Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool - Explorer.exe fails to start


  • This topic is locked This topic is locked
94 replies to this topic

#1 Arnhem

Arnhem

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 16 September 2010 - 03:54 PM

Hello, recently i got Security Tool on my computer, at first i couldn't do so much as to click on anything, it would display crazy messages and all sorts of non-sense, then after rebooting the background, desktop icons, taskbar and basically anything associated with explorer.exe was gone, windows says that explorer.exe fails to start on every log on.

Running Vista Ultimate 64bit

Thank you for your help.

edit: ohh excuse me, i forgot to add ark.txt, i'm running it now.
edit2: all good.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Arnhem at 22:46:10.53 on Thu 16/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaāā€˛¢ Ultimate 6.0.6001.1.1252.61.1033.18.6138.4742 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Arnhem\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast

access\FAIESSO.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
uRunOnce: [77326992] "c:\users\arnhem\appdata\local\77326992.exe" 0 45
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [FAStartup]
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Net iD] "c:\program files (x86)\net id\iid.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe"

/runcleanupscript
StartupFolder: c:\users\arnhem\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program

files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~2\java\jre16~1.0_0

\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
EB-X64: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [(Default)]
mRun-x64: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\arnhem\appdata\roaming\mozilla\firefox\profiles\x8ewwynv.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - prefs.js: network.proxy.ftp - tasm-prox1.secure.edu
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - tasm-prox1.secure.edu
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - tasm-prox1.secure.edu
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - tasm-prox1.secure.edu
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - tasm-prox1.secure.edu
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\arnhem\appdata\roaming\mozilla\firefox\profiles\x8ewwynv.default\extensions\{3b56bcc7-54e5-

44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npiidplg.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",

false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual",

"http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_77d0b692

\AESTSr64.exe [2009-1-25 86016]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2008-9-5 2340096]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-5-6

1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-1-25 36392]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-2-26 56832]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-1-25 59392]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-1-25

239104]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32

\drivers\NETw5v64.sys [2009-1-25 4736512]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-1-25 168864]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-1-25 315840]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64k.sys [2007-5-23 36744]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64

\v2.0.50727\mscorsvw.exe [2009-6-16 93184]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 243840]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2009-7-29 13816]
S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-5-2 23552]
S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-5-2 18432]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\drivers\NW1950.sys [2009-7-29 24568]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-12-25 32377]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-2-4 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-2-4 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-2-4 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32

\drivers\s1018mgmt.sys [2010-2-4 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-2-4

34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-2-4

128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-2-4

146472]

=============== Created Last 30 ================

2010-09-16 20:45:45 0 ----a-w- c:\users\arnhem\defogger_reenable
2010-09-07 11:23:06 0 d-----w- C:\VundoFix Backups
2010-09-06 16:36:37 0 d-----w- c:\users\arnhem\appdata\roaming\Malwarebytes
2010-09-06 16:36:23 0 d-----w- c:\programdata\Malwarebytes
2010-09-06 16:36:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 16:36:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-06 16:24:34 1932646 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-06 16:24:06 42968 ----a-w- c:\windows\system32\drivers\pctNdis-DNS64.sys
2010-09-06 16:24:06 177904 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2010-09-06 16:24:06 107864 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2010-09-06 16:23:50 0 d---a-w- c:\programdata\TEMP
2010-09-06 16:19:28 0 d-----w- c:\programdata\PC Tools
2010-09-05 21:51:45 0 d-sh--w- c:\users\arnhem\.COMMgr

==================== Find3M ====================

2010-08-11 17:26:03 86016 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 17:26:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-11 17:26:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 17:25:26 70671 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2009-01-25 14:31:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-24 23:13:52 74 --sha-r- c:\windows\CT4CET.bin
2006-05-03 09:06:54 163328 --sh--r- c:\windows\syswow64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\syswow64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\syswow64\nbDX.dll
2009-06-01 03:35:02 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-06-01 03:35:02 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-06-01 03:35:02 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-01-25 14:09:12 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:47:26.49 ===============

Attached Files


Edited by Arnhem, 16 September 2010 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 25 September 2010 - 06:30 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 25 September 2010 - 12:03 PM

