Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possivle virus - system going kaput...


  • This topic is locked This topic is locked
62 replies to this topic

#1 jchico

jchico

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 21 August 2010 - 07:10 PM

Hi - opened a topic a few weeks ago on the networking forum as I had some wireless issues...well, seems like things have just been getting worse and worse. I've not been able to figure out the network problem and now system takes 10+ minutes to shut down and Online Armor is blocking tons of exe files which worries me. Hope someone can help - here is dds log and file attach:

DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 20:02:38.67 on Sat 08/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.220 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Documents and Settings\James\My Documents\dds.scr
C:\Documents and Settings\James\My Documents\dds.scr
C:\Documents and Settings\James\My Documents\dds.scr
C:\Program Files\Skype\Plugin Manager\skypePM.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248306348546
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-26 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-26 243024]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-7-23 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-7-23 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-7-23 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 68168]
S3 EraserUtilDrv10733;EraserUtilDrv10733;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10733.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10733.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-26 18560]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-29 00:49:28 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 00:13:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 00:13:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 00:12:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-07-23 00:21:16 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072220090723\index.dat

============= FINISH: 20:05:34.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 27 August 2010 - 08:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 28 August 2010 - 08:10 AM

Hello M0le...I am here / subscribed to topic. Thank you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 28 August 2010 - 08:40 AM

Please run these two rootkit finders

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


And
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 28 August 2010 - 08:58 AM

Thks-im on the road til this evening. Will run later and reply. Thks again.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 28 August 2010 - 06:14 PM

thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#7 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 28 August 2010 - 08:23 PM

OK...Here are the results.... Thanks

MBR:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A3D000 \WINDOWS\system32\KDCOM.DLL
0xF794D000 \WINDOWS\system32\BOOTVID.dll
0xF740E000 ACPI.sys
0xF7A3F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73FD000 pci.sys
0xF753D000 isapnp.sys
0xF7951000 compbatt.sys
0xF7955000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B05000 pciide.sys
0xF77BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF754D000 MountMgr.sys
0xF73DE000 ftdisk.sys
0xF73B8000 dmio.sys
0xF77C5000 PartMgr.sys
0xF755D000 VolSnap.sys
0xF73A0000 atapi.sys
0xF756D000 disk.sys
0xF757D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7380000 fltmgr.sys
0xF736E000 sr.sys
0xF7359000 drvmcdb.sys
0xF7342000 KSecDD.sys
0xF72B5000 Ntfs.sys
0xF7288000 NDIS.sys
0xF758D000 ohci1394.sys
0xF759D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF726E000 Mup.sys
0xF75BD000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF778D000 \SystemRoot\system32\DRIVERS\intelppm.sys




TDSSKILLER:

