Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are My Problems Solved?


  • Please log in to reply
9 replies to this topic

#1 mtfitz

mtfitz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 22 November 2010 - 01:50 PM

I posted here: http://www.bleepingcomputer.com/forums/topic362232.html about a problem I was having with a backdoor and multiple problems that occurred after it. After posting, I realized the post was better suited to this forum since I want someone to check my logs. In a nutshell, I got the cycbot.b backdoor warning on Saturday night through Microsoft Security Essentials, as I was trying to deal with it I suddenly go hit by alureon.ct and obfuscator.kf. I was able to remove all the problems but the next morning alureon.ct came back and I also received a warning about the trojan downloader renos. Removed the malware once again and my computer has been acting completely normal since.

Scans with MBAM and MSE turned up nothing and Dr Web Cureit just turned up a "potential" due to my Comcast Desktop Doctor. I'm hoping someone here can help me figure out if I'm still infected. I've posted my DDS logs and gmer logs. Thanks in advance for any advice you can give.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Mark Fitz at 21:52:43.80 on Sun 11/21/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1011 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mark Fitz\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0334.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0334.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [BackupSoft] "\RunRedem.exe" /STARTUP
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\markfi~1\appdata\roaming\mozilla\firefox\profiles\qhyqe8vb.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0334.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-22 00:46:04 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-22 00:46:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-21 20:33:36 -------- d-----w- c:\users\mark fitz\DoctorWeb
2010-11-21 07:57:57 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{503aff86-fdbb-4be2-acb6-05d392814bef}\mpengine.dll
2010-11-11 07:41:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-10-27 12:52:08 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 12:52:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 12:52:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

============= FINISH: 21:54:26.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:19 PM

Posted 01 December 2010 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 mtfitz

mtfitz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 02 December 2010 - 06:28 PM

I've attached updated DDS files.

Unfortunately, when I tried to run GMER again I kept on getting BSOD. I've attached my original GMER scan.



DDS (Ver_10-11-10.01) - NTFSx86
Run by Mark Fitz at 18:06:32.39 on Thu 12/02/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1064 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark Fitz\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0334.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0334.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [BackupSoft] "\RunRedem.exe" /STARTUP
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\markfi~1\appdata\roaming\mozilla\firefox\profiles\qhyqe8vb.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0334.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-02 14:45:38 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{d4d3ce71-33ca-4062-98f3-b42ac3b0ee91}\mpengine.dll
2010-11-29 18:22:39 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-11-23 22:51:21 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-22 05:17:27 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-11-22 00:46:04 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-22 00:46:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-21 20:33:36 -------- d-----w- c:\users\mark fitz\DoctorWeb
2010-11-11 07:41:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

============= FINISH: 18:06:59.51 ===============

Attached Files



#4 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 03 December 2010 - 02:30 PM

Welcome to BC :)

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs.
  • Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • In your next reply, please include the log from MBRChecker.
Thanks
Microsoft MVP Consumer Security--2007-2010

