Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware - Trojan - Etc - Removed over 250 errors already


  • This topic is locked This topic is locked
24 replies to this topic

#1 momdotts

momdotts

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 21 September 2010 - 11:51 AM

My computer was hacked... Could not run a virus scan until the other day! Attached my OTL & extras.

I know I still have a gazillion errors - but don't know how to get rid of them... Virus keeps mutating I think



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 22 September 2010 - 10:22 AM

Hi again momdotts,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 22 September 2010 - 11:32 AM

DDS Report:

DDS (Ver_09-09-29.01) - NTFSx86 MINIMAL
Run by Administrator at 20:03:47.97 on Tue 09/21/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.239.135 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.toshiba.com
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=4294905910
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: symsupportutil - hxxps://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37388.7675347222
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [2010-9-17 102448]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-2-12 57440]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100917.003\naveng.sy s [2010-9-17 85424]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100917.003\navex15 .sys [2010-9-17 1362608]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
S3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [2001-9-18 219520]
=============== Created Last 30 ================
2010-09-21 14:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-21 14:24 <DIR> --d----- c:\program files\SUPERAntiSpyware
2010-09-21 13:23 <DIR> --d----- c:\program files\Yahoo!
2010-09-20 09:24 512,000 -c------ c:\windows\system32\dllcache\jscript.dll
2010-09-17 22:38 <DIR> --d----- c:\windows\system32\scripting
2010-09-17 22:38 <DIR> --d----- c:\windows\l2schemas
2010-09-17 22:38 <DIR> --d----- c:\windows\system32\en
2010-09-17 22:15 <DIR> --d----- c:\windows\network diagnostic
2010-09-15 21:00 <DIR> --d----- c:\program files\CCleaner
2010-09-15 19:30 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-09-15 19:30 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-15 19:30 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-09-15 19:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 19:23 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2010-09-15 19:23 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2010-09-15 19:23 <DIR> --d----- c:\documents and settings\Administrator
==================== Find3M ====================
2010-09-17 22:53 77,607 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-07-22 11:49 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-07-22 01:57 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-06-30 08:31 149,504 a------- c:\windows\system32\schannel.dll
2010-06-24 08:10 667,136 a------- c:\windows\system32\wininet.dll
2010-06-24 08:10 81,920 -------- c:\windows\system32\ieencode.dll
============= FINISH: 20:05:08.96 ===============

GMER report

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-22 00:16:18
Windows 5.1.2600 Service Pack 3
Running: lszcjx2q.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ffedauob.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----


Attach.txt

DDS Report:

DDS (Ver_09-09-29.01) - NTFSx86 MINIMAL
Run by Administrator at 20:03:47.97 on Tue 09/21/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.239.135 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.toshiba.com
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=4294905910
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: symsupportutil - hxxps://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37388.7675347222
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [2010-9-17 102448]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-2-12 57440]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100917.003\naveng.sy s [2010-9-17 85424]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100917.003\navex15 .sys [2010-9-17 1362608]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
S3 tridxp;tridxp;c:\windows\system32\drivers\tridxpm.sys [2001-9-18 219520]
=============== Created Last 30 ================
2010-09-21 14:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-21 14:24 <DIR> --d----- c:\program files\SUPERAntiSpyware
2010-09-21 13:23 <DIR> --d----- c:\program files\Yahoo!
2010-09-20 09:24 512,000 -c------ c:\windows\system32\dllcache\jscript.dll
2010-09-17 22:38 <DIR> --d----- c:\windows\system32\scripting
2010-09-17 22:38 <DIR> --d----- c:\windows\l2schemas
2010-09-17 22:38 <DIR> --d----- c:\windows\system32\en
2010-09-17 22:15 <DIR> --d----- c:\windows\network diagnostic
2010-09-15 21:00 <DIR> --d----- c:\program files\CCleaner
2010-09-15 19:30 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-09-15 19:30 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-15 19:30 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-09-15 19:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 19:23 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2010-09-15 19:23 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2010-09-15 19:23 <DIR> --d----- c:\documents and settings\Administrator
==================== Find3M ====================
2010-09-17 22:53 77,607 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-07-22 11:49 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-07-22 01:57 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-06-30 08:31 149,504 a------- c:\windows\system32\schannel.dll
2010-06-24 08:10 667,136 a------- c:\windows\system32\wininet.dll
2010-06-24 08:10 81,920 -------- c:\windows\system32\ieencode.dll
============= FINISH: 20:05:08.96 ===============

