Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after removing Antivir Solution Pro


  • This topic is locked This topic is locked
11 replies to this topic

#1 MarkCostello

MarkCostello

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 22 July 2010 - 12:08 AM

I was able to manually remove the Antivir Solution Pro entries from the registry and profile. After reboot, I was still having problems, I ran AVG and it removed 3 or 4 trojans and malware. Still having problems, I found bleepingcomputer.com's removal instructions for Antivir, so I went through those instructions. I believe Antivir is removed but I believe my computer still has some virus/malware.

I am unable to update Malwarebytes' Anti-Malware with latest definitions or any other anti-virus/spyware software. I'm pretty sure I have more malware from Antivir problem.

Any help would be appreciated.

Thanks,

Mark

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mark at 21:43:37.98 on Wed 07/21/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2751 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: moigh Object: {d8ae373b-f6a8-450e-83ac-3bc21d81ee3f} - c:\windows\system32\adfep.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [sta] rundll32 "edfep.dll",,Run
mRun: [MChk] c:\windows\system32\rdfep.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240365609625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.129,93.188.161.219
TCP: {98042086-E28B-4ACC-BE18-FBE7D68F2521} = 93.188.162.129,93.188.161.219
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2008-9-8 18336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-14 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-14 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-14 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2009-4-25 198880]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2009-4-25 3712]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2009-4-25 7584]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-21 1684736]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-29 280344]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-4-21 68136]

=============== Created Last 30 ================

2010-07-22 01:58:19 0 d-----w- c:\docume~1\mark\applic~1\Malwarebytes
2010-07-22 01:57:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 01:57:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 01:57:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 01:57:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-21 23:11:26 2804 ----a-w- c:\windows\ecuqidef.dll
2010-07-21 23:07:43 2804 ----a-w- c:\windows\uwatoqez.dll
2010-07-21 23:02:28 2804 ----a-w- c:\windows\ibohahoz.dll
2010-07-21 23:02:01 0 d-----w- C:\spoolerlogs
2010-07-21 23:01:56 0 d-----w- c:\windows\pss
2010-07-21 22:30:40 2804 ----a-w- c:\windows\etonajer.dll
2010-07-21 22:20:16 2804 ----a-w- c:\windows\iwiyunolifet.dll
2010-07-21 22:16:52 0 d-----w- c:\docume~1\mark\applic~1\Street-Ads
2010-07-21 22:16:50 0 d-----w- c:\docume~1\mark\applic~1\Sky-Banners
2010-07-21 22:16:20 150 ----a-w- C:\zrpt.xml
2010-07-21 22:16:09 767488 ----a-w- c:\windows\system32\drivers\isilp.sys
2010-07-21 22:15:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-21 22:15:25 180736 ----a-w- c:\windows\Ituxea.exe
2010-07-16 23:33:26 0 d-----w- c:\docume~1\mark\applic~1\My Games
2010-07-16 04:07:50 246784 ----a-w- c:\windows\system32\adfep.dll
2010-07-15 14:22:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-21 23:10:28 16608 ----a-w- c:\windows\gdrv.sys
2010-07-15 14:22:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:21:48 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 21:44:38.57 ===============

I have tried to run GMER 3 times and it has not completed successfully. 2 times it has locked up (over an hour being idle) and 1 time my machine rebooted.

Any help would be appreciated.

Thanks,

Mark

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 27 July 2010 - 11:54 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 28 July 2010 - 06:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 MarkCostello

MarkCostello
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 28 July 2010 - 11:53 PM

Don't worry about it. I decided to rebuild the machine, that was easier after 4 days.

Thanks anyway.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 29 July 2010 - 03:11 PM

Thanks for letting me know smile.gif

----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 02 August 2010 - 05:35 PM

Reopened at user's request

-----------------------------------------

Still getting problems after a rebuild then it's probably a particular rootkit. Please run the following tool

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#6 MarkCostello

MarkCostello
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 02 August 2010 - 06:01 PM

I also fixed a DNS rebinding problem. My internet modem had faulty DNS IP addresses. I haven't had a redirect problem after I fixed that.
But I am running Malwarebytes, SuperAntiSpyware and Spybot again.

