2680 NativeWifiP - ok
10:47:51.0933 2680 NDIS - ok
10:47:51.0935 2680 NdisCap - ok
10:47:51.0937 2680 NdisTapi - ok
10:47:51.0939 2680 Ndisuio - ok
10:47:51.0941 2680 NdisWan - ok
10:47:51.0943 2680 NDProxy - ok
10:47:51.0946 2680 NetBIOS - ok
10:47:51.0948 2680 NetBT - ok
10:47:51.0958 2680 nfrd960 - ok
10:47:51.0960 2680 NisDrv - ok
10:47:51.0964 2680 Npfs - ok
10:47:51.0967 2680 nsiproxy - ok
10:47:51.0970 2680 Ntfs - ok
10:47:51.0973 2680 Null - ok
10:47:51.0975 2680 nvraid - ok
10:47:51.0977 2680 nvstor - ok
10:47:51.0979 2680 nv_agp - ok
10:47:51.0981 2680 ohci1394 - ok
10:47:51.0990 2680 Parport - ok
10:47:51.0992 2680 partmgr - ok
10:47:51.0995 2680 pci - ok
10:47:51.0997 2680 pciide - ok
10:47:51.0999 2680 pcmcia - ok
10:47:52.0001 2680 PCTCore - ok
10:47:52.0004 2680 pctDS - ok
10:47:52.0006 2680 pctEFA - ok
10:47:52.0008 2680 pcw - ok
10:47:52.0010 2680 PEAUTH - ok
10:47:52.0021 2680 Point64 - ok
10:47:52.0026 2680 PptpMiniport - ok
10:47:52.0028 2680 Processor - ok
10:47:52.0032 2680 Prot6Flt - ok
10:47:52.0035 2680 Psched - ok
10:47:52.0037 2680 ql2300 - ok
10:47:52.0039 2680 ql40xx - ok
10:47:52.0042 2680 QWAVEdrv - ok
10:47:52.0044 2680 RasAcd - ok
10:47:52.0046 2680 RasAgileVpn - ok
10:47:52.0049 2680 Rasl2tp - ok
10:47:52.0052 2680 RasPppoe - ok
10:47:52.0055 2680 RasSstp - ok
10:47:52.0068 2680 rdbss - ok
10:47:52.0071 2680 rdpbus - ok
10:47:52.0073 2680 RDPCDD - ok
10:47:52.0076 2680 RDPENCDD - ok
10:47:52.0079 2680 RDPREFMP - ok
10:47:52.0081 2680 RDPWD - ok
10:47:52.0083 2680 rdyboost - ok
10:47:52.0087 2680 RFCOMM - ok
10:47:52.0092 2680 rspndr - ok
10:47:52.0095 2680 SASDIFSV - ok
10:47:52.0098 2680 SASKUTIL - ok
10:47:52.0101 2680 SAVOnAccess - ok
10:47:52.0103 2680 sbp2port - ok
10:47:52.0106 2680 scfilter - ok
10:47:52.0111 2680 secdrv - ok
10:47:52.0116 2680 Serenum - ok
10:47:52.0118 2680 Serial - ok
10:47:52.0120 2680 sermouse - ok
10:47:52.0126 2680 sffdisk - ok
10:47:52.0128 2680 sffp_mmc - ok
10:47:52.0130 2680 sffp_sd - ok
10:47:52.0132 2680 sfloppy - ok
10:47:52.0137 2680 SiSRaid2 - ok
10:47:52.0140 2680 SiSRaid4 - ok
10:47:52.0142 2680 Smb - ok
10:47:52.0147 2680 SophosBootDriver - ok
10:47:52.0150 2680 spldr - ok
10:47:52.0155 2680 srv - ok
10:47:52.0157 2680 srv2 - ok
10:47:52.0159 2680 srvnet - ok
10:47:52.0163 2680 stexstor - ok
10:47:52.0166 2680 SWDUMon - ok
10:47:52.0168 2680 swenum - ok
10:47:52.0177 2680 Tcpip - ok
10:47:52.0179 2680 TCPIP6 - ok
10:47:52.0182 2680 tcpipreg - ok
10:47:52.0185 2680 TDPIPE - ok
10:47:52.0187 2680 TDTCP - ok
10:47:52.0190 2680 tdx - ok
10:47:52.0192 2680 TermDD - ok
10:47:52.0201 2680 tssecsrv - ok
10:47:52.0203 2680 tunnel - ok
10:47:52.0205 2680 uagp35 - ok
10:47:52.0207 2680 udfs - ok
10:47:52.0212 2680 uliagpkx - ok
10:47:52.0214 2680 umbus - ok
10:47:52.0216 2680 UmPass - ok
10:47:52.0220 2680 usbccgp - ok
10:47:52.0222 2680 usbcir - ok
10:47:52.0224 2680 usbehci - ok
10:47:52.0226 2680 usbhub - ok
10:47:52.0228 2680 usbohci - ok
10:47:52.0230 2680 usbprint - ok
10:47:52.0232 2680 USBSTOR - ok
10:47:52.0234 2680 usbuhci - ok
10:47:52.0236 2680 usbvideo - ok
10:47:52.0241 2680 vdrvroot - ok
10:47:52.0244 2680 vga - ok
10:47:52.0245 2680 VgaSave - ok
10:47:52.0247 2680 vhdmp - ok
10:47:52.0250 2680 viaide - ok
10:47:52.0251 2680 volmgr - ok
10:47:52.0253 2680 volmgrx - ok
10:47:52.0256 2680 volsnap - ok
10:47:52.0258 2680 vsmraid - ok
10:47:52.0261 2680 vwifibus - ok
10:47:52.0263 2680 vwififlt - ok
10:47:52.0265 2680 vwifimp - ok
10:47:52.0270 2680 WacomPen - ok
10:47:52.0273 2680 WANARP - ok
10:47:52.0275 2680 Wanarpv6 - ok
10:47:52.0282 2680 Wd - ok
10:47:52.0284 2680 Wdf01000 - ok
10:47:52.0292 2680 WfpLwf - ok
10:47:52.0294 2680 WIMMount - ok
10:47:52.0306 2680 WmiAcpi - ok
10:47:52.0314 2680 ws2ifsl - ok
10:47:52.0320 2680 WudfPf - ok
10:47:52.0322 2680 WUDFRd - ok
10:47:52.0332 2680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:47:52.0379 2680 \Device\Harddisk0\DR0 - ok
10:47:52.0383 2680 Boot (0x1200) (3bbc7c1c8f91845a58ff07219ee597d9) \Device\Harddisk0\DR0\Partition0
10:47:52.0384 2680 \Device\Harddisk0\DR0\Partition0 - ok
10:47:52.0408 2680 Boot (0x1200) (07ae51a5b2b7b7bf9e0b06796fb0146a) \Device\Harddisk0\DR0\Partition1
10:47:52.0408 2680 \Device\Harddisk0\DR0\Partition1 - ok
10:47:52.0411 2680 Boot (0x1200) (b0bc5dfb92fcf605b1ce9cdcfe603613) \Device\Harddisk0\DR0\Partition2
10:47:52.0412 2680 \Device\Harddisk0\DR0\Partition2 - ok
10:47:52.0412 2680 ============================================================
10:47:52.0412 2680 Scan finished
10:47:52.0412 2680 ============================================================
10:47:52.0420 2060 Detected object count: 0
10:47:52.0420 2060 Actual detected object count: 0
Microsoft security essentials says found one Trojan:Win64/Sirefef.M
and here the log file from aswMBR
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 10:52:52
-----------------------------
10:52:52.164 OS Version: Windows x64 6.1.7600
10:52:52.165 Number of processors: 4 586 0x1E05
