Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected? Help!


  • Please log in to reply
23 replies to this topic

#1 driftking24

driftking24

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 August 2010 - 09:01 AM

I don't know if I have a virus or not but my computer has been acting strange. I was having lots of problems so I reformatted my hard drive hoping it would go away but for some reason, it's still there.

Before the reformatting, the problem began with random full-screen internet advertisements and also audio advertisements playing in the background. The internet ads would popup randomly even if I wasn't using the internet. Same with the audio ads. Also, when these ads were popping up or running in the background, I couldn't spot any new processes starting up so I didn't know what the problem was. I used GMER and found out that a hidden iexplore.exe was running but whenever I deleted it, a new one would start up again. So I blocked every application from using Internet Explorer (using my COMODO firewall). A few days later, my MSN Messenger stopped working and then my speakers stopped as well. I don't know if it was a problem with my drivers or not so I reinstalled them again but windows kept giving me the "no audio device" problem. I used Process Explorer to see if there's any suspicious processes running on my computer and I found that there were two svchost.exe running that kept going away and coming back with a new PID. I tried to kill those processes but it didn't work. They couldn't be deleting and they just randomly kept going away and coming back (in a matter of seconds).

So I got my hard drive formatted and started everything again yesterday. I downloaded my antivirus (avast!), firewall (COMODO) and spyware/malware scanners and thought that the problem had gone away. A few hours later, I got my first internet advertisement and soon after, an audio advertisement playing in the background. This happened yesterday. Today I downloaded Process Explorer to see if those two suspicious svchost.exe processes are running and they are. Like before, they keep going away and coming back and I can't kill them (through Task Manager or Process Explorer).

Does anyone know how to solve this problem? I can provide screenshots if you need it.

BC AdBot (Login to Remove)

 


#2 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 August 2010 - 08:48 AM

Anyone? Nothing? Am I asking in the wrong section or something? Sorry, I'm new here.
(Bump)

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 03 August 2010 - 09:53 AM

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs) and can run other services underneath itself. This is a valid system process that belongs to the Windows Operating System which handles processes executed from .dll's. It runs from the registry key, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost where details of the services running under each instance of svchost.exe can be found. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual to find multiple instances of Svchost.exe running at the same time in Task Manager in order to optimize the running of the various services.
  • svchost.exe SYSTEM
  • svchost.exe LOCAL SERVICE
  • svchost.exe NETWORK SERVICE
Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process ID's (PID's) are not static and can change with each logon but generally they stay nearly the same because they are running services all the time. The PID's must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If 'Suspicious' objects are detected, Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.


Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 August 2010 - 10:11 AM

Hi quietman7, thanks for your reply, here are the two logs.