I welcome you with open arms.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 25 September 2010 - 12:15 PM

Please run these tools to make sure that Security Tool doesn't have any rootkit friends.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


And
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 25 September 2010 - 12:24 PM

2010/09/25 19:20:08.0168 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/25 19:20:08.0168 ================================================================================
2010/09/25 19:20:08.0168 SystemInfo:
2010/09/25 19:20:08.0168
2010/09/25 19:20:08.0168 OS Version: 6.0.6001 ServicePack: 1.0
2010/09/25 19:20:08.0168 Product type: Workstation
2010/09/25 19:20:08.0168 ComputerName: THEBEAST
2010/09/25 19:20:08.0168 UserName: Arnhem
2010/09/25 19:20:08.0168 Windows directory: C:\Windows
2010/09/25 19:20:08.0168 System windows directory: C:\Windows
2010/09/25 19:20:08.0168 Running under WOW64
2010/09/25 19:20:08.0168 Processor architecture: Intel x64
2010/09/25 19:20:08.0168 Number of processors: 2
2010/09/25 19:20:08.0168 Page size: 0x1000
2010/09/25 19:20:08.0168 Boot type: Normal boot
2010/09/25 19:20:08.0168 ================================================================================
2010/09/25 19:20:08.0169 Utility is running under WOW64
2010/09/25 19:20:08.0501 Initialize success
2010/09/25 19:20:21.0019 ================================================================================
2010/09/25 19:20:21.0019 Scan started
2010/09/25 19:20:21.0019 Mode: Manual;
2010/09/25 19:20:21.0019 ================================================================================
2010/09/25 19:20:22.0424 ACPI (375243251c24028da6c9761645b43f21) C:\Windows\system32\drivers\acpi.sys
2010/09/25 19:20:22.0522 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/09/25 19:20:22.0594 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/09/25 19:20:22.0642 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/09/25 19:20:22.0775 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/09/25 19:20:22.0865 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2010/09/25 19:20:22.0946 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/09/25 19:20:23.0005 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/09/25 19:20:23.0061 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2010/09/25 19:20:23.0093 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/09/25 19:20:23.0127 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/09/25 19:20:23.0199 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/09/25 19:20:23.0305 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/09/25 19:20:23.0359 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/25 19:20:23.0385 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
2010/09/25 19:20:23.0602 atikmdag (0adc170bcac8260539df29032a2e9d8d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/25 19:20:23.0858 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/09/25 19:20:23.0964 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/25 19:20:24.0014 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/25 19:20:24.0049 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/09/25 19:20:24.0103 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/09/25 19:20:24.0148 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/09/25 19:20:24.0341 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/25 19:20:24.0384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/09/25 19:20:24.0466 BthEnum (cb1b6917fcbc2334cc056b463593bc2f) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/25 19:20:24.0519 BTHMODEM (752fc84a394ca712d51dd9bd53f58e73) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/25 19:20:24.0550 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/25 19:20:24.0616 BthPort (c75214a3ee44dd4136277e00f3654ddb) C:\Windows\system32\Drivers\BTHport.sys
2010/09/25 19:20:24.0673 BTHUSB (30dd845c31825ba22d578fdcdf4f1377) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/25 19:20:24.0758 btwaudio (319c67f7d157eaac519dcc5f29e929d0) C:\Windows\system32\drivers\btwaudio.sys
2010/09/25 19:20:24.0832 btwavdt (0b79273c8c2846d28aab936e7a2dbaad) C:\Windows\system32\drivers\btwavdt.sys
2010/09/25 19:20:24.0902 btwl2cap (fda1b5124e07003c3d0d279e5050485e) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/09/25 19:20:24.0940 btwrchid (47216d8b5f4042e6d0736bfa2e57b5df) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/25 19:20:24.0992 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/25 19:20:25.0028 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/25 19:20:25.0083 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/25 19:20:25.0224 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
2010/09/25 19:20:25.0289 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/25 19:20:25.0362 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/09/25 19:20:25.0420 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/25 19:20:25.0447 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/25 19:20:25.0573 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
2010/09/25 19:20:25.0698 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2010/09/25 19:20:25.0744 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2010/09/25 19:20:25.0804 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/09/25 19:20:26.0059 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/25 19:20:26.0567 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2010/09/25 19:20:26.0954 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/09/25 19:20:27.0013 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2010/09/25 19:20:27.0130 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/09/25 19:20:27.0203 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/09/25 19:20:27.0293 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/09/25 19:20:27.0622 EuMusDesignVirtualAudioCableWdm (77dfde417510ca254e47bf92d5dc5694) C:\Windows\system32\DRIVERS\vrtaucbl.sys
2010/09/25 19:20:27.0890 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2010/09/25 19:20:28.0151 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
2010/09/25 19:20:28.0263 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2010/09/25 19:20:28.0346 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/25 19:20:28.0373 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/09/25 19:20:28.0411 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/09/25 19:20:28.0566 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/25 19:20:28.0624 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2010/09/25 19:20:28.0658 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/25 19:20:28.0678 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/25 19:20:28.0707 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/25 19:20:28.0799 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/25 19:20:28.0872 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
2010/09/25 19:20:28.0920 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/09/25 19:20:28.0955 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/25 19:20:29.0019 HidBth (824fd154b9371e42adb67590bded5f6c) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/25 19:20:29.0082 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/25 19:20:29.0162 hidkmdf (d4bfba2eec009e26854fe61110ef509f) C:\Windows\system32\DRIVERS\hidkmdf.sys