2010/08/28 21:18:49.0563 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/28 21:18:49.0563 ================================================================================
2010/08/28 21:18:49.0563 SystemInfo:
2010/08/28 21:18:49.0563
2010/08/28 21:18:49.0563 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/28 21:18:49.0563 Product type: Workstation
2010/08/28 21:18:49.0563 ComputerName: JDML
2010/08/28 21:18:49.0563 UserName: James
2010/08/28 21:18:49.0563 Windows directory: C:\WINDOWS
2010/08/28 21:18:49.0563 System windows directory: C:\WINDOWS
2010/08/28 21:18:49.0563 Processor architecture: Intel x86
2010/08/28 21:18:49.0563 Number of processors: 2
2010/08/28 21:18:49.0563 Page size: 0x1000
2010/08/28 21:18:49.0563 Boot type: Normal boot
2010/08/28 21:18:49.0563 ================================================================================
2010/08/28 21:18:50.0094 Initialize success
2010/08/28 21:18:53.0781 ================================================================================
2010/08/28 21:18:53.0781 Scan started
2010/08/28 21:18:53.0781 Mode: Manual;
2010/08/28 21:18:53.0781 ================================================================================
2010/08/28 21:18:55.0375 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/28 21:18:55.0453 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/28 21:18:55.0516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/28 21:18:55.0563 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/28 21:18:55.0641 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/28 21:18:55.0766 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/28 21:18:55.0922 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/28 21:18:55.0969 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/28 21:18:56.0063 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/28 21:18:56.0172 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/28 21:18:56.0188 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/28 21:18:56.0219 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/28 21:18:56.0250 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/28 21:18:56.0281 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/28 21:18:56.0297 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/28 21:18:56.0359 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/08/28 21:18:56.0406 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/28 21:18:56.0422 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/28 21:18:56.0438 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/28 21:18:56.0500 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/28 21:18:56.0547 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/28 21:18:56.0594 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/28 21:18:56.0672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/28 21:18:56.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/28 21:18:56.0859 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/28 21:18:56.0922 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/28 21:18:57.0047 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/28 21:18:57.0141 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/28 21:18:57.0156 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/08/28 21:18:57.0188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/28 21:18:57.0500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/28 21:18:57.0563 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/28 21:18:57.0625 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/28 21:18:57.0719 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/28 21:18:57.0781 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/28 21:18:57.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/28 21:18:57.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/28 21:18:57.0906 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/28 21:18:57.0953 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/28 21:18:57.0969 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/28 21:18:58.0000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/28 21:18:58.0109 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/28 21:18:58.0156 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/28 21:18:58.0266 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/28 21:18:58.0391 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/28 21:18:58.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/28 21:18:58.0594 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/28 21:18:58.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/28 21:18:58.0719 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/28 21:18:58.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/28 21:18:58.0844 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/28 21:18:58.0953 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/28 21:18:59.0109 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/08/28 21:18:59.0188 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/08/28 21:18:59.0234 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/28 21:18:59.0391 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/28 21:18:59.0547 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/28 21:18:59.0672 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/28 21:18:59.0781 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/28 21:18:59.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/28 21:19:00.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/28 21:19:00.0156 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/08/28 21:19:00.0297 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/28 21:19:00.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/28 21:19:00.0469 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/28 21:19:00.0609 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/28 21:19:00.0672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/28 21:19:00.0797 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/28 21:19:00.0828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/28 21:19:00.0891 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/08/28 21:19:00.0953 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/08/28 21:19:01.0094 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/28 21:19:01.0188 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/28 21:19:01.0328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/28 21:19:01.0375 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/28 21:19:01.0484 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/28 21:19:01.0688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/28 21:19:01.0797 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/28 21:19:01.0906 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/28 21:19:01.0953 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/28 21:19:02.0031 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/28 21:19:02.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/28 21:19:02.0172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/28 21:19:02.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/28 21:19:02.0266 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/28 21:19:02.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/28 21:19:02.0391 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/28 21:19:02.0453 JL2005C (b12f5ff3a2221987ac3a81ce1fe76cc6) C:\WINDOWS\system32\Drivers\jl2005c.sys