TDSS Killer
2010/08/03 11:02:23.0474 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/08/03 11:02:23.0474 ================================================================================
2010/08/03 11:02:23.0474 SystemInfo:
2010/08/03 11:02:23.0474
2010/08/03 11:02:23.0474 OS Version: 5.1.2600 ServicePack: 2.0
2010/08/03 11:02:23.0474 Product type: Workstation
2010/08/03 11:02:23.0474 ComputerName: MHAFN6JNR04POLF
2010/08/03 11:02:23.0474 UserName: Owner
2010/08/03 11:02:23.0474 Windows directory: C:\WINDOWS
2010/08/03 11:02:23.0474 System windows directory: C:\WINDOWS
2010/08/03 11:02:23.0474 Processor architecture: Intel x86
2010/08/03 11:02:23.0474 Number of processors: 1
2010/08/03 11:02:23.0474 Page size: 0x1000
2010/08/03 11:02:23.0474 Boot type: Normal boot
2010/08/03 11:02:23.0474 ================================================================================
2010/08/03 11:02:23.0724 Initialize success
2010/08/03 11:02:27.0700 ================================================================================
2010/08/03 11:02:27.0700 Scan started
2010/08/03 11:02:27.0700 Mode: Manual;
2010/08/03 11:02:27.0700 ================================================================================
2010/08/03 11:02:29.0182 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/03 11:02:29.0302 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/08/03 11:02:29.0402 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/03 11:02:29.0642 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/03 11:02:29.0703 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/08/03 11:02:29.0833 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/08/03 11:02:29.0903 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/03 11:02:30.0073 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/08/03 11:02:30.0133 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/03 11:02:30.0163 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/03 11:02:30.0183 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/03 11:02:30.0203 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/03 11:02:30.0223 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/03 11:02:30.0273 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/03 11:02:30.0293 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/03 11:02:30.0323 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/03 11:02:30.0384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/03 11:02:30.0484 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/08/03 11:02:30.0554 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
2010/08/03 11:02:30.0644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/03 11:02:30.0694 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/03 11:02:30.0754 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/03 11:02:30.0794 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/03 11:02:30.0844 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/03 11:02:30.0914 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2010/08/03 11:02:30.0954 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2010/08/03 11:02:31.0044 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/03 11:02:31.0105 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/03 11:02:31.0175 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/03 11:02:31.0205 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/03 11:02:31.0235 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/03 11:02:31.0275 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/03 11:02:31.0285 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/03 11:02:31.0315 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/03 11:02:31.0355 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/03 11:02:31.0385 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/08/03 11:02:31.0425 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/03 11:02:31.0505 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/03 11:02:31.0555 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/03 11:02:31.0585 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/03 11:02:31.0675 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/03 11:02:31.0766 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/03 11:02:31.0856 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/03 11:02:31.0906 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/03 11:02:32.0006 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/03 11:02:32.0086 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/03 11:02:32.0256 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/03 11:02:32.0457 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/03 11:02:32.0517 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys
2010/08/03 11:02:32.0547 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/03 11:02:32.0597 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/03 11:02:32.0697 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/03 11:02:32.0727 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/03 11:02:32.0757 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/03 11:02:32.0777 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/03 11:02:32.0817 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/03 11:02:32.0837 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/03 11:02:32.0907 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/03 11:02:32.0957 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/03 11:02:32.0987 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/03 11:02:33.0057 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/03 11:02:33.0077 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/03 11:02:33.0168 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/03 11:02:33.0258 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/03 11:02:33.0298 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/03 11:02:33.0308 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/03 11:02:33.0338 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/03 11:02:33.0378 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/03 11:02:33.0408 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/03 11:02:33.0448 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/03 11:02:33.0468 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/03 11:02:33.0508 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/03 11:02:33.0538 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/03 11:02:33.0558 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/03 11:02:33.0578 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/03 11:02:33.0618 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/03 11:02:33.0638 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/03 11:02:33.0678 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/03 11:02:33.0708 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/03 11:02:33.0758 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/03 11:02:33.0768 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/03 11:02:33.0778 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/03 11:02:33.0808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/03 11:02:33.0838 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/03 11:02:33.0859 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/03 11:02:33.0899 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/03 11:02:33.0949 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/03 11:02:34.0019 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/03 11:02:34.0089 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/03 11:02:34.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/03 11:02:34.0139 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/03 11:02:34.0149 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/03 11:02:34.0169 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/03 11:02:34.0179 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/03 11:02:34.0219 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/03 11:02:34.0239 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/03 11:02:34.0329 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/03 11:02:34.0369 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/03 11:02:34.0379 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/03 11:02:34.0389 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/03 11:02:34.0449 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/03 11:02:34.0459 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/03 11:02:34.0479 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/03 11:02:34.0489 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/03 11:02:34.0509 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/03 11:02:34.0519 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/03 11:02:34.0529 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/03 11:02:34.0550 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/03 11:02:34.0630 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/03 11:02:34.0680 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2010/08/03 11:02:34.0760 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/03 11:02:34.0780 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/03 11:02:34.0880 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/03 11:02:34.0930 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/08/03 11:02:34.0970 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/03 11:02:34.0980 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/03 11:02:35.0000 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/03 11:02:35.0030 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/03 11:02:35.0110 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/03 11:02:35.0150 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010/08/03 11:02:35.0200 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/03 11:02:35.0230 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/03 11:02:35.0261 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/03 11:02:35.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/03 11:02:35.0321 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/03 11:02:35.0371 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/03 11:02:35.0401 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/03 11:02:35.0421 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/03 11:02:35.0431 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/03 11:02:35.0451 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/03 11:02:35.0481 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/03 11:02:35.0511 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/03 11:02:35.0571 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/03 11:02:35.0631 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/03 11:02:35.0681 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/03 11:02:35.0711 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/03 11:02:35.0741 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/03 11:02:35.0781 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/03 11:02:35.0791 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/08/03 11:02:35.0821 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/03 11:02:35.0841 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/03 11:02:35.0861 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/03 11:02:35.0891 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/03 11:02:35.0921 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/03 11:02:35.0962 ================================================================================
2010/08/03 11:02:35.0962 Scan finished
2010/08/03 11:02:35.0962 ================================================================================
2010/08/03 11:02:43.0743 Deinitialize success