#5 mtfitz

mtfitz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 December 2010 - 05:22 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 189):
0x81E36000 \SystemRoot\system32\ntkrnlpa.exe
0x81E03000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\PSHED.dll
0x80423000 \SystemRoot\system32\BOOTVID.dll
0x8042B000 \SystemRoot\system32\CLFS.SYS
0x8046C000 \SystemRoot\system32\CI.dll
0x8054C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060B000 \SystemRoot\system32\drivers\acpi.sys
0x80651000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065A000 \SystemRoot\system32\drivers\msisadrv.sys
0x80662000 \SystemRoot\system32\drivers\pci.sys
0x80689000 \SystemRoot\system32\drivers\isapnp.sys
0x80698000 \SystemRoot\system32\drivers\mpio.sys
0x806B4000 \SystemRoot\System32\drivers\partmgr.sys
0x806C3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806C6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806D0000 \SystemRoot\system32\drivers\volmgr.sys
0x806DF000 \SystemRoot\System32\drivers\volmgrx.sys
0x80729000 \SystemRoot\system32\drivers\intelide.sys
0x80730000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8073E000 \SystemRoot\system32\drivers\pciide.sys
0x80745000 \SystemRoot\system32\drivers\aliide.sys
0x8074C000 \SystemRoot\system32\drivers\amdide.sys
0x80753000 \SystemRoot\system32\drivers\cmdide.sys
0x8075B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8076B000 \SystemRoot\system32\drivers\msdsm.sys
0x80785000 \SystemRoot\system32\drivers\nvraid.sys
0x807A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807C1000 \SystemRoot\system32\drivers\viaide.sys
0x8760E000 \SystemRoot\system32\drivers\iastorv.sys
0x876AF000 \SystemRoot\system32\drivers\atapi.sys
0x876B7000 \SystemRoot\system32\drivers\ataport.SYS
0x876D5000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x876EF000 \SystemRoot\system32\drivers\storport.sys
0x87730000 \SystemRoot\system32\drivers\msahci.sys
0x8773A000 \SystemRoot\system32\drivers\hpcisss.sys
0x87745000 \SystemRoot\system32\drivers\adp94xx.sys
0x877AF000 \SystemRoot\system32\drivers\adpahci.sys
0x807C9000 \SystemRoot\system32\drivers\adpu160m.sys
0x805D5000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x87800000 \SystemRoot\system32\drivers\adpu320.sys
0x87826000 \SystemRoot\system32\drivers\djsvs.sys
0x8783A000 \SystemRoot\system32\drivers\arc.sys
0x87850000 \SystemRoot\system32\drivers\arcsas.sys
0x87866000 \SystemRoot\system32\drivers\elxstor.sys
0x878FA000 \SystemRoot\system32\drivers\i2omp.sys
0x87904000 \SystemRoot\system32\drivers\iirsp.sys
0x87914000 \SystemRoot\system32\drivers\iteatapi.sys
0x87920000 \SystemRoot\system32\drivers\iteraid.sys
0x8792C000 \SystemRoot\system32\drivers\lsi_fc.sys
0x87946000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8795E000 \SystemRoot\system32\drivers\megasas.sys
0x87A05000 \SystemRoot\system32\drivers\megasr.sys
0x87ABC000 \SystemRoot\system32\drivers\mraid35x.sys
0x87AC7000 \SystemRoot\system32\drivers\nfrd960.sys
0x87AD5000 \SystemRoot\system32\drivers\nvstor.sys
0x87C02000 \SystemRoot\system32\drivers\ql2300.sys
0x87D3A000 \SystemRoot\system32\drivers\ql40xx.sys
0x87D8F000 \SystemRoot\system32\drivers\sisraid2.sys
0x87D9C000 \SystemRoot\system32\drivers\sisraid4.sys
0x87DB1000 \SystemRoot\system32\drivers\symc8xx.sys
0x87DBD000 \SystemRoot\system32\drivers\sym_hi.sys
0x87DC8000 \SystemRoot\system32\drivers\sym_u3.sys
0x87AE2000 \SystemRoot\system32\drivers\uliahci.sys
0x87DD3000 \SystemRoot\system32\drivers\ulsata.sys
0x87B1E000 \SystemRoot\system32\drivers\ulsata2.sys
0x87B4A000 \SystemRoot\system32\drivers\vsmraid.sys
0x87B6B000 \SystemRoot\system32\drivers\fltmgr.sys
0x87B9D000 \SystemRoot\system32\drivers\fileinfo.sys
0x87968000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E06000 \SystemRoot\system32\drivers\ndis.sys
0x87F11000 \SystemRoot\system32\drivers\msrpc.sys
0x87F3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x88006000 \SystemRoot\System32\drivers\tcpip.sys
0x880F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88314000 \SystemRoot\system32\drivers\wd.sys
0x8831C000 \SystemRoot\system32\drivers\volsnap.sys
0x88355000 \SystemRoot\System32\Drivers\spldr.sys
0x8835D000 \SystemRoot\system32\drivers\sbp2port.sys
0x88372000 \SystemRoot\System32\Drivers\mup.sys
0x88381000 \SystemRoot\System32\drivers\ecache.sys
0x883A8000 \SystemRoot\system32\drivers\disk.sys
0x883B9000 \SystemRoot\system32\drivers\crcdisk.sys
0x883E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8810B000 \SystemRoot\system32\DRIVERS\processr.sys
0x883F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8811A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8812D000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x88132000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8813D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88200000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8816D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88178000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8817C000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88184000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8818E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x881CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C00D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C09A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C0B2000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C40D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CD64000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8C20B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C2AC000 \SystemRoot\System32\drivers\watchdog.sys
0x8C2B8000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C39C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C3CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C3D6000 \SystemRoot\system32\DRIVERS\bridge.sys
0x8CD66000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C3F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CD7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CDA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CDAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CDC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CDD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C3FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C1AF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CDE8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87F77000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C1D9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x87FAC000 \SystemRoot\system32\drivers\CHDRT32.sys
0x87BAD000 \SystemRoot\system32\drivers\portcls.sys
0x881DB000 \SystemRoot\system32\drivers\drmk.sys