10:52:52.166 ComputerName: LOLA-PC UserName: lola
10:53:01.495 Initialize success
10:54:37.586 AVAST engine defs: 12012600
10:55:00.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:55:00.153 Disk 0 Vendor: WDC_WD1001FALS-40Y6A0 05.01D06 Size: 953869MB BusType: 3
10:55:00.156 Disk 0 MBR read successfully
10:55:00.158 Disk 0 MBR scan
10:55:00.162 Disk 0 Windows 7 default MBR code
10:55:00.164 Disk 0 MBR hidden
10:55:00.166 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
10:55:00.197 Disk 0 Partition 2 00 AF HFS / HFS+ 476837 MB offset 409640
10:55:00.219 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 476703 MB offset 977235968
10:55:00.243 Service scanning
10:55:00.842 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:55:01.539 Modules scanning
10:55:01.549 Disk 0 trace - called modules:
10:55:01.890 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:55:01.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d61790]
10:55:01.909 3 CLASSPNP.SYS[fffff88001b4a43f] -> nt!IofCallDriver -> [0xfffffa8004bf6b30]
10:55:01.917 5 PCTCore64.sys[fffff8800107f094] -> nt!IofCallDriver -> [0xfffffa8004ad5520]
10:55:01.927 7 ACPI.sys[fffff88000f25781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad7060]
10:55:03.595 AVAST engine scan C:\Windows
10:55:06.088 AVAST engine scan C:\Windows\system32
10:57:56.027 AVAST engine scan C:\Windows\system32\drivers
10:58:06.226 AVAST engine scan C:\Users\lola
10:59:11.771 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
10:59:11.779 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"
11:43:11.505 AVAST engine scan C:\ProgramData
11:46:59.676 Scan finished successfully
11:52:33.191 Disk 0 MBR has been saved successfully to "C:\Users\lola\Desktop\MBR.dat"
11:52:33.245 The log file has been saved successfully to "C:\Users\lola\Desktop\aswMBR.txt"
Thank you
#18
- Forum Addict
-
- Group: BC Advisor
- Posts: 2,735
- Joined: 24-October 11
- Gender:Male
- Location:India
Posted 01 February 2012 - 01:31 PM
Download
http://ad13.geekstogo.com/MBRCheck.exe
Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Press ENTER to exit...
Or
you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log ,post the log result
Download
ESET online scanner
Install it
Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats
Export the list to desktop,copy the contents of the text file in your reply
______
http://ad13.geekstogo.com/MBRCheck.exe
Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Press ENTER to exit...
Or
you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log ,post the log result
Download
ESET online scanner
Install it
Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats
Export the list to desktop,copy the contents of the text file in your reply
______
This post has been edited by narenxp: 01 February 2012 - 01:32 PM
#19
- Member
-
- Group: Members
- Posts: 30
- Joined: 04-January 12
Posted 01 February 2012 - 09:51 PM
Hey , here is the log file of MBRCheck:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 212):
0x03215000 \SystemRoot\system32\ntoskrnl.exe
0x037F1000 \SystemRoot\system32\hal.dll
0x00BAB000 \SystemRoot\system32\kdcom.dll
0x00CE5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D29000 \SystemRoot\system32\PSHED.dll
0x00D3D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F31000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F40000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F97000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA0000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E71000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E81000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010FE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01128000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01133000 \SystemRoot\system32\drivers\fileinfo.sys
0x01147000 \SystemRoot\system32\drivers\PCTCore64.sys
0x0118A000 \SystemRoot\system32\drivers\pctDS64.sys
0x01000000 \SystemRoot\system32\drivers\pctEFA64.sys
0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01493000 \SystemRoot\System32\Drivers\msrpc.sys
0x014F1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0150B000 \SystemRoot\System32\Drivers\cng.sys
0x0157E000 \SystemRoot\System32\drivers\pcw.sys
0x0158F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162B000 \SystemRoot\system32\drivers\ndis.sys
0x0171D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017A8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01599000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F2000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x01612000 \SystemRoot\system32\DRIVERS\MDPMGRNT.SYS
0x0143A000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
0x015E5000 \SystemRoot\SysWOW64\drivers\LFSys64.sys
0x0161F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A3F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A79000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A8F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01AF5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01B1F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01B50000 \SystemRoot\System32\Drivers\Null.SYS