MBRCheck
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEC000 fltmgr.sys
0xB9EDA000 sr.sys
0xB9EC3000 KSecDD.sys
0xB9E36000 Ntfs.sys
0xB9E22000 inspect.sys
0xB9DF5000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA0F8000 viaagp.sys
0xB9DDA000 Mup.sys
0xBA108000 agp440.sys
0xBA188000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB97FE000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB97EA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB97BF000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA398000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB979C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3A0000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB975C000 \SystemRoot\system32\drivers\smwdm.sys
0xB9738000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xB9715000 \SystemRoot\system32\drivers\ks.sys
0xB9662000 \SystemRoot\system32\drivers\senfilt.sys
0xBA3B0000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB964E000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA1A8000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA570000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA7DE000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA578000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9637000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB9626000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA3C8000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA3D0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB95F5000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA3E0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5BC000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9599000 \SystemRoot\System32\DRIVERS\update.sys
0xBA590000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA268000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5BE000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA3F8000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xA93DB000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5D4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6A4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA418000 \SystemRoot\System32\drivers\vga.sys
0xBA5D8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA55C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA93A8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA9350000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA438000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA9307000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA2B8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA92DF000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA92BD000 \SystemRoot\System32\drivers\afd.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA929A000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xA9278000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA440000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA924C000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA91DD000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA91B6000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA460000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA470000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA318000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBA128000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA138000 \SystemRoot\System32\Drivers\usbaapl.sys
0xA9425000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA148000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA4B0000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xA9415000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9411000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA90D6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA380000 \SystemRoot\System32\watchdog.sys
0xA9344000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA79C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xA907A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA906A000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA8E67000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA8E44000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8ABF000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8DC4000 \SystemRoot\system32\drivers\sysaudio.sys
0xA88D5000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA65A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA8792000 \SystemRoot\System32\DRIVERS\srv.sys
0xA8481000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA430000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA81C1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP141.SYS
0xA8172000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ugkcyfog.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
620 C:\WINDOWS\system32\smss.exe
676 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
756 C:\WINDOWS\system32\lsass.exe
920 C:\WINDOWS\system32\svchost.exe
988 svchost.exe
1084 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1108 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1304 svchost.exe
1448 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1828 C:\WINDOWS\explorer.exe
228 C:\WINDOWS\system32\svchost.exe
300 C:\WINDOWS\system32\spoolsv.exe
380 C:\Program Files\Analog Devices\Core\smax4pnp.exe
652 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
664 C:\Program Files\Bonjour\mDNSResponder.exe
880 C:\Program Files\Java\jre6\bin\jqs.exe
1028 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
1036 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1216 C:\WINDOWS\system32\ctfmon.exe
1252 C:\Program Files\Messenger\msmsgs.exe
1332 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
460 C:\Program Files\Spyware Terminator\sp_rsser.exe
2436 alg.exe
3276 C:\WINDOWS\system32\svchost.exe
3148 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c459d800 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: BB7AACF2A31824D3C6856A25F0F359BCB2133824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 03 August 2010 - 10:19 AM

Your log indicates you have an infected Master Boot Record (MBR). To learn more about this infection please refer to:Rerun MBRCheck.exe again by double-clicking on it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option [2] (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter [0] (for PhysicalDrive0) and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below.