2010/09/25 19:20:29.0244 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/25 19:20:29.0306 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/09/25 19:20:29.0376 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
2010/09/25 19:20:29.0618 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/09/25 19:20:29.0759 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/09/25 19:20:29.0804 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/25 19:20:30.0355 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/09/25 19:20:30.0495 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/09/25 19:20:30.0570 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/09/25 19:20:30.0641 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/25 19:20:30.0736 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/25 19:20:30.0804 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/25 19:20:30.0867 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/25 19:20:30.0916 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/09/25 19:20:30.0968 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/09/25 19:20:31.0021 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/25 19:20:31.0061 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/09/25 19:20:31.0230 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
2010/09/25 19:20:31.0418 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/09/25 19:20:31.0646 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/09/25 19:20:31.0865 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/25 19:20:31.0918 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/25 19:20:31.0959 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/25 19:20:31.0996 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/09/25 19:20:32.0201 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/25 19:20:32.0256 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/25 19:20:32.0321 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/25 19:20:32.0412 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/25 19:20:32.0467 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/09/25 19:20:32.0514 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/09/25 19:20:32.0583 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/09/25 19:20:32.0674 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/09/25 19:20:32.0710 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/25 19:20:32.0788 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/25 19:20:32.0842 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/25 19:20:32.0860 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/09/25 19:20:33.0079 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/09/25 19:20:33.0281 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/25 19:20:33.0381 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/25 19:20:33.0453 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2010/09/25 19:20:33.0481 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/25 19:20:33.0560 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/25 19:20:33.0586 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/25 19:20:33.0633 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2010/09/25 19:20:33.0750 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/09/25 19:20:33.0779 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/09/25 19:20:33.0875 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/09/25 19:20:33.0916 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/25 19:20:33.0971 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/25 19:20:34.0001 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/09/25 19:20:34.0043 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2010/09/25 19:20:34.0072 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/25 19:20:34.0129 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/09/25 19:20:34.0177 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2010/09/25 19:20:34.0287 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/25 19:20:34.0380 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
2010/09/25 19:20:34.0424 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/25 19:20:34.0451 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/25 19:20:34.0473 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/25 19:20:34.0505 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/09/25 19:20:34.0523 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/25 19:20:34.0556 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/25 19:20:35.0165 NETw5v64 (6d27b976934afc67f09a9553c2ce1309) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/09/25 19:20:35.0469 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/09/25 19:20:35.0744 nmwcdcx64 (216bdf8b1017bb52692c9ee3c1e50597) C:\Windows\system32\drivers\ccdcmbox64.sys
2010/09/25 19:20:35.0793 nmwcdx64 (c9773ef9cbf2877725a45f07396d5da6) C:\Windows\system32\drivers\ccdcmbx64.sys
2010/09/25 19:20:35.0815 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2010/09/25 19:20:35.0848 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/25 19:20:35.0956 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2010/09/25 19:20:36.0003 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/09/25 19:20:36.0088 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/09/25 19:20:36.0144 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/09/25 19:20:36.0195 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/09/25 19:20:36.0281 NW1950 (1a71763dd0df7ab7b435efa1dde710c6) C:\Windows\system32\DRIVERS\NW1950.sys
2010/09/25 19:20:36.0861 OA001Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2010/09/25 19:20:36.0902 OA001Vid (f39a394bdb20217db5d6d91d54e83bf5) C:\Windows\system32\DRIVERS\OA001Vid.sys
2010/09/25 19:20:36.0937 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/25 19:20:36.0982 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/09/25 19:20:37.0042 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2010/09/25 19:20:37.0066 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2010/09/25 19:20:37.0399 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/09/25 19:20:37.0540 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/09/25 19:20:37.0652 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/09/25 19:20:37.0825 Point64 (66da8138c5fb4d6e03c480a65089f019) C:\Windows\system32\DRIVERS\point64k.sys
2010/09/25 19:20:37.0891 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/25 19:20:37.0932 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/09/25 19:20:38.0054 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\Windows\system32\Drivers\PRODIGY.SYS