0x01B59000 \SystemRoot\System32\Drivers\Beep.SYS
0x01B60000 \SystemRoot\System32\drivers\vga.sys
0x01B6E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01B93000 \SystemRoot\System32\drivers\watchdog.sys
0x01BA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BAC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BB5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BBE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BDA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0400E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04053000 \SystemRoot\system32\drivers\afd.sys
0x040DC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040E5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0410B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04121000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04130000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0414B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0415F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04169000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04173000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041C4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041D0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x041DB000 \SystemRoot\System32\drivers\discache.sys
0x01A0D000 \SystemRoot\System32\Drivers\dfsc.sys
0x041EA000 \??\C:\Windows\system32\drivers\CBDisk.sys
0x01A2B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013CC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04297000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A37000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05166000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x051DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04486000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04623000 \SystemRoot\system32\DRIVERS\athrx.sys
0x047AA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047B7000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0460D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x044F7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0450D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04531000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0453D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0456C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04587000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045A8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045C2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04400000 \SystemRoot\system32\DRIVERS\ks.sys
0x04443000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05474000 \SystemRoot\system32\drivers\HdAudio.sys
0x054D0000 \SystemRoot\system32\drivers\portcls.sys
0x0550D000 \SystemRoot\system32\drivers\drmk.sys
0x0552F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05535000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0558F000 \SystemRoot\system32\DRIVERS\CS420x64.sys
0x0559A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x055AF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x055BD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x055C9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x055D2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x055E5000 \SystemRoot\System32\drivers\Dxapi.sys
0x05400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0541B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0541D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0543A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x055F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x04455000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04463000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05468000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045ED000 \SystemRoot\system32\DRIVERS\point64.sys
0x00610000 \SystemRoot\System32\cdd.dll
0x051EE000 \SystemRoot\system32\DRIVERS\IRFilter.sys
0x04A00000 \SystemRoot\system32\DRIVERS\AppleBtBc.sys
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x04A0C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02C8D000 \SystemRoot\System32\Drivers\bthport.sys
0x02D19000 \SystemRoot\system32\drivers\luafv.sys
0x02D3C000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D5D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x02D89000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x02D99000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x02DB9000 \SystemRoot\system32\DRIVERS\applebmt.sys
0x02DCC000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\KeyMagic.sys
0x02C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02C0E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02C23000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02C76000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04256000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x068E0000 \SystemRoot\system32\drivers\HTTP.sys