    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:

  • Please select your version of Windows from the list and enter the corresponding number (For example, type 0 or 1 for XP, type 3 for Vista, etc) and then press Enter. Be careful...if the wrong OS is used, it will render the computer unbootable.
  • When prompted for confirmation: 'Do you want to fix the MBR code?'. Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key on your keyboard to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.
Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. Further, Vista does not always use the same MBR code as it depends on the type of install that was used. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console (XP) or Recovery Environment Startup Repair (Vista, Windows 7) in case of any problems, or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 August 2010 - 01:11 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c459d800 (NTFS)

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: BB7AACF2A31824D3C6856A25F0F359BCB2133824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 03 August 2010 - 01:48 PM

We need to confirm that the MBR was restored successfully.

After rebooting, rerun rerun MBRCheck.exe once more by double-clicking on it (do not run any options).
  • It will open a black screen with some data on it and continue to run.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A new log named MBRCheck_date_time.txt will appear on the desktop.
  • Do not get this log confused with any previous logs (check the date and time if unsure).
  • Copy and paste the contents of that log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 August 2010 - 01:58 PM

I think it's still there:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 spit.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E61000 ACPI.sys
0xB9E50000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9E31000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E0B000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DF3000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9DD4000 fltmgr.sys
0xB9DC2000 sr.sys
0xB9DAB000 KSecDD.sys
0xB9D1E000 Ntfs.sys
0xB9D0A000 inspect.sys
0xB9CDD000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA0F8000 viaagp.sys
0xB9CC2000 Mup.sys
0xBA108000 agp440.sys
0xBA188000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9186000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9172000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9147000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3A0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9124000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3A8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB90E4000 \SystemRoot\system32\drivers\smwdm.sys
0xB90C0000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xB909D000 \SystemRoot\system32\drivers\ks.sys
0xB8FEA000 \SystemRoot\system32\drivers\senfilt.sys
0xBA3B8000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8FD6000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA1A8000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA580000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8FA0000 \SystemRoot\System32\Drivers\ano65tcz.SYS
0xBA69E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA594000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8F89000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8F78000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA430000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA438000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8F47000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA440000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA448000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5BE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8F13000 \SystemRoot\System32\DRIVERS\update.sys
0xB9C89000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA288000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5C4000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA458000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xA8D55000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA703000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA478000 \SystemRoot\System32\drivers\vga.sys
0xBA5D0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA480000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9709000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA8CFA000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA8CA2000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA498000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA8C81000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA2B8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8C59000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8C37000 \SystemRoot\System32\drivers\afd.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8C14000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xA8BF2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA4A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8BC6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA8B57000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B30000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA370000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA380000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA318000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8EFF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA128000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA138000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8EF3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8EEF000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA8AF0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA408000 \SystemRoot\System32\watchdog.sys
0xB970D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA77E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xA8D2D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA8954000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA87E1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA836C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8751000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7FCA000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA60A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7F27000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7B76000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA410000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8399000 \??\C:\WINDOWS\system32\Drivers\PROCEXP141.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 34):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
932 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1096 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1120 C:\WINDOWS\system32\svchost.exe
1224 svchost.exe
1316 svchost.exe
1460 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1716 C:\WINDOWS\system32\svchost.exe
1840 C:\WINDOWS\explorer.exe
1976 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2036 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
192 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
200 C:\WINDOWS\system32\ctfmon.exe
212 C:\Program Files\Messenger\msmsgs.exe
548 C:\WINDOWS\system32\svchost.exe
624 C:\WINDOWS\system32\spoolsv.exe
1860 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1960 C:\Program Files\Bonjour\mDNSResponder.exe
2080 C:\Program Files\Java\jre6\bin\jqs.exe
2120 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2424 C:\Program Files\Spyware Terminator\sp_rsser.exe
2544 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
3180 alg.exe
3756 C:\Documents and Settings\Owner\Desktop\Computer Cleaners\Process Explorer.exe
3884 C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
1076 C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugin-container.exe
3784 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c459d800 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: BB7AACF2A31824D3C6856A25F0F359BCB2133824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 03 August 2010 - 02:19 PM

Are you sure that's the most current log? Did you check the date/time?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 August 2010 - 03:29 PM

Yeah I'm sure it's my most current one. I moved the other logs to another folder. Just in case, I ran MRBCheck again just now (04:28pm):