++++++++++++++++++++++++++++++++++++++
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0300001c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9EF3000 jraid.sys
0xB9EDB000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EBB000 fltmgr.sys
0xB9EA4000 KSecDD.sys
0xB9E17000 Ntfs.sys
0xB9DEA000 NDIS.sys
0xB9DD0000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA238000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9860000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB984C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9824000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB97E4000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA248000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA564000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB97D0000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA258000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA568000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA268000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA278000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA288000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB97AD000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9792000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xBA733000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB977B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9742000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9712000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5C0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9614000 \SystemRoot\system32\DRIVERS\update.sys
0xBA590000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAD587000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAD563000 \SystemRoot\system32\drivers\portcls.sys
0xBA318000 \SystemRoot\system32\drivers\drmk.sys
0xBA148000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACF64000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA62C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6FC000 \SystemRoot\System32\Drivers\Null.SYS
0xBA62E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA460000 \SystemRoot\System32\drivers\vga.sys
0xBA630000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA632000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA468000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA470000 \SystemRoot\System32\Drivers\Npfs.SYS
0xACF50000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACEE1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACE88000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACE62000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACE28000 \SystemRoot\System32\Drivers\avgtdix.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xACE00000 \SystemRoot\system32\DRIVERS\netbt.sys
0xACDDE000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xACDBC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA478000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB975B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA218000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA228000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xACCA1000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB9753000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB95E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA490000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xACC4E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xACBDE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9702000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA498000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xACBAA000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB96A2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xACB92000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA64C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACF20000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA378000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6B6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10C000 \SystemRoot\System32\atikvmag.dll
0xBF1A9000 \SystemRoot\System32\atiok3x2.dll
0xBF20E000 \SystemRoot\System32\ati3duag.dll
0xBF5BF000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA061000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9BF4000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9D79000 \SystemRoot\system32\drivers\sysaudio.sys
0xA96C7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5D8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA957A000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xA9511000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9352000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8EA2000 \??\C:\WINDOWS\gdrv.sys
0xA88FF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
892 C:\WINDOWS\system32\smss.exe
992 csrss.exe
1024 C:\WINDOWS\system32\winlogon.exe
1068 C:\WINDOWS\system32\services.exe
1080 C:\WINDOWS\system32\lsass.exe
1252 C:\WINDOWS\system32\ati2evxx.exe
1272 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1496 C:\WINDOWS\system32\svchost.exe
1624 svchost.exe
1748 svchost.exe
1900 C:\WINDOWS\system32\spoolsv.exe
1968 C:\WINDOWS\system32\ati2evxx.exe
1976 C:\Program Files\AVG\AVG9\avgchsvx.exe
1984 C:\Program Files\AVG\AVG9\avgrsx.exe
248 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1296 C:\WINDOWS\explorer.exe
1600 C:\PROGRA~1\AVG\AVG9\avgtray.exe
1640 C:\WINDOWS\RTHDCPL.EXE
1676 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1708 C:\WINDOWS\system32\ctfmon.exe
1720 C:\Program Files\Windows Media Player\wmpnscfg.exe
1832 C:\Program Files\Logitech\SetPoint\SetPoint.exe
344 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
820 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
1576 svchost.exe
1652 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2104 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2228 C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
2284 C:\WINDOWS\system32\svchost.exe
2328 C:\Program Files\AVG\AVG9\avgnsx.exe
2660 C:\Program Files\AVG\AVG9\avgemc.exe
3232 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3336 C:\WINDOWS\system32\searchindexer.exe
3364 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3780 wmpnetwk.exe
3424 alg.exe
2956 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2152 C:\Program Files\Internet Explorer\iexplore.exe
2492 C:\Program Files\Internet Explorer\iexplore.exe
2496 C:\WINDOWS\system32\searchprotocolhost.exe
332 searchfilterhost.exe
328 C:\Program Files\Internet Explorer\iexplore.exe
3600 C:\WINDOWS\system32\searchprotocolhost.exe
2372 C:\Documents and Settings\Mark\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`8836ac00 (NTFS)
\\.\Y: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\Z: --> \\.\PhysicalDrive1 at offset 0x00000009`c3dcd400 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01
PhysicalDrive1 Model Number: WDCWD2500YD-01NVB1, Rev: 10.02E01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
233 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 02 August 2010 - 06:20 PM

QUOTE
I am running Malwarebytes, SuperAntiSpyware and Spybot again.


Please post the MBAM and SAS logs. I have sent you a PM where I was prepared to close this again but we can go on if you would like.
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 05 August 2010 - 08:36 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 MarkCostello

MarkCostello
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 05 August 2010 - 10:45 PM

Sorry about that. Everything is working fine.
Thanks for you help.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 06 August 2010 - 04:04 AM

Are you happy for this topic to be closed?
Posted Image
m0le is a proud member of UNITE

#11 MarkCostello

MarkCostello
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 06 August 2010 - 08:41 AM

Topic can be closed.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:30 PM

Posted 06 August 2010 - 02:19 PM

Thanks, glad you got it solved. thumbup2.gif

--------------------------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users