0x069A8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x069D5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x069DF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06800000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06845000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06893000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06AD7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06B3E000 \SystemRoot\System32\DRIVERS\srv.sys
0x06BD3000 \??\C:\Windows\system32\drivers\KeyAgent.sys
0x06BDB000 \??\C:\Windows\system32\drivers\MacHALDriver.sys
0x06A00000 \SystemRoot\system32\drivers\peauth.sys
0x06AA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AB1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06BE5000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x01ABF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0A4D3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x773B0000 \Windows\System32\ntdll.dll
0x476C0000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF790000 \Windows\System32\autochk.exe
0xFF660000 \Windows\System32\uxtheme.dll
0xFF4E0000 \Windows\System32\urlmon.dll
0xFF4C0000 \Windows\System32\imagehlp.dll
0xFF440000 \Windows\System32\shlwapi.dll
0xFF3F0000 \Windows\System32\ws2_32.dll
0xFF210000 \Windows\System32\setupapi.dll
0xFF200000 \Windows\System32\lpk.dll
0xFF130000 \Windows\System32\usp10.dll
0xFF050000 \Windows\System32\advapi32.dll
0xFEFB0000 \Windows\System32\clbcatq.dll
0xFED50000 \Windows\System32\iertutil.dll
0xFED40000 \Windows\System32\shimeng.dll
0x77290000 \Windows\System32\kernel32.dll
0xFED20000 \Windows\System32\msacm32.dll
0x77580000 \Windows\System32\psapi.dll
0x77570000 \Windows\System32\normaliz.dll
0xFEBF0000 \Windows\System32\rpcrt4.dll
0xFE9E0000 \Windows\System32\ole32.dll
0xFE940000 \Windows\System32\msvcrt.dll
0xFDBB0000 \Windows\System32\shell32.dll
0xFDB60000 \Windows\System32\Wldap32.dll
0xFDB40000 \Windows\System32\sechost.dll
0xFDAA0000 \Windows\System32\comdlg32.dll
0xFD970000 \Windows\System32\wininet.dll
0xFD940000 \Windows\System32\imm32.dll
0x77190000 \Windows\System32\user32.dll
0xFD8D0000 \Windows\System32\gdi32.dll
0xFD8C0000 \Windows\System32\nsi.dll
0xFD840000 \Windows\System32\difxapi.dll
0xFD730000 \Windows\System32\msctf.dll
0xFD650000 \Windows\System32\oleaut32.dll
0xFD5E0000 \Windows\System32\KernelBase.dll
0xFD5A0000 \Windows\System32\cfgmgr32.dll
0xFD560000 \Windows\System32\winmm.dll
0xFD3F0000 \Windows\System32\crypt32.dll
0xFD3B0000 \Windows\System32\wintrust.dll
0xFD310000 \Windows\System32\comctl32.dll
0xFD2F0000 \Windows\System32\devobj.dll
0xFD2E0000 \Windows\System32\msasn1.dll
Processes (total 62):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
384 csrss.exe
456 C:\Windows\System32\wininit.exe
480 csrss.exe
516 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
804 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
848 C:\Windows\System32\atiesrxx.exe
928 C:\Windows\System32\winlogon.exe
348 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
168 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\atieclxx.exe
1540 C:\Windows\System32\spoolsv.exe
1608 C:\Windows\System32\svchost.exe
1828 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1856 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1884 C:\Windows\SysWOW64\svchost.exe
1908 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Windows\System32\AppleOSSMgr.exe
1964 C:\Windows\System32\AppleTimeSrv.exe
2004 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2040 C:\Program Files\Bonjour\mDNSResponder.exe
540 C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
1228 C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
1664 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2124 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2292 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2320 C:\Windows\System32\vds.exe
2428 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2560 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2612 WUDFHost.exe
2976 C:\Windows\System32\taskhost.exe
2180 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
3284 C:\Program Files\Microsoft Security Client\msseces.exe
3344 C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
3492 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3576 C:\Program Files (x86)\Lock Folder XP\LFService.exe
3596 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3624 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3760 C:\Windows\System32\SearchIndexer.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
1316 C:\Windows\System32\svchost.exe
2956 C:\Windows\System32\wuauclt.exe
3592 C:\Program Files (x86)\Safari\Safari.exe
1624 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
2348 C:\Users\lola\AppData\Roaming\IMVUClient\IMVUClient.exe
508 C:\Windows\System32\SearchProtocolHost.exe