GMER report

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-22 00:16:18
Windows 5.1.2600 Service Pack 3
Running: lszcjx2q.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ffedauob.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

Attach.txy


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/1998 5:30:50 AM
System Uptime: 9/21/2010 7:58:56 PM (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel Pentium III processor | 370-PIN PGA ZIF SOCKET | 1095/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 6.127 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP849: 8/10/2010 4:07:36 PM - System Checkpoint
RP850: 8/11/2010 4:25:28 PM - System Checkpoint
RP851: 8/12/2010 4:28:14 PM - System Checkpoint
RP852: 8/13/2010 5:35:56 PM - System Checkpoint
RP853: 8/14/2010 12:27:45 AM - Software Distribution Service 3.0
RP854: 8/16/2010 9:23:14 AM - System Checkpoint
RP855: 8/17/2010 3:40:54 PM - System Checkpoint
RP856: 8/19/2010 12:16:51 PM - System Checkpoint
RP857: 8/21/2010 11:01:28 AM - System Checkpoint
RP858: 8/22/2010 12:54:37 PM - System Checkpoint
RP859: 8/23/2010 1:23:58 PM - System Checkpoint
RP860: 8/24/2010 2:16:41 PM - System Checkpoint
RP861: 8/25/2010 3:00:11 PM - System Checkpoint
RP862: 8/26/2010 6:41:54 AM - Software Distribution Service 3.0
RP863: 8/26/2010 8:37:09 PM - Software Distribution Service 3.0
RP864: 8/29/2010 4:45:28 PM - System Checkpoint
RP865: 8/31/2010 11:35:31 AM - System Checkpoint
RP866: 9/1/2010 1:53:37 PM - System Checkpoint
RP867: 9/2/2010 11:22:10 AM - Software Distribution Service 3.0
RP868: 9/4/2010 6:13:44 PM - System Checkpoint
RP869: 9/7/2010 8:37:22 AM - System Checkpoint
RP870: 9/9/2010 9:10:07 AM - System Checkpoint
RP871: 9/13/2010 11:47:57 AM - System Checkpoint
RP872: 9/15/2010 9:14:07 AM - System Checkpoint
RP873: 9/15/2010 7:16:34 PM - Removed Microsoft AntiSpyware
RP874: 9/15/2010 8:06:46 PM - Software Distribution Service 3.0
RP875: 9/16/2010 8:47:27 PM - System Checkpoint
RP876: 9/17/2010 9:11:18 PM - Software Distribution Service 3.0
RP877: 9/18/2010 9:15:27 PM - System Checkpoint
RP878: 9/19/2010 1:55:21 PM - Software Distribution Service 3.0
RP879: 9/20/2010 3:26:53 PM - System Checkpoint
RP880: 9/20/2010 9:54:26 PM - Software Distribution Service 3.0
RP881: 9/21/2010 9:35:05 AM - Software Distribution Service 3.0
RP882: 9/21/2010 4:33:13 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Download Manager (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
ALi Audio Accelerator WDM Driver
ALPS Touch Pad Driver
Auto Care
CallWave
CCleaner
DIGOpt
Easy CD Creator 5 Basic
Family Tree Maker Version 16
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp instant support
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2200 series
InterVideo WinDVD
LiveUpdate 3.0 (Symantec Corporation)
Lotus NotesSQL 2.06 driver
Lotus SmartSuite - English
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MSN
MSVCRT
MyHeritage Family Tree Builder
Network Device Switch
Norton WMI Update
Readiris 7.5
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SUPERAntiSpyware
Symantec AntiVirus
TOSHIBA Console
TOSHIBA Controls
Toshiba On the Web and Support Menu
Toshiba Screensaver
Toshiba Soft Modem AMR
TOSHIBA Software Modem
Toshiba Software Upgrades
Toshiba Tbiosdrv Driver
Toshiba Utilities
Toshiba VirtualTech
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebEx Client Install
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows XP Service Pack 3
Wireless Hotkey
WN111v2
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/21/2010 5:20:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL SYMTDI Tcpip
9/21/2010 5:04:23 PM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: %%16389
9/21/2010 11:59:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips P3 SAVRT SAVRTPEL SYMTDI
9/21/2010 1:38:21 PM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
9/20/2010 8:23:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
9/18/2010 7:50:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SymWMI Service service to connect.
9/17/2010 8:02:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
9/17/2010 8:02:31 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/17/2010 8:02:30 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/16/2010 1:35:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/15/2010 9:04:36 PM, error: E100B [4] - Adapter Intel 8255x-based PCI Ethernet Adapter (10/100): Adapter Link Down
9/15/2010 9:00:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/15/2010 9:00:08 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/15/2010 7:29:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/15/2010 7:24:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip
9/15/2010 7:24:13 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 7:24:13 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 7:24:13 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 7:24:13 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/15/2010 7:23:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/15/2010 7:23:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/15/2010 7:16:56 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/15/2010 6:50:22 PM, error: Service Control Manager [7003] - The Norton Internet Security Proxy Service service depends on the following nonexistent service: NISUM

