Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor


  • This topic is locked This topic is locked
38 replies to this topic

#1 Bradyia2

Bradyia2

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 27 July 2010 - 06:14 PM

Hello,

I got the virus while on divxden.com. I removed the programme using Malwarebytes and manually deleting its files and registry entries but Antimalware Doctor would run again after restart. This is now no longer happening. It seems to be removed but I'm still experiencing problems such as slower performance and freezing. There seems to be a problem with Malwarebytes also. On start-up it's identified as a blocked programme but every couple of seconds I get a pop up message saying that Malwarebytes successfully blocked access to a malicious website (eg. 61.135.132.10).

Gmer problem - Freezes and shuts down a minute or two into scan.

Any help would be greatly appreciated. Many thanks.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ian at 15:21:53.86 on 27/07/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.1790.890 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxddcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
C:\Users\Ian\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uWinlogon: Shell=c:\users\ian\appdata\roaming\ogix.exe,explorer.exe,c:\users\ian\appdata\roaming\ohydy.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-ie\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\ian\appdata\roaming\mozilla\firefox\profiles\1rqdggns.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\Npgfxv.dll
FF - plugin: c:\users\ian\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\ian\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-22 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-22 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-22 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-22 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-22 297752]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2010-1-9 285744]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-27 304464]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-27 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248]

=============== Created Last 30 ================

2010-07-27 14:11:31 20 ----a-w- c:\users\ian\defogger_reenable
2010-07-27 10:26:37 0 d-----w- c:\users\ian\appdata\roaming\Malwarebytes
2010-07-27 10:26:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 10:26:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 10:26:20 0 d-----w- c:\programdata\Malwarebytes
2010-07-27 10:26:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 02:05:36 0 d-----w- c:\program files\Trend Micro
2010-07-27 00:21:15 767488 ----a-w- c:\windows\system32\drivers\vnaeb.sys
2010-07-27 00:06:26 115712 --sh--r- c:\users\ian\appdata\roaming\ohydy.exe
2010-07-27 00:06:03 0 d-----w- c:\users\ian\appdata\roaming\FFC3AF38641DD18B6276C81B568EC4BC

==================== Find3M ====================

2010-07-26 19:39:04 27649 ----a-w- c:\programdata\nvModes.dat
2010-06-30 11:00:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-05 16:11:11 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-05 16:11:11 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-05 16:11:10 86016 ----a-w- c:\windows\inf\infstrng.dat
2008-10-25 17:09:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-25 17:09:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:22:30.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 05 August 2010 - 08:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 08 August 2010 - 08:36 PM

Hi m0le,

Sorry for the delay, I was working all weekend and am only seeing your post now. Hope it's not too late! Its 2.30am here in Dublin and im off to bed but I'm free all week to go online and assist with you at any time. Il check in the morning and on a regular basis for a post from you and will reply as soon as possible. Thanks for your help, it's very much appreciated.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 09 August 2010 - 04:58 PM

No, not too late. I'm GMT too in London so that's fine.


Please run Combofix so we can remove the rest of this rogue

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 09 August 2010 - 06:45 PM

Here you are m0le. Thanks.

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 09 August 2010 - 07:07 PM

Please run SAS

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Then please run ESET's online scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#7 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 10 August 2010 - 03:12 PM

Hi m0le,

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/10/2010 at 04:16 PM

Application Version : 4.41.1000

Core Rules Database Version : 5341
Trace Rules Database Version: 3153

Scan type : Complete Scan
Total Scan Time : 03:23:18

Memory items scanned : 673
Memory threats detected : 0
Registry items scanned : 9798
Registry threats detected : 0
File items scanned : 215770
File threats detected : 76

Trojan.Agent/Gen-Cryptor[Virut]
C:\QOOBOX\QUARANTINE\C\USERS\IAN\APPDATA\ROAMING\OHYDY.EXE.VIR

Adware.Tracking Cookie
.clicksor.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adply.plymedia.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.chitika.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.bannertgt.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.bannertgt.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.bannertgt.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.hookedmediagroup.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.media.spinsouthwest.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.media.spinsouthwest.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.trader.adbureau.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
ie-stat.bmmetrix.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
ie-stat.bmmetrix.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.myroitracking.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]
.revsci.net [ C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\1rqdggns.default\cookies.sqlite ]

ESET scan results:

C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined
C:\Users\Ian\AdobeReader\Adobe Acrobat 9 Professional\Patch.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan deleted - quarantined


Thanks again.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 10 August 2010 - 05:11 PM

That looks like a clean system but you have the ability to check that better than I can.

How is the machine running now?
Posted Image
m0le is a proud member of UNITE

#9 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 10 August 2010 - 05:53 PM

Ye the performance has improved a lot since my first post. I must have already deleted the virus. Sorry for wasting your time, I just thought it was still on the system because of the continuos pop up warnings I was getting from malwarebytes.