1620 C:\Windows\System32\SearchFilterHost.exe
3784 C:\Users\lola\Downloads\MBRCheck.exe
3136 C:\Windows\System32\conhost.exe
648 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000074`7ee00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`0c805000 (HFSJ)
PhysicalDrive0 Model Number: WDCWD1001FALS-40Y6A0, Rev: 05.01D06
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
and the list of ESET scanning here:
C:\Windows\assembly\tmp\U\00000001.@ Win64/Redirector.A trojan cleaned by deleting - quarantined
E:\Users\vickytheologidou\Downloads\installer_torrent_2_2_build_22538_beta_English.exe Win32/Toggle application deleted - quarantined
E:\Users\vickytheologidou\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
E:\Users\vickytheologidou\Downloads\SoftonicDownloader_for_imvu.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
Thank you
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 212):
0x03215000 \SystemRoot\system32\ntoskrnl.exe
0x037F1000 \SystemRoot\system32\hal.dll
0x00BAB000 \SystemRoot\system32\kdcom.dll
0x00CE5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D29000 \SystemRoot\system32\PSHED.dll
0x00D3D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F31000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F40000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F97000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA0000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E71000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E81000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010FE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01128000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01133000 \SystemRoot\system32\drivers\fileinfo.sys
0x01147000 \SystemRoot\system32\drivers\PCTCore64.sys
0x0118A000 \SystemRoot\system32\drivers\pctDS64.sys
0x01000000 \SystemRoot\system32\drivers\pctEFA64.sys
0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01493000 \SystemRoot\System32\Drivers\msrpc.sys
0x014F1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0150B000 \SystemRoot\System32\Drivers\cng.sys
0x0157E000 \SystemRoot\System32\drivers\pcw.sys
0x0158F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162B000 \SystemRoot\system32\drivers\ndis.sys
0x0171D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017A8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01599000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F2000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x01612000 \SystemRoot\system32\DRIVERS\MDPMGRNT.SYS
0x0143A000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
0x015E5000 \SystemRoot\SysWOW64\drivers\LFSys64.sys
0x0161F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A3F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A79000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A8F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01AF5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01B1F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01B50000 \SystemRoot\System32\Drivers\Null.SYS
0x01B59000 \SystemRoot\System32\Drivers\Beep.SYS
0x01B60000 \SystemRoot\System32\drivers\vga.sys
0x01B6E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01B93000 \SystemRoot\System32\drivers\watchdog.sys
0x01BA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BAC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BB5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BBE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BDA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0400E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04053000 \SystemRoot\system32\drivers\afd.sys
0x040DC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040E5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0410B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04121000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04130000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0414B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0415F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04169000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04173000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041C4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041D0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x041DB000 \SystemRoot\System32\drivers\discache.sys
0x01A0D000 \SystemRoot\System32\Drivers\dfsc.sys
0x041EA000 \??\C:\Windows\system32\drivers\CBDisk.sys
0x01A2B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013CC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04297000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A37000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05166000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x051DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04486000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04623000 \SystemRoot\system32\DRIVERS\athrx.sys