2010/08/28 21:19:02.0641 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/28 21:19:02.0750 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/28 21:19:02.0859 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/28 21:19:02.0984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/28 21:19:03.0109 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/08/28 21:19:03.0219 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/28 21:19:03.0297 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/28 21:19:03.0547 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/28 21:19:03.0781 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/28 21:19:03.0844 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/28 21:19:03.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/28 21:19:04.0094 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/28 21:19:04.0172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/28 21:19:04.0266 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/28 21:19:04.0344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/28 21:19:04.0391 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/28 21:19:04.0469 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/28 21:19:04.0578 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/28 21:19:04.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/28 21:19:04.0719 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/28 21:19:04.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/28 21:19:04.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/28 21:19:05.0047 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/28 21:19:05.0094 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/28 21:19:05.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/28 21:19:05.0234 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/28 21:19:05.0297 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/28 21:19:05.0344 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/28 21:19:05.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/28 21:19:05.0438 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/28 21:19:05.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/28 21:19:05.0609 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/28 21:19:05.0688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/28 21:19:05.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/28 21:19:05.0875 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/28 21:19:05.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/28 21:19:06.0016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/28 21:19:06.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/28 21:19:06.0188 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/28 21:19:06.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/28 21:19:06.0609 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/28 21:19:06.0750 OADevice (477030e70f8eb2a6fdac1c4d8e4f98ca) C:\WINDOWS\system32\drivers\OADriver.sys
2010/08/28 21:19:06.0938 OAmon (6a976a0472a03c96afb5c8bd3fb996fc) C:\WINDOWS\system32\drivers\OAmon.sys
2010/08/28 21:19:07.0016 OAnet (ac36ff4faa60258fcc6ba6476c2fed82) C:\WINDOWS\system32\drivers\OAnet.sys
2010/08/28 21:19:07.0109 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/28 21:19:07.0188 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/08/28 21:19:07.0266 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/28 21:19:07.0297 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/28 21:19:07.0344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/28 21:19:07.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/28 21:19:07.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/28 21:19:07.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/28 21:19:07.0609 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/28 21:19:07.0719 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/28 21:19:07.0969 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/28 21:19:08.0016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/28 21:19:08.0109 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/28 21:19:08.0141 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/28 21:19:08.0172 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/28 21:19:08.0188 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/28 21:19:08.0281 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/28 21:19:08.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/28 21:19:08.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/28 21:19:08.0422 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/28 21:19:08.0438 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/28 21:19:08.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/28 21:19:08.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/28 21:19:08.0609 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/28 21:19:08.0672 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/28 21:19:08.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/28 21:19:08.0828 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/28 21:19:08.0875 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/28 21:19:08.0953 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/28 21:19:09.0203 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/28 21:19:09.0266 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/08/28 21:19:09.0328 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/08/28 21:19:09.0516 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/28 21:19:09.0594 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2010/08/28 21:19:09.0703 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/28 21:19:09.0734 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/28 21:19:09.0766 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/28 21:19:09.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/28 21:19:09.0953 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/28 21:19:10.0000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/28 21:19:10.0078 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/08/28 21:19:10.0219 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/28 21:19:10.0266 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/28 21:19:10.0391 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/28 21:19:10.0469 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/28 21:19:10.0578 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/28 21:19:10.0656 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/28 21:19:10.0813 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/28 21:19:11.0219 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/28 21:19:11.0359 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/28 21:19:11.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/28 21:19:11.0578 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/28 21:19:11.0656 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/28 21:19:11.0734 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/28 21:19:11.0922 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/28 21:19:12.0016 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/28 21:19:12.0063 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/28 21:19:12.0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/28 21:19:12.0234 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/28 21:19:12.0266 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/28 21:19:12.0313 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/28 21:19:12.0375 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/28 21:19:12.0406 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/28 21:19:12.0438 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/28 21:19:12.0469 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/28 21:19:12.0641 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/28 21:19:12.0750 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/28 21:19:12.0859 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/28 21:19:12.0922 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/28 21:19:13.0063 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/28 21:19:13.0125 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/28 21:19:13.0188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/28 21:19:13.0219 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/28 21:19:13.0375 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/28 21:19:13.0625 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/28 21:19:13.0750 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/28 21:19:13.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/28 21:19:14.0016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/28 21:19:14.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/28 21:19:14.0188 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/28 21:19:14.0219 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/28 21:19:14.0266 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/28 21:19:14.0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/28 21:19:14.0375 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/28 21:19:14.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/28 21:19:14.0516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/28 21:19:14.0563 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/28 21:19:14.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/28 21:19:15.0031 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/28 21:19:15.0141 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/28 21:19:15.0203 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/28 21:19:15.0250 ================================================================================
2010/08/28 21:19:15.0250 Scan finished
2010/08/28 21:19:15.0250 ================================================================================