2010/09/25 19:20:38.0153 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/25 19:20:38.0341 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/09/25 19:20:38.0560 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/09/25 19:20:38.0648 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/25 19:20:39.0508 R300 (0adc170bcac8260539df29032a2e9d8d) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/25 19:20:40.0071 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/25 19:20:40.0235 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/25 19:20:40.0259 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/25 19:20:40.0296 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/25 19:20:40.0356 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/25 19:20:40.0386 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/25 19:20:40.0464 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/09/25 19:20:41.0343 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/25 19:20:41.0387 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2010/09/25 19:20:41.0490 RFCOMM (a5fd55b4ccd5307f71c2c246f56c4d4f) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/25 19:20:41.0674 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/09/25 19:20:41.0741 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/09/25 19:20:41.0761 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/09/25 19:20:41.0880 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/25 19:20:42.0029 s1018bus (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
2010/09/25 19:20:42.0091 s1018mdfl (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2010/09/25 19:20:42.0130 s1018mdm (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
2010/09/25 19:20:42.0180 s1018mgmt (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2010/09/25 19:20:42.0255 s1018nd5 (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
2010/09/25 19:20:42.0305 s1018obex (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
2010/09/25 19:20:42.0347 s1018unic (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
2010/09/25 19:20:42.0416 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/09/25 19:20:42.0582 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/25 19:20:42.0610 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/25 19:20:42.0694 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/09/25 19:20:42.0733 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/09/25 19:20:42.0795 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/09/25 19:20:42.0984 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/25 19:20:43.0048 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/25 19:20:43.0091 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/25 19:20:43.0135 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/09/25 19:20:43.0190 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/09/25 19:20:43.0275 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/09/25 19:20:43.0317 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2010/09/25 19:20:43.0470 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2010/09/25 19:20:43.0830 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
2010/09/25 19:20:44.0176 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/25 19:20:44.0219 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/25 19:20:44.0321 STHDA (3000130bf688878db2e76c6bb2d354c0) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/09/25 19:20:44.0358 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/25 19:20:44.0397 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/09/25 19:20:44.0441 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/09/25 19:20:44.0493 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/09/25 19:20:44.0575 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/25 19:20:44.0689 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys
2010/09/25 19:20:44.0755 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/25 19:20:44.0802 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/25 19:20:44.0866 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/09/25 19:20:44.0901 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/09/25 19:20:44.0977 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/25 19:20:45.0012 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/25 19:20:45.0149 Tpkd (35513b8b4f7a93b0616bcfc606b468bb) C:\Windows\system32\drivers\Tpkd.sys
2010/09/25 19:20:45.0232 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/25 19:20:45.0375 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/25 19:20:45.0431 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/25 19:20:45.0511 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/09/25 19:20:45.0577 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/25 19:20:45.0638 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/25 19:20:45.0720 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/09/25 19:20:45.0795 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/09/25 19:20:45.0850 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/09/25 19:20:45.0891 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/25 19:20:45.0955 upperdev (f49988fbf59413b974b1380d6f743ebc) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2010/09/25 19:20:46.0057 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
2010/09/25 19:20:46.0135 usbccgp (89842ce16285b73405284224cc386dcf) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/25 19:20:46.0198 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/09/25 19:20:46.0260 usbehci (07b738a1f57e4ec870406e74da5754af) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/25 19:20:46.0298 usbhub (b668e8e0ef2910f28baf550b04de57f2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/25 19:20:46.0345 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/09/25 19:20:46.0530 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/25 19:20:46.0597 usbser (5a8d98330f21e69d19459ed65847111d) C:\Windows\system32\DRIVERS\usbser.sys
2010/09/25 19:20:46.0661 UsbserFilt (0fe9e048fc762dcac087cb9ee1680079) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2010/09/25 19:20:46.0733 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/25 19:20:46.0763 usbuhci (e76f2b26a5917f555844c128954bb52b) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/25 19:20:46.0864 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/25 19:20:46.0933 VClone (c6e73e5a476e6b34c02590c16bf10d39) C:\Windows\system32\DRIVERS\VClone.sys
2010/09/25 19:20:46.0985 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/25 19:20:47.0002 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/09/25 19:20:47.0201 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/09/25 19:20:47.0230 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2010/09/25 19:20:47.0260 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2010/09/25 19:20:47.0290 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2010/09/25 19:20:47.0388 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/09/25 19:20:47.0590 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/09/25 19:20:47.0795 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/25 19:20:47.0842 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/25 19:20:48.0230 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/09/25 19:20:48.0607 Wdf01000 (dbb4397d703a755facb05486c449c507) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/25 19:20:49.0476 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/25 19:20:49.0562 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/25 19:20:49.0694 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/25 19:20:49.0814 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/25 19:20:49.0917 ================================================================================
2010/09/25 19:20:49.0917 Scan finished
2010/09/25 19:20:49.0917 ================================================================================