Thanks a million for your time and effort.



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 10 August 2010 - 06:11 PM

Thanks for your thanks thumbup2.gif

Okay, here's the final instructions for you...

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Bradyia2, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#11 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 10 August 2010 - 08:14 PM

Alrite m0le,

Sorry to bother you again but seems that the virus is still there! Since my last post I have stopped Anti-malwarebytes from loading at start-up and hit the re-enable option on defogger. The system rebooted and was working perfectley for the last 2 hours. I was on the internet (facebook) and the same thing happened the first time i got the virus.

Command Prompt opens up numerous times and i get loads of infection warnings from AVG. I pressed Ctrl+Alt+Del and logged off. When I log back on Command Prompt goes again as does the Anti-Malware Doctor programme. It doesn't want to leave!

I'm just wondering now if maybe i just caught it again since nothing showed up on the scans?!


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 11 August 2010 - 04:30 PM

Let's do some preliminary checks for rootkits

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#13 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 11 August 2010 - 04:49 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 197):
0x81C0A000 \SystemRoot\system32\ntkrnlpa.exe
0x81FC4000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\System32\Drivers\spus.sys
0x806FA000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80703000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80729000 \SystemRoot\system32\drivers\acpi.sys
0x8076F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80777000 \SystemRoot\system32\drivers\pci.sys
0x8079E000 \SystemRoot\system32\drivers\isapnp.sys
0x807AD000 \SystemRoot\system32\drivers\mpio.sys
0x807C9000 \SystemRoot\System32\drivers\partmgr.sys
0x8220B000 \SystemRoot\System32\Drivers\vnaeb.sys
0x822CD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x822D0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x822DA000 \SystemRoot\system32\drivers\volmgr.sys
0x822E9000 \SystemRoot\System32\drivers\volmgrx.sys
0x82333000 \SystemRoot\system32\drivers\intelide.sys
0x8233A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82348000 \SystemRoot\system32\drivers\pciide.sys
0x8234F000 \SystemRoot\system32\drivers\aliide.sys
0x82356000 \SystemRoot\system32\drivers\amdide.sys
0x8235D000 \SystemRoot\system32\drivers\cmdide.sys
0x82365000 \SystemRoot\System32\drivers\mountmgr.sys
0x82375000 \SystemRoot\system32\drivers\msdsm.sys
0x8238F000 \SystemRoot\system32\drivers\nvraid.sys
0x823AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x823CB000 \SystemRoot\system32\drivers\viaide.sys
0x82804000 \SystemRoot\system32\drivers\iastorv.sys
0x828A5000 \SystemRoot\system32\drivers\atapi.sys
0x828AD000 \SystemRoot\system32\drivers\ataport.SYS
0x828CB000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x828E5000 \SystemRoot\system32\drivers\storport.sys
0x82926000 \SystemRoot\system32\drivers\msahci.sys
0x82930000 \SystemRoot\system32\drivers\hpcisss.sys
0x8293B000 \SystemRoot\system32\drivers\adp94xx.sys
0x829A5000 \SystemRoot\system32\drivers\adpahci.sys
0x823D3000 \SystemRoot\system32\drivers\adpu160m.sys
0x807D8000 \SystemRoot\system32\drivers\adpu320.sys
0x805CD000 \SystemRoot\system32\drivers\djsvs.sys
0x805E1000 \SystemRoot\system32\drivers\arc.sys
0x82A06000 \SystemRoot\system32\drivers\arcsas.sys
0x82A1C000 \SystemRoot\system32\drivers\elxstor.sys
0x82AB0000 \SystemRoot\system32\drivers\i2omp.sys
0x82ABA000 \SystemRoot\system32\drivers\iirsp.sys
0x82ACA000 \SystemRoot\system32\drivers\iteatapi.sys
0x82AD6000 \SystemRoot\system32\drivers\iteraid.sys
0x82AE2000 \SystemRoot\system32\drivers\lsi_fc.sys
0x82AFC000 \SystemRoot\system32\drivers\lsi_sas.sys
0x82B14000 \SystemRoot\system32\drivers\megasas.sys
0x82B1E000 \SystemRoot\system32\drivers\megasr.sys
0x82BD5000 \SystemRoot\system32\drivers\mraid35x.sys
0x82BE0000 \SystemRoot\system32\drivers\nfrd960.sys
0x82BEE000 \SystemRoot\system32\drivers\nvstor.sys
0x87C07000 \SystemRoot\system32\drivers\ql2300.sys
0x87D3F000 \SystemRoot\system32\drivers\ql40xx.sys
0x87D94000 \SystemRoot\system32\drivers\sisraid2.sys
0x87DA1000 \SystemRoot\system32\drivers\sisraid4.sys
0x87DB6000 \SystemRoot\system32\drivers\symc8xx.sys
0x87DC2000 \SystemRoot\system32\drivers\sym_hi.sys
0x87DCD000 \SystemRoot\system32\drivers\sym_u3.sys
0x87E0A000 \SystemRoot\system32\drivers\uliahci.sys
0x87E46000 \SystemRoot\system32\drivers\ulsata.sys
0x87E67000 \SystemRoot\system32\drivers\ulsata2.sys
0x87E93000 \SystemRoot\system32\drivers\vsmraid.sys
0x87EB4000 \SystemRoot\system32\drivers\fltmgr.sys
0x87EE6000 \SystemRoot\system32\drivers\fileinfo.sys
0x87EF6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88000000 \SystemRoot\system32\drivers\ndis.sys
0x8810B000 \SystemRoot\system32\drivers\msrpc.sys
0x88136000 \SystemRoot\system32\drivers\NETIO.SYS
0x8820E000 \SystemRoot\System32\drivers\tcpip.sys
0x882F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8840A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88519000 \SystemRoot\system32\drivers\wd.sys
0x88521000 \SystemRoot\system32\drivers\volsnap.sys
0x8855A000 \SystemRoot\System32\Drivers\spldr.sys
0x88562000 \SystemRoot\system32\drivers\sbp2port.sys
0x88577000 \SystemRoot\System32\Drivers\mup.sys
0x88586000 \SystemRoot\System32\drivers\ecache.sys
0x885AD000 \SystemRoot\system32\drivers\disk.sys
0x885BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x885F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88310000 \SystemRoot\system32\DRIVERS\processr.sys
0x88400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8831F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x885FB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x88332000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8833D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8836D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8836F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8837A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8837E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88386000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88390000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x883CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x883DD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88170000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x883EF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BE0F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CB3A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CBD9000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF0C000 \SystemRoot\system32\DRIVERS\athr.sys
0x88188000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CBE6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x881B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CBF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x881CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BFF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x87F67000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x87F7B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C400000 \SystemRoot\system32\DRIVERS\taphss.sys