0x8D20C000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D24A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D404000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D4B9000 \SystemRoot\system32\drivers\modem.sys
0x8D4C6000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8D4D4000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8D4E7000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D50A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D513000 \SystemRoot\System32\Drivers\Null.SYS
0x8D51A000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D52A000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8D531000 \SystemRoot\System32\drivers\vga.sys
0x8D53D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D55E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D566000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D56E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D579000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D587000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D590000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D5A6000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D34D000 \SystemRoot\system32\drivers\afd.sys
0x8D5BA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D395000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D5EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D3AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D3BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D200000 \SystemRoot\system32\drivers\nsiproxy.sys
0x87FE7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C400000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CDF5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D521000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94E70000 \SystemRoot\System32\win32k.sys
0x8C1EA000 \SystemRoot\System32\drivers\Dxapi.sys
0x95090000 \SystemRoot\System32\TSDDD.dll
0x950B0000 \SystemRoot\System32\cdd.dll
0x950C0000 \SystemRoot\System32\ATMFD.DLL
0x87BDA000 \SystemRoot\system32\drivers\luafv.sys
0x9A60F000 \SystemRoot\system32\drivers\spsys.sys
0x9A6BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A6CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A6F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A703000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A716000 \SystemRoot\system32\drivers\HTTP.sys
0x9A783000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A7A0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A7B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A7CE000 \SystemRoot\system32\drivers\mrxdav.sys
0x879D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B405000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B43E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B456000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B47E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B4E4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9B4E8000 \SystemRoot\system32\drivers\peauth.sys
0x9B5C6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B5D0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B5DC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9B5E4000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9B4CC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B5ED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77C20000 \Windows\System32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
552 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\winlogon.exe
972 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1096 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\audiodg.exe
1356 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\SLsvc.exe
1424 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\nvvsvc.exe
1640 C:\Windows\System32\svchost.exe
1756 C:\Windows\System32\wlanext.exe
1884 C:\Windows\System32\spoolsv.exe
1912 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\svchost.exe
520 C:\Windows\System32\svchost.exe
1164 C:\Program Files\SMINST\BLService.exe
1700 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
508 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
1532 C:\Windows\System32\svchost.exe
1588 C:\Windows\System32\svchost.exe
2100 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2140 C:\Windows\System32\SearchIndexer.exe
2212 C:\Windows\System32\drivers\XAudio.exe
2420 C:\Windows\System32\taskeng.exe
2644 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3064 C:\Windows\System32\taskeng.exe
3156 C:\Windows\System32\dwm.exe
3180 C:\Windows\explorer.exe
3428 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
3436 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2524 C:\Windows\System32\wbem\unsecapp.exe
2696 WmiPrvSE.exe
2428 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1736 C:\Program Files\Windows Media Player\wmpnscfg.exe
2516 C:\Program Files\Windows Media Player\wmpnetwk.exe
2912 C:\Program Files\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe
3328 C:\Program Files\Mozilla Firefox\firefox.exe
3984 C:\Users\Mark Fitz\Downloads\MBRCheck(2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`80600000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM251JI, Rev: 2SS00_03

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 04 December 2010 - 05:48 PM

  • Double-Click on MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:.
  • Please press 'Y' key and press Enter.
  • When program ask you Enter your Choice: Press '1' (dumb mbr to file) and press Enter.
  • Next prompt "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Press 0 and press Enter
  • Name the file as mbrdump and press Enter.
  • Type -1 to exit
  • Press Enter to exit MBRCheck.exe.
  • In your next reply, please upload C:\mbrdump Here.

Edited by sjpritch25, 04 December 2010 - 05:50 PM.

Microsoft MVP Consumer Security--2007-2010

#7 mtfitz

mtfitz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 04 December 2010 - 06:33 PM

I submitted the necessary information. Thank you for your help!

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 05 December 2010 - 12:06 AM

to me it looks like a legit hp vista mbr, but i'm going to have some other experts look at it. How is the computer running??
Microsoft MVP Consumer Security--2007-2010

#9 mtfitz

mtfitz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 05 December 2010 - 05:43 PM

The computer is running fine with no apparent problems since quarantining and deleting the problems. I just want to make sure that there isn't something lurking in the background that's not apparent to me right now. Thank you again for your help.

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 06 December 2010 - 10:19 PM

Yes i would say your problem is solved.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users