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 25 September 2010 - 04:24 PM

MBRCheck has found an MBR which may be infected.

Please do the following:

Run MBRCheck again

When prompted, Enter 'Y' and hit ENTER for more options
When you see: "Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit):"

Enter 0 to dump the MBR to the physical disk.

Name the dumped file as MBRarnhem.dat

Enter -1 to exit.

Please then locate the files and visit this site and follow the instructions for uploading the file.
Posted Image
m0le is a proud member of UNITE

#7 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 25 September 2010 - 09:31 PM

Done!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 26 September 2010 - 06:37 PM

Okay, we're going to replace the MBR here

1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
2. Press a key when you are prompted.
3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec.exe, and then press ENTER.
8. Type Bootrec.exe /FixMbr


Run MBRCheck afterwards and post the log

Edited by m0le, 26 September 2010 - 06:38 PM.

Posted Image
m0le is a proud member of UNITE

#9 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 27 September 2010 - 04:46 PM

There we go.

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 27 September 2010 - 04:52 PM

That failed so we'll try the MBRCheck fix

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#11 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 27 September 2010 - 05:12 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 1640
Logical Drives Mask: 0x0000035c

Kernel Drivers (total 160):
0x0240D000 \SystemRoot\system32\ntoskrnl.exe
0x02925000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063E000 \SystemRoot\system32\PSHED.dll
0x00652000 \SystemRoot\system32\CLFS.SYS
0x006AF000 \SystemRoot\system32\CI.dll
0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008A6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008B5000 \SystemRoot\system32\drivers\acpi.sys
0x0090B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00914000 \SystemRoot\system32\drivers\msisadrv.sys
0x0091E000 \SystemRoot\system32\drivers\pci.sys
0x0094E000 \SystemRoot\System32\drivers\partmgr.sys
0x00963000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00967000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00973000 \SystemRoot\system32\drivers\volmgr.sys
0x00987000 \SystemRoot\System32\drivers\volmgrx.sys
0x009ED000 \SystemRoot\System32\drivers\mountmgr.sys
0x00761000 \SystemRoot\system32\drivers\atapi.sys
0x00769000 \SystemRoot\system32\drivers\ataport.SYS
0x0078D000 \SystemRoot\system32\drivers\msahci.sys
0x00797000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x007A7000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A01000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A15000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C09000 \SystemRoot\system32\drivers\ndis.sys
0x00A9A000 \SystemRoot\system32\drivers\msrpc.sys
0x00AEA000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00F8B000 \SystemRoot\system32\drivers\volsnap.sys
0x00FCF000 \SystemRoot\System32\Drivers\Tpkd.sys
0x00FF2000 \SystemRoot\System32\Drivers\spldr.sys
0x00E00000 \SystemRoot\SysWOW64\speedfan.sys
0x00DCC000 \SystemRoot\System32\Drivers\mup.sys
0x00B42000 \SystemRoot\System32\drivers\ecache.sys
0x00B6E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00DDE000 \SystemRoot\system32\drivers\disk.sys
0x00B97000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DF2000 \SystemRoot\system32\drivers\crcdisk.sys
0x007ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02004000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02656000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02735000 \SystemRoot\System32\drivers\watchdog.sys
0x02744000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02757000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02763000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x027A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0280D000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x02C9C000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x02CDB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02CED000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02CFD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x02D1D000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x02D32000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x02D49000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x02DA0000 \SystemRoot\system32\DRIVERS\itecir.sys
0x027BA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x027D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02E0F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02E55000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02E57000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E63000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E7F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02E8C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02E9F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02EA8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02EAD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02EE5000 \SystemRoot\system32\DRIVERS\storport.sys
0x02F42000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02F4F000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x02F5D000 \SystemRoot\system32\DRIVERS\portcls.sys
0x02F98000 \SystemRoot\system32\DRIVERS\drmk.sys
0x02FBB000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FEF000 \SystemRoot\system32\drivers\ksthunk.sys
0x03002000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03025000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03031000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03062000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03072000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03090000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x030A8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03142000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03154000 \SystemRoot\system32\DRIVERS\VClone.sys