0x881F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C407000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87F90000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87FBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87FEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CC02000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CC3D000 \SystemRoot\system32\drivers\portcls.sys
0x8CC6A000 \SystemRoot\system32\drivers\drmk.sys
0x8CC8F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CCCD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CE07000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CEBC000 \SystemRoot\system32\drivers\modem.sys
0x8CEC9000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8CED7000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8CEEA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CF01000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CF22000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CF2B000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF32000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF42000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CF49000 \SystemRoot\System32\drivers\vga.sys
0x8CF55000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CF7E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF86000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CF91000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CF9F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CFA8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CFBE000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CFD2000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8D608000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D63A000 \SystemRoot\system32\drivers\afd.sys
0x8D682000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D698000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D6A6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D6B9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8D6DB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8D6E1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D71D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D727000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D73E000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8D744000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8D795000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8D7D0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D7DD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D7E8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81490000 \SystemRoot\System32\win32k.sys
0x8D7F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x816B0000 \SystemRoot\System32\TSDDD.dll
0x816D0000 \SystemRoot\System32\cdd.dll
0x816E0000 \SystemRoot\System32\ATMFD.DLL
0x8CDD0000 \SystemRoot\system32\drivers\luafv.sys
0x8CDEB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x885C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x883F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x87DD8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C20B000 \SystemRoot\system32\drivers\HTTP.sys
0x9C276000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C293000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C2AC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C2C1000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C2E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C300000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C339000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C351000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C378000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C80D000 \SystemRoot\system32\drivers\spsys.sys
0x9C8D4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C8D8000 \SystemRoot\system32\drivers\peauth.sys
0x9C9B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C9C0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C9CC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9C9D4000 \??\C:\Windows\system32\drivers\mbam.sys
0x9C9D8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9C9E7000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77330000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
408 C:\Windows\System32\smss.exe
476 csrss.exe
524 C:\Windows\System32\wininit.exe
532 csrss.exe
572 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\nvvsvc.exe
880 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\rundll32.exe
1408 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\wlanext.exe
1644 C:\Windows\System32\spoolsv.exe
1684 C:\Windows\System32\svchost.exe
2032 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
272 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
344 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
440 C:\Program Files\Hotspot Shield\bin\hsswd.exe
1004 C:\Program Files\iPod\bin\iPodService.exe
1260 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1416 C:\Windows\System32\lxddcoms.exe
1812 C:\Windows\System32\svchost.exe
808 C:\Program Files\SMINST\BLService.exe
1740 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1792 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\svchost.exe
2192 C:\Windows\System32\SearchIndexer.exe
2216 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
2224 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2296 C:\Windows\System32\drivers\XAudio.exe
2348 C:\PROGRA~1\AVG\AVG8\avgemc.exe
2572 C:\Program Files\AVG\AVG8\avgcsrvx.exe
2608 C:\Windows\System32\taskeng.exe
3336 C:\Windows\System32\taskeng.exe
3380 C:\Windows\System32\dwm.exe
3452 C:\Windows\explorer.exe
3636 C:\Windows\explorer.exe
1744 C:\Windows\System32\rundll32.exe
2540 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2160 C:\Program Files\HP\QuickPlay\QPService.exe
3296 C:\Program Files\Windows Defender\MSASCui.exe
3320 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3908 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3076 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1888 C:\Program Files\AVG\AVG8\avgtray.exe
972 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3304 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
1896 C:\Program Files\Windows Media Player\wmpnscfg.exe
3400 C:\Program Files\Windows Media Player\wmpnetwk.exe
2376 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3464 WmiPrvSE.exe
3560 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3504 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2616 C:\Windows\System32\conime.exe
3012 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2364 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2696 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5200 C:\Windows\System32\wuauclt.exe
5300 C:\Program Files\Mozilla Firefox\firefox.exe
3740 C:\Users\Ian\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`be800000 (NTFS)