==== End Of File ===========================


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 22 September 2010 - 01:41 PM

Nothing showing at the moment. Let's test a few things out

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


And
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 22 September 2010 - 02:10 PM

mOle,
the tdsskiller came badk - no errors
the MBR check is below:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF9D54000 \WINDOWS\system32\KDCOM.DLL
0xF9C64000 \WINDOWS\system32\BOOTVID.dll
0xF9805000 ACPI.sys
0xF9D56000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF97F4000 pci.sys
0xF9854000 isapnp.sys
0xF9C68000 compbatt.sys
0xF9C6C000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF9D58000 aliide.sys
0xF9AD4000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF97D6000 pcmcia.sys
0xF9864000 MountMgr.sys
0xF97B7000 ftdisk.sys
0xF9ADC000 PartMgr.sys
0xF9874000 VolSnap.sys
0xF979F000 atapi.sys
0xF9884000 disk.sys
0xF9894000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF977F000 fltmgr.sys
0xF976D000 sr.sys
0xF9756000 KSecDD.sys
0xF96C9000 Ntfs.sys
0xF969C000 NDIS.sys
0xF9D5A000 TVALD.SYS
0xF9682000 Mup.sys
0xF98A4000 alim1541.sys
0xF99C4000 \SystemRoot\System32\DRIVERS\p3.sys
0xF9604000 \SystemRoot\System32\DRIVERS\tridxpm.sys
0xF95F0000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF9B5C000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF95CC000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF9B64000 \SystemRoot\system32\drivers\ImapiRox.sys
0xF99D4000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF99E4000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF99F4000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF9A04000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF95A9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF9B6C000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF9596000 \SystemRoot\System32\Drivers\pwd_2K.SYS
0xF9553000 \SystemRoot\system32\drivers\aliadwdm.sys
0xF952F000 \SystemRoot\system32\drivers\portcls.sys
0xF9A14000 \SystemRoot\system32\drivers\drmk.sys
0xF9A24000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF9B74000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF9A34000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF9B7C000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9B84000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF9A44000 \SystemRoot\System32\DRIVERS\serial.sys
0xF9D0C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF9A54000 \SystemRoot\System32\DRIVERS\smcirda.sys
0xF9D10000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF951B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF94FE000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF9D18000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF9F19000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF9B8C000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF9B94000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF9A64000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9D20000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF94E7000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF9A74000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF9A84000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF9436000 \SystemRoot\System32\DRIVERS\psched.sys
0xF9A94000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF9B9C000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9BA4000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF9AA4000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF9D74000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF93B0000 \SystemRoot\System32\DRIVERS\update.sys
0xF9D2C000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF9BAC000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF9AB4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF98D4000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF9D78000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF4E71000 \SystemRoot\System32\DRIVERS\LTSM.sys
0xF9BCC000 \SystemRoot\System32\Drivers\Modem.SYS
0xF9BD4000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF4E1C000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xF4DFF000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF4DEB000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF9D92000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9F3D000 \SystemRoot\System32\Drivers\Null.SYS
0xF9D9A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF9BF4000 \SystemRoot\System32\drivers\vga.sys
0xF9D9C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9DA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF4C32000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF9C04000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF9C0C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF4BED000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF9422000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4BC8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4B6F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4B2F000 \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS
0xF4B09000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF9934000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4AE1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4A97000 \SystemRoot\System32\drivers\afd.sys
0xF9944000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF49D5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF9C44000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF49AA000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF493A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF9954000 \SystemRoot\System32\Drivers\Fips.SYS
0xF48DC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF48C4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9DBE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF9D34000 \SystemRoot\System32\drivers\Dxapi.sys
0xF9C5C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9E9F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\tridxp.dll
0xF2EB6000 \SystemRoot\System32\DRIVERS\irda.sys
0xF2FD4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF2D2A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF2B45000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF2B30000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2C22000 \SystemRoot\system32\drivers\sysaudio.sys
0xF9D6C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF9D72000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF27DB000 \SystemRoot\System32\DRIVERS\srv.sys
0xF4A47000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF2402000 \SystemRoot\System32\Drivers\HTTP.sys
0xF265B000 \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS
0xF222A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys
0xF1A56000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.003\navex15.sys
0xF1A42000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.003\naveng.sys
0xF1A17000 \SystemRoot\system32\drivers\kmixer.sys
0xF9B1C000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
652 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
884 C:\WINDOWS\system32\svchost.exe
1008 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1220 svchost.exe
1488 C:\WINDOWS\explorer.exe
1512 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1580 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1728 C:\WINDOWS\system32\spoolsv.exe
1792 C:\WINDOWS\system32\acs.exe
1840 svchost.exe
1944 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
1976 C:\Program Files\Symantec AntiVirus\DefWatch.exe
2032 C:\WINDOWS\system32\svchost.exe
128 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
460 C:\WINDOWS\system32\fxssvc.exe
1004 alg.exe
2408 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2428 C:\PROGRA~1\SYMANT~1\VPTray.exe
2540 C:\Program Files\CallWave\IAM.exe
2576 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
2716 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
3088 C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
3116 C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
2844 C:\Documents and Settings\Kathie Pontus\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23CA-20, Rev: 00H1A0F0