0x047AA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047B7000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0460D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x044F7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0450D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04531000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0453D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0456C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04587000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045A8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045C2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04400000 \SystemRoot\system32\DRIVERS\ks.sys
0x04443000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05474000 \SystemRoot\system32\drivers\HdAudio.sys
0x054D0000 \SystemRoot\system32\drivers\portcls.sys
0x0550D000 \SystemRoot\system32\drivers\drmk.sys
0x0552F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05535000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0558F000 \SystemRoot\system32\DRIVERS\CS420x64.sys
0x0559A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x055AF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x055BD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x055C9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x055D2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x055E5000 \SystemRoot\System32\drivers\Dxapi.sys
0x05400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0541B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0541D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0543A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x055F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x04455000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04463000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05468000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x045ED000 \SystemRoot\system32\DRIVERS\point64.sys
0x00610000 \SystemRoot\System32\cdd.dll
0x051EE000 \SystemRoot\system32\DRIVERS\IRFilter.sys
0x04A00000 \SystemRoot\system32\DRIVERS\AppleBtBc.sys
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x04A0C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02C8D000 \SystemRoot\System32\Drivers\bthport.sys
0x02D19000 \SystemRoot\system32\drivers\luafv.sys
0x02D3C000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D5D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x02D89000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x02D99000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x02DB9000 \SystemRoot\system32\DRIVERS\applebmt.sys
0x02DCC000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\KeyMagic.sys
0x02C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02C0E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02C23000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02C76000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04256000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x068E0000 \SystemRoot\system32\drivers\HTTP.sys
0x069A8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x069D5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x069DF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06800000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06845000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06893000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06AD7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06B3E000 \SystemRoot\System32\DRIVERS\srv.sys
0x06BD3000 \??\C:\Windows\system32\drivers\KeyAgent.sys
0x06BDB000 \??\C:\Windows\system32\drivers\MacHALDriver.sys
0x06A00000 \SystemRoot\system32\drivers\peauth.sys
0x06AA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AB1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06BE5000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x01ABF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0A4D3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x773B0000 \Windows\System32\ntdll.dll
0x476C0000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF790000 \Windows\System32\autochk.exe
0xFF660000 \Windows\System32\uxtheme.dll
0xFF4E0000 \Windows\System32\urlmon.dll
0xFF4C0000 \Windows\System32\imagehlp.dll
0xFF440000 \Windows\System32\shlwapi.dll
0xFF3F0000 \Windows\System32\ws2_32.dll
0xFF210000 \Windows\System32\setupapi.dll
0xFF200000 \Windows\System32\lpk.dll
0xFF130000 \Windows\System32\usp10.dll
0xFF050000 \Windows\System32\advapi32.dll
0xFEFB0000 \Windows\System32\clbcatq.dll
0xFED50000 \Windows\System32\iertutil.dll
0xFED40000 \Windows\System32\shimeng.dll
0x77290000 \Windows\System32\kernel32.dll
0xFED20000 \Windows\System32\msacm32.dll
0x77580000 \Windows\System32\psapi.dll
0x77570000 \Windows\System32\normaliz.dll
0xFEBF0000 \Windows\System32\rpcrt4.dll
0xFE9E0000 \Windows\System32\ole32.dll
0xFE940000 \Windows\System32\msvcrt.dll
0xFDBB0000 \Windows\System32\shell32.dll
0xFDB60000 \Windows\System32\Wldap32.dll
0xFDB40000 \Windows\System32\sechost.dll
0xFDAA0000 \Windows\System32\comdlg32.dll