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 spit.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E61000 ACPI.sys
0xB9E50000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9E31000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E0B000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DF3000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9DD4000 fltmgr.sys
0xB9DC2000 sr.sys
0xB9DAB000 KSecDD.sys
0xB9D1E000 Ntfs.sys
0xB9D0A000 inspect.sys
0xB9CDD000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA0F8000 viaagp.sys
0xB9CC2000 Mup.sys
0xBA108000 agp440.sys
0xBA188000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9186000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9172000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9147000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3A0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9124000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3A8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB90E4000 \SystemRoot\system32\drivers\smwdm.sys
0xB90C0000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xB909D000 \SystemRoot\system32\drivers\ks.sys
0xB8FEA000 \SystemRoot\system32\drivers\senfilt.sys
0xBA3B8000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8FD6000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA1A8000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA580000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8FA0000 \SystemRoot\System32\Drivers\ano65tcz.SYS
0xBA69E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA594000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8F89000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8F78000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA430000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA438000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8F47000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA440000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA448000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5BE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8F13000 \SystemRoot\System32\DRIVERS\update.sys
0xB9C89000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA288000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5C4000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA458000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xA8D55000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA703000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA478000 \SystemRoot\System32\drivers\vga.sys
0xBA5D0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA480000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9709000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA8CFA000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA8CA2000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA498000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA8C81000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA2B8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8C59000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8C37000 \SystemRoot\System32\drivers\afd.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8C14000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xA8BF2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA4A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8BC6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA8B57000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B30000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA370000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA380000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA318000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8EFF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA128000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA138000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8EF3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8EEF000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA8AF0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA408000 \SystemRoot\System32\watchdog.sys
0xB970D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA77E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xA8D2D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA8954000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA87E1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA836C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8751000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7FCA000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA60A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7F27000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7B76000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA410000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8399000 \??\C:\WINDOWS\system32\Drivers\PROCEXP141.SYS
0xA7A34000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 34):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
932 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1096 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1120 C:\WINDOWS\system32\svchost.exe
1224 svchost.exe
1316 svchost.exe
1460 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1716 C:\WINDOWS\system32\svchost.exe
1840 C:\WINDOWS\explorer.exe
1976 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2036 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
192 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
200 C:\WINDOWS\system32\ctfmon.exe
212 C:\Program Files\Messenger\msmsgs.exe
548 C:\WINDOWS\system32\svchost.exe
624 C:\WINDOWS\system32\spoolsv.exe
1860 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1960 C:\Program Files\Bonjour\mDNSResponder.exe
2080 C:\Program Files\Java\jre6\bin\jqs.exe
2120 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2424 C:\Program Files\Spyware Terminator\sp_rsser.exe
2544 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
3180 alg.exe
3756 C:\Documents and Settings\Owner\Desktop\Computer Cleaners\Process Explorer.exe
3884 C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
1076 C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugin-container.exe
3064 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c459d800 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: BB7AACF2A31824D3C6856A25F0F359BCB2133824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 03 August 2010 - 04:17 PM

I am going to check with the tool's developer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 August 2010 - 04:28 PM

Alright, thanks, I'll wait. Also, like I said earlier, using Process Explorer I've found two suspicious svchost processes running on my computer. The reason why these two processes seem suspicious is because they aren't running any services. Second, whether it's Task Manager, Process Explorer or my COMODO firewall, I cannot kill these two. They only go away randomly by themselves and respawn a few seconds later with a new PID.

I've noticed something else. According to this thread about services, by right-clicking the svchost.exe process in Process Explorer and clicking "properties", I should be able to view what services are running under that process in the "services" tab. The problem is, unlike the other svchost processes, these two don't have a services tab! I really don't know if this is just paranoia but here's the deal:

Although I cannot kill these two svchosts, I can suspend them in Process Explorer. This temporarily solves my problems but I have to keep starting up Process Explorer and suspend them every time I start my computer. I also have to keep Process Explorer open to keep them suspended.

Just thought I'd let you know, maybe it'll help...

EDIT: Keeping these two processes suspended temporarily stops the popups and audio ads until I restart my computer.