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 29 August 2010 - 04:38 AM

The TDSSKiller log shows nothing but the MBRCheck log was not complete.

Please run the program again and make sure you copy and paste the entire report. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 29 August 2010 - 09:44 AM

Ooops! One thing...I am not able to run this from Admin as I hv no idea what hte passwprd os (we've had the pc for almost 5 years). Anyway, mbr did pick up something and here is the whole log. Thanks in advance.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A3D000 \WINDOWS\system32\KDCOM.DLL
0xF794D000 \WINDOWS\system32\BOOTVID.dll
0xF740E000 ACPI.sys
0xF7A3F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73FD000 pci.sys
0xF753D000 isapnp.sys
0xF7951000 compbatt.sys
0xF7955000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B05000 pciide.sys
0xF77BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF754D000 MountMgr.sys
0xF73DE000 ftdisk.sys
0xF73B8000 dmio.sys
0xF77C5000 PartMgr.sys
0xF755D000 VolSnap.sys
0xF73A0000 atapi.sys
0xF756D000 disk.sys
0xF757D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7380000 fltmgr.sys
0xF736E000 sr.sys
0xF7359000 drvmcdb.sys
0xF7342000 KSecDD.sys
0xF72B5000 Ntfs.sys
0xF7288000 NDIS.sys
0xF758D000 ohci1394.sys
0xF759D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF726E000 Mup.sys
0xF75BD000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6386000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A35000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6238000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6224000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF61FC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6194000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7905000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6170000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF790D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76FD000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF615C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7915000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF764D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF6110000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF765D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF60E1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A69000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF791D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7925000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF766D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A6B000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF767D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF768D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF60BE000 \SystemRoot\system32\DRIVERS\ks.sys
0xF769D000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B52000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF770D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF723A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF60A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF771D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF772D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7935000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7945000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6077000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF773D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A75000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6019000 \SystemRoot\system32\DRIVERS\update.sys
0xF6A1A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77D5000 \SystemRoot\system32\DRIVERS\omci.sys
0xF774D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA57D000 \SystemRoot\system32\drivers\sthda.sys
0xAA559000 \SystemRoot\system32\drivers\portcls.sys
0xF777D000 \SystemRoot\system32\drivers\drmk.sys
0xAA527000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA42A000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA37A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77F5000 \SystemRoot\System32\Drivers\Modem.SYS
0xF778D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A09000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A89000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B1E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A8B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7805000 \SystemRoot\system32\drivers\ssrtln.sys
0xF780D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7815000 \SystemRoot\System32\drivers\vga.sys
0xF7A8D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A8F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF781D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7825000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A15000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF779D000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAA2F7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF77AD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAA29E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF782D000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xAA278000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA23E000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF75CD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF75DD000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9A02000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7A31000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA99E0000 \SystemRoot\System32\drivers\afd.sys
0xF760D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA991E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7845000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA98F3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9895000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xA9825000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF762D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7855000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA97F1000 \SystemRoot\System32\Drivers\avgldx86.sys
0xAA356000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF63B6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA97B1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AED000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6011000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78D5000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B9B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF75FD000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C0C000 \SystemRoot\system32\dla\tfsndres.sys
0xA965B000 \SystemRoot\system32\dla\tfsnifs.sys
0xA9789000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B03000 \SystemRoot\system32\dla\tfsnpool.sys
0xF77ED000 \SystemRoot\system32\dla\tfsnboio.sys
0xF6416000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7C0D000 \SystemRoot\system32\dla\tfsndrct.sys
0xA9642000 \SystemRoot\system32\dla\tfsnudf.sys
0xA9629000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA9699000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA909C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9521000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8F29000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AA5000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA8EC0000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8D51000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8DB4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7AC7000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xA820E000 \SystemRoot\system32\drivers\kmixer.sys
0xF7A73000 \SystemRoot\system32\drivers\splitter.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
496 C:\WINDOWS\system32\smss.exe
556 csrss.exe
580 C:\WINDOWS\system32\winlogon.exe
624 C:\WINDOWS\system32\services.exe
656 C:\WINDOWS\system32\savedump.exe
664 C:\WINDOWS\system32\lsass.exe
844 C:\WINDOWS\system32\svchost.exe
892 svchost.exe
984 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1132 svchost.exe
1252 C:\WINDOWS\system32\WLTRYSVC.EXE
1276 C:\WINDOWS\system32\BCMWLTRY.EXE
1284 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1320 C:\Program Files\AVG\AVG9\avgchsvx.exe
1328 C:\Program Files\AVG\AVG9\avgrsx.exe
1440 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1964 C:\WINDOWS\explorer.exe
392 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1636 C:\WINDOWS\system32\spoolsv.exe
188 svchost.exe
428 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
560 C:\Program Files\AVG\AVG9\avgwdsvc.exe
784 C:\Program Files\Bonjour\mDNSResponder.exe
1652 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2120 C:\Program Files\Java\jre6\bin\jqs.exe
2268 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
2340 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2576 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
2692 svchost.exe
2748 C:\WINDOWS\system32\svchost.exe
3000 C:\Program Files\AVG\AVG9\avgemc.exe
3396 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3632 C:\Program Files\Canon\CAL\CALMAIN.exe
3684 C:\WINDOWS\system32\wuauclt.exe
4076 wmiprvse.exe
2544 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2616 alg.exe
3252 C:\WINDOWS\ehome\ehtray.exe
3456 C:\Program Files\Dell\QuickSet\quickset.exe
4092 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
516 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
1188 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2084 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
3180 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2096 C:\Program Files\Logitech\QuickCam\Quickcam.exe
2864 C:\Program Files\iTunes\iTunesHelper.exe
3036 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3288 C:\WINDOWS\system32\dlcccoms.exe
3420 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3324 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3244 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2476 wmiprvse.exe
1104 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3464 C:\WINDOWS\system32\svchost.exe
1764 C:\WINDOWS\system32\ctfmon.exe
2612 C:\Program Files\DellSupport\DSAgnt.exe
1848 C:\Program Files\Skype\Phone\Skype.exe
3692 C:\Program Files\iPod\bin\iPodService.exe
1844 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3020 C:\Program Files\AVG\AVG9\avgupd.exe
2156 C:\Documents and Settings\James\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 00850028