0xFD970000 \Windows\System32\wininet.dll
0xFD940000 \Windows\System32\imm32.dll
0x77190000 \Windows\System32\user32.dll
0xFD8D0000 \Windows\System32\gdi32.dll
0xFD8C0000 \Windows\System32\nsi.dll
0xFD840000 \Windows\System32\difxapi.dll
0xFD730000 \Windows\System32\msctf.dll
0xFD650000 \Windows\System32\oleaut32.dll
0xFD5E0000 \Windows\System32\KernelBase.dll
0xFD5A0000 \Windows\System32\cfgmgr32.dll
0xFD560000 \Windows\System32\winmm.dll
0xFD3F0000 \Windows\System32\crypt32.dll
0xFD3B0000 \Windows\System32\wintrust.dll
0xFD310000 \Windows\System32\comctl32.dll
0xFD2F0000 \Windows\System32\devobj.dll
0xFD2E0000 \Windows\System32\msasn1.dll
Processes (total 62):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
384 csrss.exe
456 C:\Windows\System32\wininit.exe
480 csrss.exe
516 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
804 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
848 C:\Windows\System32\atiesrxx.exe
928 C:\Windows\System32\winlogon.exe
348 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
168 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\atieclxx.exe
1540 C:\Windows\System32\spoolsv.exe
1608 C:\Windows\System32\svchost.exe
1828 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1856 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1884 C:\Windows\SysWOW64\svchost.exe
1908 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Windows\System32\AppleOSSMgr.exe
1964 C:\Windows\System32\AppleTimeSrv.exe
2004 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2040 C:\Program Files\Bonjour\mDNSResponder.exe
540 C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
1228 C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
1664 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2124 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2292 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2320 C:\Windows\System32\vds.exe
2428 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2560 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2612 WUDFHost.exe
2976 C:\Windows\System32\taskhost.exe
2180 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
3284 C:\Program Files\Microsoft Security Client\msseces.exe
3344 C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
3492 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3576 C:\Program Files (x86)\Lock Folder XP\LFService.exe
3596 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3624 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3760 C:\Windows\System32\SearchIndexer.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
1316 C:\Windows\System32\svchost.exe
2956 C:\Windows\System32\wuauclt.exe
3592 C:\Program Files (x86)\Safari\Safari.exe
1624 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
2348 C:\Users\lola\AppData\Roaming\IMVUClient\IMVUClient.exe
508 C:\Windows\System32\SearchProtocolHost.exe
1620 C:\Windows\System32\SearchFilterHost.exe
3784 C:\Users\lola\Downloads\MBRCheck.exe
3136 C:\Windows\System32\conhost.exe
648 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000074`7ee00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`0c805000 (HFSJ)
PhysicalDrive0 Model Number: WDCWD1001FALS-40Y6A0, Rev: 05.01D06
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
and the list of ESET scanning here:
C:\Windows\assembly\tmp\U\00000001.@ Win64/Redirector.A trojan cleaned by deleting - quarantined
E:\Users\vickytheologidou\Downloads\installer_torrent_2_2_build_22538_beta_English.exe Win32/Toggle application deleted - quarantined
E:\Users\vickytheologidou\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
E:\Users\vickytheologidou\Downloads\SoftonicDownloader_for_imvu.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
Thank you
#20
- Forum Addict
-
- Group: BC Advisor
- Posts: 2,735
- Joined: 24-October 11
- Gender:Male
- Location:India
Posted 02 February 2012 - 12:22 AM
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
You may an infected MBR
You're ESET logs shows traces of zero access rootkit re occuring after every scan.
We need advanced tools to remove it
Read the guide here
http://www.bleepingcomputer.com/forums/topic34773.html
and create a topic here
http://www.bleepingcomputer.com/forums/forum22.html
Good luck
#21
- Member
-
- Group: Members
- Posts: 30
- Joined: 04-January 12
Posted 02 February 2012 - 08:47 AM
I see thank you.
#22
- Forum Addict
-
- Group: BC Advisor
- Posts: 2,735
- Joined: 24-October 11
- Gender:Male
- Location:India
Posted 02 February 2012 - 11:19 AM
You're welcome 
#23
- Bleepin' Cynic
-
- Group: Moderator
- Posts: 22,242
- Joined: 11-November 06
- Gender:Male
Posted 02 February 2012 - 05:30 PM
Malware topic here: http://www.bleepingcomputer.com/forums/topic441029.html
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.
To avoid confusion, I am closing this topic.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.
To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.
—George Bernard Shaw
—George Bernard Shaw