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0808547820962618619EDDA4C685BAFD15F9472


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 22 September 2010 - 06:31 PM

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#7 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 23 September 2010 - 07:08 AM

m0le,

This computer is XP. I'll have to look around to see if she has a recovery disk. I will get back to you in a day or two - as she lives about 30 miles away and I can't go there today.

I'll keep you updated!

by the way.... THANKS A MILLION!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 23 September 2010 - 04:59 PM

Okay thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 27 September 2010 - 07:30 PM

Any sign of the disks, momdotts?
Posted Image
m0le is a proud member of UNITE

#10 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 27 September 2010 - 10:06 PM

mOle

They have them... hope to get there tomorrow.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 28 September 2010 - 03:57 PM

thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 30 September 2010 - 07:17 PM

Just checking in. How's it going?
Posted Image
m0le is a proud member of UNITE

#13 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 30 September 2010 - 07:36 PM

picked up the disks today! going to work on it tonight... thanks for the update!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:24 AM

Posted 30 September 2010 - 07:38 PM

thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#15 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 02 October 2010 - 10:06 AM

m0le

did it... problem is... after doing it - I ran it again to double check.... gives me the same error!
Below - first run (Kernal Drivers 133) - second running (Kernal Drivers 130)
- first run (Processes 27) - second running (Processes 28)

On original - (Kernal Drivers 133 - Processes 32)