Size Device Name MBR Status
--------------------------------------------
54 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 29 August 2010 - 12:51 PM

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you [b]"Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#11 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 29 August 2010 - 02:27 PM

Thks M0le. Appreciate your continued guidance. New MBR log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A3D000 \WINDOWS\system32\KDCOM.DLL
0xF794D000 \WINDOWS\system32\BOOTVID.dll
0xF740E000 ACPI.sys
0xF7A3F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73FD000 pci.sys
0xF753D000 isapnp.sys
0xF7951000 compbatt.sys
0xF7955000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B05000 pciide.sys
0xF77BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF754D000 MountMgr.sys
0xF73DE000 ftdisk.sys
0xF73B8000 dmio.sys
0xF77C5000 PartMgr.sys
0xF755D000 VolSnap.sys
0xF73A0000 atapi.sys
0xF756D000 disk.sys
0xF757D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7380000 fltmgr.sys
0xF736E000 sr.sys
0xF7359000 drvmcdb.sys
0xF7342000 KSecDD.sys
0xF72B5000 Ntfs.sys
0xF7288000 NDIS.sys
0xF758D000 ohci1394.sys
0xF759D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF726E000 Mup.sys
0xF75BD000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF767D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A25000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF621E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF620A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF61E2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF617A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF791D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6156000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7925000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF768D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6142000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF792D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF769D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF60F6000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF60C7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A5D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7935000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF793D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A5F000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF63FC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF63EC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF60A4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF63DC000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B97000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF637C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A39000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF608D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF636C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7945000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF77D5000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77ED000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF605D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A61000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5FFF000 \SystemRoot\system32\DRIVERS\update.sys
0xF7236000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77F5000 \SystemRoot\system32\DRIVERS\omci.sys
0xF76ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA3B4000 \SystemRoot\system32\drivers\sthda.sys
0xAA390000 \SystemRoot\system32\drivers\portcls.sys
0xF771D000 \SystemRoot\system32\drivers\drmk.sys
0xAA35E000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA261000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA1B1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77FD000 \SystemRoot\System32\Drivers\Modem.SYS
0xF772D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79F5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A6F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BB0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A71000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7815000 \SystemRoot\system32\drivers\ssrtln.sys
0xF781D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF782D000 \SystemRoot\System32\drivers\vga.sys
0xF7A73000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A75000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF783D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7845000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A05000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF774D000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAA115000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF775D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAA0BC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF784D000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xAA096000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA05C000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF776D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9F62000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7A1D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA9F40000 \SystemRoot\System32\drivers\afd.sys
0xF779D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9F1E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF785D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA9EF3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9EAE000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xA9E3E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75CD000 \SystemRoot\System32\Drivers\Fips.SYS
0xF75DD000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7865000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA9DE2000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF5EA0000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF75FD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9DCA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A7D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA1A5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7885000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BDF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA00A000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C06000 \SystemRoot\system32\dla\tfsndres.sys
0xA9C74000 \SystemRoot\system32\dla\tfsnifs.sys
0xA9DAA000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7A8D000 \SystemRoot\system32\dla\tfsnpool.sys
0xF789D000 \SystemRoot\system32\dla\tfsnboio.sys
0xA9FFA000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7C07000 \SystemRoot\system32\dla\tfsndrct.sys
0xA9C5B000 \SystemRoot\system32\dla\tfsnudf.sys
0xA9C42000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA9CBA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA978D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A8F000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA96DB000 \SystemRoot\System32\Drivers\HTTP.sys
0xA956C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA960B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8FB7000 \SystemRoot\system32\drivers\wdmaud.sys
0xA90F4000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A51000 \SystemRoot\system32\drivers\splitter.sys
0xA8EA1000 \SystemRoot\system32\drivers\kmixer.sys
0xF7AFD000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
496 C:\WINDOWS\system32\smss.exe
556 csrss.exe
580 C:\WINDOWS\system32\winlogon.exe
624 C:\WINDOWS\system32\services.exe
636 C:\WINDOWS\system32\lsass.exe
824 C:\WINDOWS\system32\svchost.exe
872 svchost.exe
964 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1112 svchost.exe
1208 C:\WINDOWS\system32\WLTRYSVC.EXE
1232 C:\WINDOWS\system32\BCMWLTRY.EXE
1248 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1296 C:\Program Files\AVG\AVG9\avgchsvx.exe
1304 C:\Program Files\AVG\AVG9\avgrsx.exe
1416 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1836 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
548 C:\WINDOWS\system32\spoolsv.exe
1160 svchost.exe
1376 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
764 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1776 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
704 C:\Program Files\Java\jre6\bin\jqs.exe
1028 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
1608 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2104 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
2336 svchost.exe
2388 C:\WINDOWS\system32\svchost.exe
2560 C:\Program Files\AVG\AVG9\avgemc.exe
3096 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3216 C:\Program Files\Canon\CAL\CALMAIN.exe
3304 C:\WINDOWS\system32\wuauclt.exe
3584 wmiprvse.exe
956 alg.exe
2636 C:\WINDOWS\explorer.exe
3100 wmiprvse.exe
3240 C:\WINDOWS\ehome\ehtray.exe
3900 C:\Program Files\Dell\QuickSet\quickset.exe
3988 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4056 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
4088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
1692 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
2332 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2436 C:\WINDOWS\system32\dlcccoms.exe
2880 C:\Program Files\Logitech\QuickCam\Quickcam.exe
3376 C:\Program Files\iTunes\iTunesHelper.exe
2868 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3856 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
4000 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2756 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2976 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3192 C:\WINDOWS\system32\svchost.exe
1272 C:\WINDOWS\system32\ctfmon.exe
4036 C:\Program Files\DellSupport\DSAgnt.exe
2220 C:\Program Files\Skype\Phone\Skype.exe
3052 C:\Program Files\iPod\bin\iPodService.exe
1952 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2860 C:\Documents and Settings\James\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 00850028