PhysicalDrive0 Model Number: ST9160310AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:






2010/08/11 22:40:12.0999 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/11 22:40:12.0999 ================================================================================
2010/08/11 22:40:12.0999 SystemInfo:
2010/08/11 22:40:12.0999
2010/08/11 22:40:12.0999 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/11 22:40:12.0999 Product type: Workstation
2010/08/11 22:40:12.0999 ComputerName: IAN-PC
2010/08/11 22:40:13.0000 UserName: Ian
2010/08/11 22:40:13.0000 Windows directory: C:\Windows
2010/08/11 22:40:13.0000 System windows directory: C:\Windows
2010/08/11 22:40:13.0000 Processor architecture: Intel x86
2010/08/11 22:40:13.0000 Number of processors: 1
2010/08/11 22:40:13.0000 Page size: 0x1000
2010/08/11 22:40:13.0000 Boot type: Normal boot
2010/08/11 22:40:13.0000 ================================================================================
2010/08/11 22:40:24.0850 Initialize success
2010/08/11 22:40:37.0532 ================================================================================
2010/08/11 22:40:37.0532 Scan started
2010/08/11 22:40:37.0532 Mode: Manual;
2010/08/11 22:40:37.0532 ================================================================================
2010/08/11 22:40:39.0702 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/11 22:40:39.0753 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/11 22:40:39.0851 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/11 22:40:39.0911 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/11 22:40:39.0946 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/11 22:40:40.0100 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/11 22:40:40.0193 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/11 22:40:40.0243 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/11 22:40:40.0304 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2010/08/11 22:40:40.0392 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/11 22:40:40.0461 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2010/08/11 22:40:40.0501 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/11 22:40:40.0550 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/11 22:40:40.0678 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/11 22:40:40.0739 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/11 22:40:40.0823 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/11 22:40:40.0849 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
2010/08/11 22:40:40.0917 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2010/08/11 22:40:41.0160 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2010/08/11 22:40:41.0238 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2010/08/11 22:40:41.0317 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2010/08/11 22:40:41.0404 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/11 22:40:41.0484 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/11 22:40:41.0583 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/11 22:40:41.0672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/11 22:40:41.0737 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/11 22:40:41.0812 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/11 22:40:41.0906 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/11 22:40:41.0963 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/11 22:40:42.0010 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/11 22:40:42.0098 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/11 22:40:42.0515 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/11 22:40:42.0607 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/11 22:40:42.0683 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/11 22:40:42.0791 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2010/08/11 22:40:42.0898 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/11 22:40:42.0963 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2010/08/11 22:40:43.0046 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
2010/08/11 22:40:43.0112 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/11 22:40:43.0150 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/11 22:40:43.0248 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/11 22:40:43.0360 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/11 22:40:43.0433 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/11 22:40:43.0508 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/11 22:40:43.0566 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/11 22:40:43.0671 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/11 22:40:43.0771 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/11 22:40:43.0826 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/11 22:40:43.0911 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/11 22:40:44.0004 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/11 22:40:44.0114 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/11 22:40:44.0197 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/11 22:40:44.0263 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/11 22:40:44.0304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/11 22:40:44.0401 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/11 22:40:44.0487 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/11 22:40:44.0536 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/11 22:40:44.0589 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/11 22:40:44.0656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/11 22:40:44.0747 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/11 22:40:44.0816 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/11 22:40:44.0881 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/11 22:40:44.0989 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/11 22:40:45.0059 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/11 22:40:45.0110 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/11 22:40:45.0175 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/08/11 22:40:45.0316 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/08/11 22:40:45.0553 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/08/11 22:40:45.0639 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2010/08/11 22:40:45.0688 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/11 22:40:45.0797 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/11 22:40:45.0850 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/11 22:40:45.0936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/11 22:40:45.0995 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2010/08/11 22:40:46.0038 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/11 