Ran TDSSKILL again - nothing

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF9D54000 \WINDOWS\system32\KDCOM.DLL
0xF9C64000 \WINDOWS\system32\BOOTVID.dll
0xF9805000 ACPI.sys
0xF9D56000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF97F4000 pci.sys
0xF9854000 isapnp.sys
0xF9C68000 compbatt.sys
0xF9C6C000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF9D58000 aliide.sys
0xF9AD4000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF97D6000 pcmcia.sys
0xF9864000 MountMgr.sys
0xF97B7000 ftdisk.sys
0xF9ADC000 PartMgr.sys
0xF9874000 VolSnap.sys
0xF979F000 atapi.sys
0xF9884000 disk.sys
0xF9894000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF977F000 fltmgr.sys
0xF976D000 sr.sys
0xF9756000 KSecDD.sys
0xF96C9000 Ntfs.sys
0xF969C000 NDIS.sys
0xF9D5A000 TVALD.SYS
0xF9682000 Mup.sys
0xF98A4000 alim1541.sys
0xF99C4000 \SystemRoot\System32\DRIVERS\p3.sys
0xF9604000 \SystemRoot\System32\DRIVERS\tridxpm.sys
0xF95F0000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF9B44000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF95CC000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF9B4C000 \SystemRoot\system32\drivers\ImapiRox.sys
0xF99D4000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF99E4000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF99F4000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF9A04000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF95A9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF9B54000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF9596000 \SystemRoot\System32\Drivers\pwd_2K.SYS
0xF9553000 \SystemRoot\system32\drivers\aliadwdm.sys
0xF952F000 \SystemRoot\system32\drivers\portcls.sys
0xF9A14000 \SystemRoot\system32\drivers\drmk.sys
0xF9A24000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF9B5C000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF9A34000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF9B64000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9B6C000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF9A44000 \SystemRoot\System32\DRIVERS\serial.sys
0xF9D14000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF9A54000 \SystemRoot\System32\DRIVERS\smcirda.sys
0xF9D18000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF951B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF94FE000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF9D20000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF9F3C000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF9B74000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF9B7C000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF9A64000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9D2C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF94BF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF9A74000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF9A84000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF940E000 \SystemRoot\System32\DRIVERS\psched.sys
0xF9A94000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF9B84000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9B8C000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF9AA4000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF9D6E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF93B0000 \SystemRoot\System32\DRIVERS\update.sys
0xF9D3C000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF9B94000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF9AB4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF98D4000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF9D70000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF4E71000 \SystemRoot\System32\DRIVERS\LTSM.sys
0xF9BB4000 \SystemRoot\System32\Drivers\Modem.SYS
0xF9BBC000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF4DF5000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xF4DD8000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF4DC4000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF9BC4000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF9D7E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9E47000 \SystemRoot\System32\Drivers\Null.SYS
0xF9D88000 \SystemRoot\System32\Drivers\Beep.SYS
0xF9BE4000 \SystemRoot\System32\drivers\vga.sys
0xF9D8A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9D8C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF4C0B000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF9BEC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF9BF4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF4BC6000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF9D04000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4BA1000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4B48000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4AE0000 \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS
0xF4ABA000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF9914000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4A92000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4A70000 \SystemRoot\System32\drivers\afd.sys
0xF9924000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF49AE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF9BFC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF4983000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4913000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF9934000 \SystemRoot\System32\Drivers\Fips.SYS
0xF48B5000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF4891000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF4851000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9D90000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF9359000 \SystemRoot\System32\drivers\Dxapi.sys
0xF9C0C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9F49000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\tridxp.dll
0xF2F0B000 \SystemRoot\System32\DRIVERS\irda.sys
0xF2FA1000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF2AA2000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2BFB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2867000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF292C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF9D60000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF9D66000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF283F000 \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS
0xF2608000 \SystemRoot\System32\DRIVERS\srv.sys
0xF231F000 \SystemRoot\System32\Drivers\HTTP.sys
0xF2194000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys
0xF2048000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.003\navex15.sys
0xF2034000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.003\naveng.sys
0xF2009000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
652 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe


SECOND RUNNING NOTICE THERE ARE ONLY kERNAL DRIVERS (130 RUNNING)
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF9D54000 \WINDOWS\system32\KDCOM.DLL
0xF9C64000 \WINDOWS\system32\BOOTVID.dll
0xF9805000 ACPI.sys
0xF9D56000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF97F4000 pci.sys
0xF9854000 isapnp.sys
0xF9C68000 compbatt.sys
0xF9C6C000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF9D58000 aliide.sys
0xF9AD4000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF97D6000 pcmcia.sys
0xF9864000 MountMgr.sys
0xF97B7000 ftdisk.sys
0xF9ADC000 PartMgr.sys
0xF9874000 VolSnap.sys
0xF979F000 atapi.sys
0xF9884000 disk.sys
0xF9894000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF977F000 fltmgr.sys
0xF976D000 sr.sys
0xF9756000 KSecDD.sys
0xF96C9000 Ntfs.sys
0xF969C000 NDIS.sys
0xF9D5A000 TVALD.SYS
0xF9682000 Mup.sys
0xF98A4000 alim1541.sys
0xF99F4000 \SystemRoot\System32\DRIVERS\p3.sys
0xF9604000 \SystemRoot\System32\DRIVERS\tridxpm.sys
0xF95F0000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF9B44000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF95CC000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF9B4C000 \SystemRoot\system32\drivers\ImapiRox.sys
0xF9A04000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF9A14000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF9A24000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF9A34000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF95A9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF9B54000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF9596000 \SystemRoot\System32\Drivers\pwd_2K.SYS
0xF9553000 \SystemRoot\system32\drivers\aliadwdm.sys
0xF952F000 \SystemRoot\system32\drivers\portcls.sys
0xF9A44000 \SystemRoot\system32\drivers\drmk.sys
0xF9A54000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF9B5C000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF9A64000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF9B64000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9B6C000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF9A74000 \SystemRoot\System32\DRIVERS\serial.sys
0xF9D18000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF9A84000 \SystemRoot\System32\DRIVERS\smcirda.sys
0xF9D1C000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF951B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF94FE000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF9D24000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF9F54000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF9B74000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF9B7C000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF9A94000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9D2C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF94BF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF9AB4000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF9AC4000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF940E000 \SystemRoot\System32\DRIVERS\psched.sys
0xF98D4000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF9B84000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9B8C000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF98F4000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF9D72000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF93B0000 \SystemRoot\System32\DRIVERS\update.sys
0xF9D44000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF9B94000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF9904000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF9924000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF9D76000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF4E71000 \SystemRoot\System32\DRIVERS\LTSM.sys
0xF9BB4000 \SystemRoot\System32\Drivers\Modem.SYS
0xF9BC4000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF4DC0000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xF4DA3000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF4D8F000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF4C43000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.003\navex15.sys
0xF4C2F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.003\naveng.sys
0xF9BCC000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF9DA0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9F38000 \SystemRoot\System32\Drivers\Null.SYS
0xF9DA8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF9C14000 \SystemRoot\System32\drivers\vga.sys
0xF9DB2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9DB6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF4BD6000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF9C24000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF9C2C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF4B91000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF9365000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4B44000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4AEB000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4AAB000 \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS
0xF4A85000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF9994000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4A5D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4A3B000 \SystemRoot\System32\drivers\afd.sys
0xF99A4000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF4979000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF9C34000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF494E000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF48DE000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF99B4000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4880000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF4834000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF481C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9DD0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF94EA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF9C44000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9F2A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\tridxp.dll
0xF2ED6000 \SystemRoot\System32\DRIVERS\irda.sys
0xF2F50000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF2A61000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2D16000 \SystemRoot\system32\drivers\sysaudio.sys
0xF29BE000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF9E14000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF9E18000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF293E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF268F000 \SystemRoot\System32\DRIVERS\srv.sys
0xF2306000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
596 C:\WINDOWS\system32\smss.exe
660 csrss.exe
692 C:\WINDOWS\system32\winlogon.exe
736 C:\WINDOWS\system32\services.exe
748 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1240 svchost.exe
1424 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1508 C:\WINDOWS\explorer.exe
1552 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1740 C:\WINDOWS\system32\spoolsv.exe
1900 C:\WINDOWS\system32\acs.exe
2008 svchost.exe
168 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
212 C:\Program Files\Symantec AntiVirus\DefWatch.exe
320 C:\WINDOWS\system32\svchost.exe
376 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
448 C:\PROGRA~1\SYMANT~1\VPTray.exe
500 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1156 C:\WINDOWS\system32\fxssvc.exe
1840 C:\WINDOWS\system32\wuauclt.exe
2384 alg.exe
2568 C:\Documents and Settings\Kathie Pontus\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23CA-20, Rev: 00H1A0F0

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0808547820962618619EDDA4C685BAFD15F9472


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users