0x03163000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03191000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03193000 \SystemRoot\system32\DRIVERS\circlass.sys
0x031A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x031AF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03401000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03449000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0345D000 \SystemRoot\system32\drivers\HdAudio.sys
0x034A6000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0351A000 \SystemRoot\system32\DRIVERS\hidir.sys
0x03525000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03537000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0353F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03549000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03554000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0355E000 \SystemRoot\System32\Drivers\Null.SYS
0x03567000 \SystemRoot\System32\drivers\vga.sys
0x03575000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0359A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x035A3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x035AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x035B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035C8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0720F000 \SystemRoot\System32\drivers\tcpip.sys
0x07383000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x073AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x073CC000 \SystemRoot\system32\DRIVERS\smb.sys
0x07400000 \SystemRoot\system32\drivers\afd.sys
0x0746D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x074B1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x074CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x074DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x074F9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07547000 \SystemRoot\system32\drivers\nsiproxy.sys
0x07553000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x0755D000 \SystemRoot\system32\drivers\csc.sys
0x075D3000 \SystemRoot\System32\Drivers\dfsc.sys
0x073E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x035D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07603000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x07651000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x0767B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x076B0000 \SystemRoot\system32\DRIVERS\udfs.sys
0x076FE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0770C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07718000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x07722000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x07735000 \SystemRoot\System32\drivers\Dxapi.sys
0x07741000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x07754000 \SystemRoot\system32\drivers\luafv.sys
0x09401000 \SystemRoot\system32\drivers\spsys.sys
0x0949B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x094AF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x094E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x094EE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09506000 \SystemRoot\system32\drivers\HTTP.sys
0x095A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x095C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07776000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07790000 \SystemRoot\system32\drivers\mrxdav.sys
0x077B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09603000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0964C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0966B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0969C000 \SystemRoot\System32\DRIVERS\srv.sys
0x09730000 \SystemRoot\system32\drivers\peauth.sys
0x097E6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x097F1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x077DF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x095E7000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x772B0000 \Windows\System32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
608 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
252 C:\Windows\System32\Ati2evxx.exe
316 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\audiodg.exe
1160 C:\Windows\System32\SLsvc.exe
1204 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Dell\DellDock\DockLogin.exe
1400 C:\Windows\System32\Ati2evxx.exe
1496 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\dwm.exe
1916 C:\Windows\System32\spoolsv.exe
1924 C:\Windows\System32\taskeng.exe
1992 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\taskeng.exe
2208 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\AESTSr64.exe
2236 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2252 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2272 C:\Windows\System32\svchost.exe
2284 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2316 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
2456 C:\Windows\SysWOW64\PnkBstrA.exe
2492 C:\Windows\System32\svchost.exe
2528 C:\Windows\System32\svchost.exe
2580 C:\Windows\System32\svchost.exe
2624 C:\Windows\System32\SearchIndexer.exe
2736 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3064 WUDFHost.exe
1632 C:\Windows\System32\PresentationSettings.exe
1628 <unknown>
1056 C:\Windows\explorer.exe
2780 C:\Windows\System32\rundll32.exe
2980 C:\Users\Arnhem\Desktop\MBRCheck.exe
2204 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
2412 C:\Windows\System32\taskmgr.exe
1952 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c9d00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`09d00000 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM500LI, Rev: 2TF00_02
PhysicalDrive2 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: B5ECB466A547B40E0B7B1A3D883A2B1536B2D993