22:40:46.0121 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/11 22:40:46.0279 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/11 22:40:46.0501 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/11 22:40:46.0631 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/11 22:40:46.0693 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/11 22:40:46.0735 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/11 22:40:46.0764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/11 22:40:46.0798 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/11 22:40:46.0841 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/11 22:40:46.0901 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/11 22:40:46.0961 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/11 22:40:47.0105 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/11 22:40:47.0167 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/11 22:40:47.0202 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/11 22:40:47.0251 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/11 22:40:47.0288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/11 22:40:47.0438 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys
2010/08/11 22:40:47.0582 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/11 22:40:47.0636 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/11 22:40:47.0687 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/11 22:40:47.0927 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/11 22:40:47.0979 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/11 22:40:48.0057 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/11 22:40:48.0150 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/11 22:40:48.0185 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/11 22:40:48.0243 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/11 22:40:48.0302 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/11 22:40:48.0334 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/11 22:40:48.0391 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/11 22:40:48.0431 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/11 22:40:48.0480 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/11 22:40:48.0530 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/11 22:40:48.0567 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
2010/08/11 22:40:48.0605 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/11 22:40:48.0665 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/11 22:40:48.0712 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/11 22:40:48.0780 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/11 22:40:48.0825 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/11 22:40:48.0870 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/11 22:40:48.0919 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/11 22:40:48.0971 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/11 22:40:49.0019 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/11 22:40:49.0075 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/11 22:40:49.0158 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/11 22:40:49.0392 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/08/11 22:40:49.0525 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/11 22:40:49.0567 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/11 22:40:49.0614 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/11 22:40:49.0672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/11 22:40:49.0750 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/11 22:40:49.0792 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/11 22:40:50.0147 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/08/11 22:40:50.0718 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/11 22:40:50.0957 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/11 22:40:51.0034 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/11 22:40:51.0128 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/11 22:40:51.0216 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/11 22:40:51.0252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/11 22:40:51.0356 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/08/11 22:40:51.0464 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
2010/08/11 22:40:51.0688 nvlddmkm (9fa0906253ba079d8c086cd2700e8b4e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/11 22:40:52.0023 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/11 22:40:52.0094 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/08/11 22:40:52.0143 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/11 22:40:52.0332 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/11 22:40:52.0479 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/11 22:40:52.0611 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/11 22:40:52.0668 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/11 22:40:52.0712 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/11 22:40:52.0795 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/11 22:40:52.0930 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2010/08/11 22:40:52.0979 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/11 22:40:53.0051 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/11 22:40:53.0334 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/11 22:40:53.0380 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2010/08/11 22:40:53.0468 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/11 22:40:53.0570 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/11 22:40:53.0707 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/11 22:40:53.0788 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/11 22:40:53.0837 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/11 22:40:53.0920 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/11 22:40:54.0074 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/11 22:40:54.0202 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/11 22:40:54.0380 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/11 22:40:54.0450 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/11 22:40:54.0541 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/11 22:40:54.0607 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/11 22:40:54.0673 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/11 22:40:54.0860 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/11 22:40:54.0925 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