Size Device Name MBR Status
--------------------------------------------
54 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 29 August 2010 - 02:52 PM

Locate your XP disk. If you can't find it then follow the instructions to burn one below.

Please download the Recovery Console Bootable CD iso
Unzip the file and user your favourite burning application to burn the iso to a CD. Note, this is not the same as just burning the iso file on a CD.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.


    When you have the disk do the following:
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Once in Recovery Console, please type fixmbr and hit enter.

Type exit to exit and restart your PC.


Please rerun MBRCheck and post the log.

Edited by m0le, 29 August 2010 - 02:53 PM.

Posted Image
m0le is a proud member of UNITE

#13 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 29 August 2010 - 03:23 PM

OK...here is the new log:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A3D000 \WINDOWS\system32\KDCOM.DLL
0xF794D000 \WINDOWS\system32\BOOTVID.dll
0xF740E000 ACPI.sys
0xF7A3F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73FD000 pci.sys
0xF753D000 isapnp.sys
0xF7951000 compbatt.sys
0xF7955000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B05000 pciide.sys
0xF77BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF754D000 MountMgr.sys
0xF73DE000 ftdisk.sys
0xF73B8000 dmio.sys
0xF77C5000 PartMgr.sys
0xF755D000 VolSnap.sys
0xF73A0000 atapi.sys
0xF756D000 disk.sys
0xF757D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7380000 fltmgr.sys
0xF736E000 sr.sys
0xF7359000 drvmcdb.sys
0xF7342000 KSecDD.sys
0xF72B5000 Ntfs.sys
0xF7288000 NDIS.sys
0xF758D000 ohci1394.sys
0xF759D000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF726E000 Mup.sys
0xF75ED000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF767D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A2D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6732000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF671E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF66F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF668E000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF790D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF666A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7915000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF768D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6656000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF791D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF769D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF660A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF65DB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A59000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7925000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF792D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A5B000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76DD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF65B8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF76ED000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B80000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF774D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7246000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65A1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF775D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF776D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7935000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7945000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6571000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF777D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A5D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6513000 \SystemRoot\system32\DRIVERS\update.sys
0xF722E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77D5000 \SystemRoot\system32\DRIVERS\omci.sys
0xF778D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA1C8000 \SystemRoot\system32\drivers\sthda.sys
0xAA1A4000 \SystemRoot\system32\drivers\portcls.sys
0xF75BD000 \SystemRoot\system32\drivers\drmk.sys
0xAA172000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA075000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA9FC5000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77F5000 \SystemRoot\System32\Drivers\Modem.SYS
0xF69DB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79FD000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A69000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A6B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77FD000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7805000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF780D000 \SystemRoot\System32\drivers\vga.sys
0xF7A6D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A6F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7815000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF781D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A09000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF69CB000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xA9F42000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF69BB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xA9EE9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7825000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xA9EC3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9E89000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF69AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF699B000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9B34000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7A29000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA9B12000 \SystemRoot\System32\drivers\afd.sys