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 27 September 2010 - 07:08 PM

Okay, second run of MBRCheck.

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 1 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#13 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 28 September 2010 - 05:29 AM

didn't i just do that?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:18 PM

Posted 28 September 2010 - 04:09 PM

No, this run is different here:

QUOTE
Enter 1 and press the Enter key.

Posted Image
m0le is a proud member of UNITE

#15 Arnhem

Arnhem
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 28 September 2010 - 04:56 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 1640
Logical Drives Mask: 0x0000025c

Kernel Drivers (total 159):
0x0240D000 \SystemRoot\system32\ntoskrnl.exe
0x02925000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063E000 \SystemRoot\system32\PSHED.dll
0x00652000 \SystemRoot\system32\CLFS.SYS
0x006AF000 \SystemRoot\system32\CI.dll
0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008A6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008B5000 \SystemRoot\system32\drivers\acpi.sys
0x0090B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00914000 \SystemRoot\system32\drivers\msisadrv.sys
0x0091E000 \SystemRoot\system32\drivers\pci.sys
0x0094E000 \SystemRoot\System32\drivers\partmgr.sys
0x00963000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00967000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00973000 \SystemRoot\system32\drivers\volmgr.sys
0x00987000 \SystemRoot\System32\drivers\volmgrx.sys
0x009ED000 \SystemRoot\System32\drivers\mountmgr.sys
0x00761000 \SystemRoot\system32\drivers\atapi.sys
0x00769000 \SystemRoot\system32\drivers\ataport.SYS
0x0078D000 \SystemRoot\system32\drivers\msahci.sys
0x00797000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x007A7000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A01000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A15000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C09000 \SystemRoot\system32\drivers\ndis.sys
0x00A9A000 \SystemRoot\system32\drivers\msrpc.sys
0x00AEA000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00F8B000 \SystemRoot\system32\drivers\volsnap.sys
0x00FCF000 \SystemRoot\System32\Drivers\Tpkd.sys
0x00FF2000 \SystemRoot\System32\Drivers\spldr.sys
0x00E00000 \SystemRoot\SysWOW64\speedfan.sys
0x00DCC000 \SystemRoot\System32\Drivers\mup.sys
0x00B42000 \SystemRoot\System32\drivers\ecache.sys
0x00B6E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00DDE000 \SystemRoot\system32\drivers\disk.sys
0x00B97000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DF2000 \SystemRoot\system32\drivers\crcdisk.sys
0x007ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02004000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02656000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02735000 \SystemRoot\System32\drivers\watchdog.sys
0x02744000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02757000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02763000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x027A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0280D000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x02C9C000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x02CDB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02CED000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02CFD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x02D1D000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x02D32000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x02D49000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x02DA0000 \SystemRoot\system32\DRIVERS\itecir.sys
0x027BA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x027D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02E0F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02E55000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02E57000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E63000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E7F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02E8C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02E9F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02EA8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02EAD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02EE5000 \SystemRoot\system32\DRIVERS\storport.sys
0x02F42000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02F4F000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x02F5D000 \SystemRoot\system32\DRIVERS\portcls.sys
0x02F98000 \SystemRoot\system32\DRIVERS\drmk.sys
0x02FBB000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FEF000 \SystemRoot\system32\drivers\ksthunk.sys
0x03002000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03025000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03031000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03062000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03072000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03090000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x030A8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03142000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03154000 \SystemRoot\system32\DRIVERS\VClone.sys
0x03163000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03191000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03193000 \SystemRoot\system32\DRIVERS\circlass.sys
0x031A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x031AF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03401000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03449000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0345D000 \SystemRoot\system32\drivers\HdAudio.sys