2010/08/11 22:40:55.0269 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/11 22:40:55.0634 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/11 22:40:55.0830 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/11 22:40:56.0061 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/11 22:40:56.0297 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/11 22:40:56.0419 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/11 22:40:56.0575 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/11 22:40:56.0701 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/11 22:40:56.0919 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/11 22:40:57.0074 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/11 22:40:57.0158 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/11 22:40:57.0270 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/11 22:40:57.0403 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/11 22:40:57.0475 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/11 22:40:57.0530 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/11 22:40:57.0605 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/11 22:40:57.0690 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/11 22:40:57.0804 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/11 22:40:57.0895 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/08/11 22:40:57.0911 sptd - detected Locked file (1)
2010/08/11 22:40:58.0046 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2010/08/11 22:40:58.0128 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/11 22:40:58.0197 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/11 22:40:58.0282 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/11 22:40:58.0386 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/11 22:40:58.0508 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/11 22:40:58.0573 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/11 22:40:58.0662 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/11 22:40:58.0796 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2010/08/11 22:40:58.0920 Tcpip (01ec1e92595f839bee70d439c46796e3) C:\Windows\system32\drivers\tcpip.sys
2010/08/11 22:40:59.0087 Tcpip6 (01ec1e92595f839bee70d439c46796e3) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/11 22:40:59.0181 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/11 22:40:59.0260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/11 22:40:59.0378 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/11 22:40:59.0458 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/11 22:40:59.0521 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/11 22:40:59.0660 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/11 22:40:59.0742 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/11 22:40:59.0799 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/11 22:40:59.0877 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/11 22:40:59.0951 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/11 22:41:00.0071 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/11 22:41:00.0176 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/11 22:41:00.0250 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/11 22:41:00.0399 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/11 22:41:00.0470 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/11 22:41:00.0593 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/11 22:41:00.0683 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/11 22:41:00.0777 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/11 22:41:00.0872 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/11 22:41:00.0954 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/11 22:41:01.0011 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/11 22:41:01.0099 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/11 22:41:01.0249 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/11 22:41:01.0433 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/11 22:41:01.0565 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/11 22:41:01.0696 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/11 22:41:01.0814 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/11 22:41:01.0882 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/11 22:41:01.0956 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/11 22:41:02.0023 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/11 22:41:02.0148 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2010/08/11 22:41:02.0188 Suspicious service (NoAccess): vnaeb
2010/08/11 22:41:02.0282 vnaeb (fa87c92e0b45f6b0905dc0efeb3a9d06) C:\Windows\system32\drivers\vnaeb.sys
2010/08/11 22:41:02.0282 Suspicious file (NoAccess): C:\Windows\system32\drivers\vnaeb.sys. md5: fa87c92e0b45f6b0905dc0efeb3a9d06
2010/08/11 22:41:02.0301 vnaeb - detected Locked service (1)
2010/08/11 22:41:02.0390 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/11 22:41:02.0454 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/11 22:41:02.0510 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/11 22:41:02.0565 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/11 22:41:02.0666 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/11 22:41:02.0741 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/11 22:41:02.0786 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/11 22:41:02.0884 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/11 22:41:02.0974 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/11 22:41:03.0148 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/11 22:41:03.0416 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/11 22:41:03.0598 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/11 22:41:03.0733 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/11 22:41:03.0905 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/11 22:41:04.0031 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/08/11 22:41:04.0131 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/08/11 22:41:04.0233 ================================================================================
2010/08/11 22:41:04.0233 Scan finished
2010/08/11 22:41:04.0233 ================================================================================
2010/08/11 22:41:04.0253 Detected object count: 2
2010/08/11 22:41:54.0409 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/11 22:41:54.0409 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/08/11 22:41:54.0457 C:\Windows\system32\Drivers\sptd.sys - quarantined
2010/08/11 22:41:54.0457 Locked file(sptd) - User select action: Quarantine
2010/08/11 22:41:54.0570 vnaeb (fa87c92e0b45f6b0905dc0efeb3a9d06) C:\Windows\system32\drivers\vnaeb.sys
2010/08/11 22:41:54.0570 Suspicious file (NoAccess): C:\Windows\system32\drivers\vnaeb.sys. md5: fa87c92e0b45f6b0905dc0efeb3a9d06
2010/08/11 22:41:54.0581 C:\Windows\system32\drivers\vnaeb.sys - quarantined
2010/08/11 22:41:54.0581 Locked service(vnaeb) - User select action: Quarantine