0xF697B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9A50000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF783D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA9A25000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA99E0000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xA9970000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF695B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7855000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA993C000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF6507000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF760D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA98FC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A77000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9FBD000 \SystemRoot\System32\drivers\Dxapi.sys
0xF786D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BB5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9AE2000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7BE4000 \SystemRoot\system32\dla\tfsndres.sys
0xA97A6000 \SystemRoot\system32\dla\tfsnifs.sys
0xA98E0000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7A83000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7885000 \SystemRoot\system32\dla\tfsnboio.sys
0xA9AD2000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7BE5000 \SystemRoot\system32\dla\tfsndrct.sys
0xA978D000 \SystemRoot\system32\dla\tfsnudf.sys
0xA9774000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA97EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA920F000 \SystemRoot\system32\drivers\wdmaud.sys
0xA93AC000 \SystemRoot\system32\drivers\sysaudio.sys
0xA909C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA8F6B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8E9C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9078000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7AF1000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xA8331000 \SystemRoot\system32\drivers\kmixer.sys
0xF7A7F000 \SystemRoot\system32\drivers\splitter.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
496 C:\WINDOWS\system32\smss.exe
556 csrss.exe
584 C:\WINDOWS\system32\winlogon.exe
628 C:\WINDOWS\system32\services.exe
640 C:\WINDOWS\system32\lsass.exe
828 C:\WINDOWS\system32\svchost.exe
880 svchost.exe
972 C:\WINDOWS\system32\svchost.exe
1036 svchost.exe
1116 svchost.exe
1220 C:\WINDOWS\system32\WLTRYSVC.EXE
1256 C:\WINDOWS\system32\BCMWLTRY.EXE
1268 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1300 C:\Program Files\AVG\AVG9\avgchsvx.exe
1308 C:\Program Files\AVG\AVG9\avgrsx.exe
1412 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1992 C:\WINDOWS\explorer.exe
180 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1204 C:\WINDOWS\system32\spoolsv.exe
384 svchost.exe
512 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
936 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1060 C:\Program Files\Bonjour\mDNSResponder.exe
1904 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2140 C:\Program Files\Java\jre6\bin\jqs.exe
2244 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
2324 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2536 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
2672 svchost.exe
2740 C:\WINDOWS\system32\svchost.exe
2908 C:\Program Files\AVG\AVG9\avgemc.exe
3188 C:\WINDOWS\system32\wuauclt.exe
3288 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3772 C:\Program Files\Canon\CAL\CALMAIN.exe
4080 wmiprvse.exe
2180 alg.exe
2360 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2604 C:\WINDOWS\ehome\ehtray.exe
3208 C:\Program Files\Dell\QuickSet\quickset.exe
3396 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3628 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
3736 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
3588 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
920 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
1096 C:\WINDOWS\system32\dlcccoms.exe
1960 C:\Program Files\Logitech\QuickCam\Quickcam.exe
2568 C:\Program Files\iTunes\iTunesHelper.exe
2708 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3132 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2940 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3600 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2132 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3908 wmiprvse.exe
3212 C:\WINDOWS\system32\ctfmon.exe
1372 C:\WINDOWS\system32\svchost.exe
3776 C:\Program Files\DellSupport\DSAgnt.exe
2392 C:\Program Files\Skype\Phone\Skype.exe
4084 C:\Program Files\iPod\bin\iPodService.exe
3920 C:\Program Files\Skype\Plugin Manager\skypePM.exe
1764 C:\Documents and Settings\James\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 00850028

Size Device Name MBR Status
--------------------------------------------
54 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:01 AM

Posted 29 August 2010 - 04:34 PM

That's better. Now please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#15 jchico

jchico
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 29 August 2010 - 07:41 PM

M0le -

Here is the combofix log / attached.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users