0x034A6000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0351A000 \SystemRoot\system32\DRIVERS\hidir.sys
0x03525000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03537000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0353F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03549000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03554000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0355E000 \SystemRoot\System32\Drivers\Null.SYS
0x03567000 \SystemRoot\System32\drivers\vga.sys
0x03575000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0359A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x035A3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x035AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x035B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035C8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0720F000 \SystemRoot\System32\drivers\tcpip.sys
0x07383000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x073AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x073CC000 \SystemRoot\system32\DRIVERS\smb.sys
0x07400000 \SystemRoot\system32\drivers\afd.sys
0x0746D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x074B1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x074CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x074DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x074F9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07547000 \SystemRoot\system32\drivers\nsiproxy.sys
0x07553000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x0755D000 \SystemRoot\system32\drivers\csc.sys
0x075D3000 \SystemRoot\System32\Drivers\dfsc.sys
0x073E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x035D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07603000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x07651000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x0767B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x076B0000 \SystemRoot\system32\DRIVERS\udfs.sys
0x076FE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0770C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07718000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x07722000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x07735000 \SystemRoot\System32\drivers\Dxapi.sys
0x07741000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x07754000 \SystemRoot\system32\drivers\luafv.sys
0x09401000 \SystemRoot\system32\drivers\spsys.sys
0x0949B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x094AF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x094E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x094EE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09506000 \SystemRoot\system32\drivers\HTTP.sys
0x095A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x095C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07776000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07790000 \SystemRoot\system32\drivers\mrxdav.sys
0x077B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09603000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0964C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0966B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0969C000 \SystemRoot\System32\DRIVERS\srv.sys
0x09730000 \SystemRoot\system32\drivers\peauth.sys
0x097E6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x097F1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x031BF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x772B0000 \Windows\System32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
608 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
252 C:\Windows\System32\Ati2evxx.exe
316 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\audiodg.exe
1160 C:\Windows\System32\SLsvc.exe
1204 C:\Windows\System32\svchost.exe
1376 C:\Program Files\Dell\DellDock\DockLogin.exe
1400 C:\Windows\System32\Ati2evxx.exe
1496 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\dwm.exe
1916 C:\Windows\System32\spoolsv.exe
1924 C:\Windows\System32\taskeng.exe
1992 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\taskeng.exe
2208 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_77d0b692\AESTSr64.exe
2236 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2252 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2272 C:\Windows\System32\svchost.exe
2284 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2316 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
2456 C:\Windows\SysWOW64\PnkBstrA.exe
2492 C:\Windows\System32\svchost.exe
2528 C:\Windows\System32\svchost.exe
2580 C:\Windows\System32\svchost.exe
2624 C:\Windows\System32\SearchIndexer.exe
2736 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
1056 C:\Windows\explorer.exe
2780 C:\Windows\System32\rundll32.exe
2204 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
1952 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3684 C:\Program Files (x86)\foobar2000\foobar2000.exe
2888 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
1428 C:\Windows\System32\SearchProtocolHost.exe
1516 C:\Windows\System32\SearchFilterHost.exe
3968 C:\Users\Arnhem\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c9d00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`09d00000 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM500LI, Rev: 2TF00_02
PhysicalDrive2 Model Number: WD3200BMV External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: B5ECB466A547B40E0B7B1A3D883A2B1536B2D993


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Error opening disk (2)!


Done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users