Found two 'suspicious' items. I quarantined them both. Thanks.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:16 PM

Posted 11 August 2010 - 05:29 PM

Okay now rerun MBRCheck

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you [b]"Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#15 Bradyia2

Bradyia2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 12 August 2010 - 05:52 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 197):
0x81C08000 \SystemRoot\system32\ntkrnlpa.exe
0x81FC2000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\PSHED.dll
0x80419000 \SystemRoot\system32\BOOTVID.dll
0x80421000 \SystemRoot\system32\CLFS.SYS
0x80462000 \SystemRoot\system32\CI.dll
0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\System32\Drivers\spjw.sys
0x806FA000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80703000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80729000 \SystemRoot\system32\drivers\acpi.sys
0x8076F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80777000 \SystemRoot\system32\drivers\pci.sys
0x8079E000 \SystemRoot\system32\drivers\isapnp.sys
0x807AD000 \SystemRoot\system32\drivers\mpio.sys
0x807C9000 \SystemRoot\System32\drivers\partmgr.sys
0x8220E000 \SystemRoot\System32\Drivers\vnaeb.sys
0x822D0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x822D3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x822DD000 \SystemRoot\system32\drivers\volmgr.sys
0x822EC000 \SystemRoot\System32\drivers\volmgrx.sys
0x82336000 \SystemRoot\system32\drivers\intelide.sys
0x8233D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8234B000 \SystemRoot\system32\drivers\pciide.sys
0x82352000 \SystemRoot\system32\drivers\aliide.sys
0x82359000 \SystemRoot\system32\drivers\amdide.sys
0x82360000 \SystemRoot\system32\drivers\cmdide.sys
0x82368000 \SystemRoot\System32\drivers\mountmgr.sys
0x82378000 \SystemRoot\system32\drivers\msdsm.sys
0x82392000 \SystemRoot\system32\drivers\nvraid.sys
0x823AD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x823CE000 \SystemRoot\system32\drivers\viaide.sys
0x8280A000 \SystemRoot\system32\drivers\iastorv.sys
0x828AB000 \SystemRoot\system32\drivers\atapi.sys
0x828B3000 \SystemRoot\system32\drivers\ataport.SYS
0x828D1000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x828EB000 \SystemRoot\system32\drivers\storport.sys
0x8292C000 \SystemRoot\system32\drivers\msahci.sys
0x82936000 \SystemRoot\system32\drivers\hpcisss.sys
0x82941000 \SystemRoot\system32\drivers\adp94xx.sys
0x829AB000 \SystemRoot\system32\drivers\adpahci.sys
0x823D6000 \SystemRoot\system32\drivers\adpu160m.sys
0x807D8000 \SystemRoot\system32\drivers\adpu320.sys
0x805CB000 \SystemRoot\system32\drivers\djsvs.sys
0x805DF000 \SystemRoot\system32\drivers\arc.sys
0x82A02000 \SystemRoot\system32\drivers\arcsas.sys
0x82A18000 \SystemRoot\system32\drivers\elxstor.sys
0x82AAC000 \SystemRoot\system32\drivers\i2omp.sys
0x82AB6000 \SystemRoot\system32\drivers\iirsp.sys
0x82AC6000 \SystemRoot\system32\drivers\iteatapi.sys
0x82AD2000 \SystemRoot\system32\drivers\iteraid.sys
0x82ADE000 \SystemRoot\system32\drivers\lsi_fc.sys
0x82AF8000 \SystemRoot\system32\drivers\lsi_sas.sys
0x82B10000 \SystemRoot\system32\drivers\megasas.sys
0x82B1A000 \SystemRoot\system32\drivers\megasr.sys
0x82BD1000 \SystemRoot\system32\drivers\mraid35x.sys
0x82BDC000 \SystemRoot\system32\drivers\nfrd960.sys
0x82BEA000 \SystemRoot\system32\drivers\nvstor.sys
0x87C09000 \SystemRoot\system32\drivers\ql2300.sys
0x87D41000 \SystemRoot\system32\drivers\ql40xx.sys
0x87D96000 \SystemRoot\system32\drivers\sisraid2.sys
0x87DA3000 \SystemRoot\system32\drivers\sisraid4.sys
0x87DB8000 \SystemRoot\system32\drivers\symc8xx.sys
0x87DC4000 \SystemRoot\system32\drivers\sym_hi.sys
0x87DCF000 \SystemRoot\system32\drivers\sym_u3.sys
0x87E07000 \SystemRoot\system32\drivers\uliahci.sys
0x87E43000 \SystemRoot\system32\drivers\ulsata.sys
0x87E64000 \SystemRoot\system32\drivers\ulsata2.sys
0x87E90000 \SystemRoot\system32\drivers\vsmraid.sys
0x87EB1000 \SystemRoot\system32\drivers\fltmgr.sys
0x87EE3000 \SystemRoot\system32\drivers\fileinfo.sys
0x87EF3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88002000 \SystemRoot\system32\drivers\ndis.sys
0x8810D000 \SystemRoot\system32\drivers\msrpc.sys
0x88138000 \SystemRoot\system32\drivers\NETIO.SYS
0x88207000 \SystemRoot\System32\drivers\tcpip.sys
0x882EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88512000 \SystemRoot\system32\drivers\wd.sys
0x8851A000 \SystemRoot\system32\drivers\volsnap.sys
0x88553000 \SystemRoot\System32\Drivers\spldr.sys
0x8855B000 \SystemRoot\system32\drivers\sbp2port.sys
0x88570000 \SystemRoot\System32\Drivers\mup.sys
0x8857F000 \SystemRoot\System32\drivers\ecache.sys
0x885A6000 \SystemRoot\system32\drivers\disk.sys
0x885B7000 \SystemRoot\system32\drivers\crcdisk.sys
0x885EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88309000 \SystemRoot\system32\DRIVERS\processr.sys
0x885F4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88318000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8832B000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x88330000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8833B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x885FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8836B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88376000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8837A000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88382000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8838C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x883CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x883D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88172000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x883EB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C005000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C20A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C939000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C9D8000 \SystemRoot\System32\drivers\watchdog.sys
0x8C102000 \SystemRoot\system32\DRIVERS\athr.sys
0x8818A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C9E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C1E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C9F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x881B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x883F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x881DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x87F64000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C200000 \SystemRoot\system32\DRIVERS\taphss.sys
0x881EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C207000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87F79000 \SystemRoot\system32\DRIVERS\ks.sys
0x87FA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87FAD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87FBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87FEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CA09000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CA44000 \SystemRoot\system32\drivers\portcls.sys
0x8CA71000 \SystemRoot\system32\drivers\drmk.sys
0x8CA96000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CAD4000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CC01000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CCB6000 \SystemRoot\system32\drivers\modem.sys