Edited by driftking24, 03 August 2010 - 04:31 PM.


#13 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 05 August 2010 - 09:15 AM

Sorry, just wondering, any new updates? I've still got my infected MBR and don't know how to fix it...

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,753 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 05 August 2010 - 09:35 AM

No, I have not heard anything back as to why the fix did not work in your case.

If you don't want to wait then you can try:After that, I recommend further investigation based on the symptoms you have described. Many of the tools we use in this forum are not capable of detecting all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS/HijackThis log.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 driftking24

driftking24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 08 August 2010 - 03:01 PM

Hey guys, I ran MBRCheck several times but nothing worked. Today when I turned on the computer, it kept restarting for a while. For some reason I decided to try MBRCheck once more before posting in the other forum and guess what? The fix worked! Thank you so much Bleeping Computer and thanks a lot quietman7. Couldn't have done it without you. :thumbsup: Here's the latest log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 spjz.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E61000 ACPI.sys
0xB9E50000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9E31000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E0B000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DF3000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9DD4000 fltmgr.sys
0xB9DC2000 sr.sys
0xB9DAB000 KSecDD.sys
0xB9D1E000 Ntfs.sys
0xB9D0A000 inspect.sys
0xB9CDD000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA0F8000 viaagp.sys
0xB9CC2000 Mup.sys
0xBA108000 agp440.sys
0xBA168000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9186000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9172000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9147000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3A0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9124000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3A8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB90E4000 \SystemRoot\system32\drivers\smwdm.sys
0xB90C0000 \SystemRoot\system32\drivers\portcls.sys
0xBA178000 \SystemRoot\system32\drivers\drmk.sys
0xB909D000 \SystemRoot\system32\drivers\ks.sys
0xB8FEA000 \SystemRoot\system32\drivers\senfilt.sys
0xBA3B8000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8FD6000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA188000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA578000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA198000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA1A8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8FA0000 \SystemRoot\System32\Drivers\ajhjpdmw.SYS
0xBA691000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA58C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8F89000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA1D8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8F78000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA1F8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA430000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA438000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8F47000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA208000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA440000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA448000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5BE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8F13000 \SystemRoot\System32\DRIVERS\update.sys
0xBA5A4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA218000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA248000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5C0000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA458000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xA8D55000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6D4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA478000 \SystemRoot\System32\drivers\vga.sys
0xBA5C8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA480000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9719000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA8CFA000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA8CA2000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA498000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA8C81000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA278000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8C59000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8C37000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8C14000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xA8BF2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA4A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8BC6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA8B57000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B30000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA370000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA380000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA2D8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8EFB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8EF3000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8EEF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8EEB000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA8AC8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5D6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA3F0000 \SystemRoot\System32\watchdog.sys
0xA8D31000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xA8D29000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA8D25000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA87E1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA8531000 \??\C:\WINDOWS\system32\Drivers\PROCEXP141.SYS
0xA82A4000 \SystemRoot\system32\drivers\wdmaud.sys
0xA85A9000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8092000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA62C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7FEF000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7C8E000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA468000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA7B4C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 31):
0 System Idle Process
4 System
448 C:\WINDOWS\system32\smss.exe
684 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\svchost.exe
996 svchost.exe
1092 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1116 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1368 svchost.exe
1544 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1868 C:\WINDOWS\explorer.exe
2020 C:\WINDOWS\system32\ctfmon.exe
2028 C:\Program Files\Messenger\msmsgs.exe
256 C:\Documents and Settings\Owner\Desktop\Computer Cleaners\Process Explorer.exe
620 C:\WINDOWS\system32\LEXBCES.EXE
644 C:\WINDOWS\system32\LEXPPS.EXE
656 C:\WINDOWS\system32\spoolsv.exe
1472 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1492 C:\Program Files\Bonjour\mDNSResponder.exe
1856 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
572 C:\Program Files\Spyware Terminator\sp_rsser.exe
1176 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
1252 C:\WINDOWS\system32\svchost.exe
1232 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2916 alg.exe
3440 C:\WINDOWS\system32\svchost.exe
3176 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c459d800 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F


Done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users