0x8CCC3000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8CCD1000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8CCE4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCFB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CD1C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CD25000 \SystemRoot\System32\Drivers\Null.SYS
0x8CD2C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CD3C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CD43000 \SystemRoot\System32\drivers\vga.sys
0x8CD4F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CD70000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CD78000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CD80000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CD8B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CD99000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CDA2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CDB8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CDCC000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8D009000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D03B000 \SystemRoot\system32\drivers\afd.sys
0x8D083000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D099000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D0A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D0BA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8D0DC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8D0E2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D11E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D128000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D13F000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8D145000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8D196000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8D1D1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D1DE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D1E9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x816C0000 \SystemRoot\System32\win32k.sys
0x8D1F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CDE5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x818E0000 \SystemRoot\System32\TSDDD.dll
0x81900000 \SystemRoot\System32\cdd.dll
0x81910000 \SystemRoot\System32\ATMFD.DLL
0x8CBD7000 \SystemRoot\system32\drivers\luafv.sys
0x885C0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B40D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B437000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B441000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B454000 \SystemRoot\system32\drivers\HTTP.sys
0x9B4BF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B4DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B4F5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B50A000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B52A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B549000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B582000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B59A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C002000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C04E000 \SystemRoot\system32\drivers\spsys.sys
0x9C115000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C119000 \SystemRoot\system32\drivers\peauth.sys
0x9C0FD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C107000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C1F7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9B5C1000 \??\C:\Windows\system32\drivers\mbam.sys
0x9B5C5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77CD0000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
408 C:\Windows\System32\smss.exe
476 csrss.exe
524 C:\Windows\System32\wininit.exe
532 csrss.exe
572 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\nvvsvc.exe
828 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\winlogon.exe
900 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\rundll32.exe
1404 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\wlanext.exe
1632 C:\Windows\System32\spoolsv.exe
1656 C:\Windows\System32\svchost.exe
2012 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2044 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
304 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
456 C:\Program Files\Hotspot Shield\bin\hsswd.exe
812 C:\Program Files\iPod\bin\iPodService.exe
1112 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1436 C:\Windows\System32\lxddcoms.exe
736 C:\Windows\System32\svchost.exe
1760 C:\Program Files\SMINST\BLService.exe
1916 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1428 C:\Windows\System32\svchost.exe
2084 C:\Windows\System32\svchost.exe
2140 C:\Windows\System32\SearchIndexer.exe
2272 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
2280 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2336 C:\Windows\System32\drivers\XAudio.exe
2388 C:\PROGRA~1\AVG\AVG8\avgemc.exe
2572 C:\Program Files\AVG\AVG8\avgcsrvx.exe
2616 C:\Windows\System32\taskeng.exe
2996 C:\Windows\System32\dwm.exe
3032 C:\Windows\explorer.exe
3132 C:\Windows\System32\rundll32.exe
3144 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3160 C:\Program Files\HP\QuickPlay\QPService.exe
3316 C:\Program Files\Windows Defender\MSASCui.exe
3332 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3400 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3408 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3416 C:\Program Files\AVG\AVG8\avgtray.exe
3440 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3448 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3688 C:\Windows\System32\taskeng.exe
2936 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3288 WmiPrvSE.exe
152 C:\Program Files\Windows Media Player\wmpnscfg.exe
3668 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3592 C:\Program Files\Windows Media Player\wmpnetwk.exe
4088 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3648 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1392 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2992 C:\Windows\System32\conime.exe
3660 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3240 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3528 C:\Windows\System32\wuauclt.exe
3948 C:\Windows\servicing\TrustedInstaller.exe
3096 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
692 C:\Program Files\AVG\AVG8\avgcsrvx.exe
3140 C:\Users\Ian\Registry\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`be800000 (NTFS)

PhysicalDrive0 Model Number: ST9160310AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


This is the report I got after I ran the programme again after restart. But there was also another report there before i ran the MBRCheck after restart. Do you need that?

I'm still getting Windows command prompt opening when the computer starts. Well I have to allow it run, if I press cancel it just keeps popping up again.

Also, on start-up this morning, a window asking me to restore vsbntlo.exe opened up. All search results on google said it was malware so I pressed cancel and disabled C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe in MSconfig start-up.

Cheers.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users