Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Firefox random pop-up virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 ThePharmist

ThePharmist

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 04 December 2010 - 05:43 PM

My laptop has been infected with a virus that causes new tabs to pop open in Firefox, usually on a page that asks me to buy some sort of anti-virus software. Every so often when I start Firefox I'll get an error message saying that the proxy server is invalid (even though I've never configured it to use a proxy). Windows also seems to be running slower than usual. (I'm running Windows XP, if you need to know). I don't use IE, so I don't know if it's having the same issues as Firefox.

I've attached my DDS, Attach, and GMER (ark.txt) logs to this post.

Thanks in advance for any help you can give me!

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 11 December 2010 - 07:26 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 ThePharmist

ThePharmist
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 11 December 2010 - 08:44 PM

I'm still here. Thanks for replying! Just let me know what I need to do for you!

ThePharmist

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 11 December 2010 - 09:11 PM

First run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 ThePharmist

ThePharmist
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 12 December 2010 - 05:58 AM

Got it. Here's the TDSS log

**********************************************************
2010/12/11 21:19:03.0085 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 21:19:03.0085 ================================================================================
2010/12/11 21:19:03.0085 SystemInfo:
2010/12/11 21:19:03.0085
2010/12/11 21:19:03.0085 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/11 21:19:03.0085 Product type: Workstation
2010/12/11 21:19:03.0085 ComputerName: LAPTOP
2010/12/11 21:19:03.0085 UserName: Valued Customer
2010/12/11 21:19:03.0085 Windows directory: C:\Windows
2010/12/11 21:19:03.0085 System windows directory: C:\Windows
2010/12/11 21:19:03.0085 Processor architecture: Intel x86
2010/12/11 21:19:03.0085 Number of processors: 2
2010/12/11 21:19:03.0085 Page size: 0x1000
2010/12/11 21:19:03.0085 Boot type: Normal boot
2010/12/11 21:19:03.0085 ================================================================================
2010/12/11 21:19:03.0561 Initialize success
2010/12/11 21:19:13.0164 ================================================================================
2010/12/11 21:19:13.0164 Scan started
2010/12/11 21:19:13.0164 Mode: Manual;
2010/12/11 21:19:13.0164 ================================================================================
2010/12/11 21:19:14.0690 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/11 21:19:14.0734 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/11 21:19:14.0771 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/11 21:19:14.0806 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/11 21:19:14.0836 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/11 21:19:15.0099 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/11 21:19:15.0178 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/11 21:19:15.0392 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/11 21:19:15.0423 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2010/12/11 21:19:15.0449 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/11 21:19:15.0468 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2010/12/11 21:19:15.0504 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/11 21:19:15.0533 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/11 21:19:15.0638 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/11 21:19:15.0666 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/11 21:19:15.0728 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/11 21:19:15.0801 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/11 21:19:15.0860 athr (8aefd56986964bbae02b790971f2abaf) C:\Windows\system32\DRIVERS\athr.sys
2010/12/11 21:19:15.0977 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/11 21:19:16.0018 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/11 21:19:16.0037 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/11 21:19:16.0073 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/11 21:19:16.0096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/11 21:19:16.0131 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/11 21:19:16.0151 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/11 21:19:16.0179 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/11 21:19:16.0206 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/11 21:19:16.0228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/11 21:19:16.0263 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/11 21:19:16.0346 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/11 21:19:16.0386 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/11 21:19:16.0470 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/11 21:19:16.0537 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/11 21:19:16.0612 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2010/12/11 21:19:16.0649 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
2010/12/11 21:19:16.0681 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/11 21:19:16.0722 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/11 21:19:16.0824 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/11 21:19:17.0007 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/11 21:19:17.0043 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/11 21:19:17.0099 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/11 21:19:17.0181 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/11 21:19:17.0224 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/11 21:19:17.0307 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/11 21:19:17.0389 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/11 21:19:17.0437 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/11 21:19:17.0533 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/11 21:19:17.0574 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/11 21:19:17.0611 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/11 21:19:17.0733 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/11 21:19:17.0766 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/11 21:19:17.0798 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/11 21:19:17.0875 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/11 21:19:17.0918 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/11 21:19:17.0948 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/11 21:19:18.0035 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/12/11 21:19:18.0148 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/11 21:19:18.0256 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/11 21:19:18.0293 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/11 21:19:18.0386 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/11 21:19:18.0481 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/11 21:19:18.0519 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/12/11 21:19:18.0580 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/11 21:19:18.0646 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/11 21:19:18.0747 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/12/11 21:19:18.0846 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/11 21:19:18.0869 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/11 21:19:18.0923 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/11 21:19:19.0423 igfx (f1f52f4b4dd7cb8b47570690363f1b28) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/11 21:19:19.0639 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/11 21:19:19.0743 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/11 21:19:19.0788 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2010/12/11 21:19:19.0834 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/11 21:19:19.0866 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/11 21:19:19.0916 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/11 21:19:19.0954 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/11 21:19:19.0988 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/11 21:19:20.0064 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/11 21:19:20.0140 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/11 21:19:20.0169 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/11 21:19:20.0201 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/11 21:19:20.0231 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/11 21:19:20.0250 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/11 21:19:20.0294 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/11 21:19:20.0385 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/11 21:19:20.0437 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/11 21:19:20.0465 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/11 21:19:20.0496 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/11 21:19:20.0522 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/11 21:19:20.0557 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/11 21:19:20.0579 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/11 21:19:20.0616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/11 21:19:20.0753 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/11 21:19:20.0842 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/11 21:19:20.0870 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/11 21:19:20.0910 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/11 21:19:20.0983 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/11 21:19:21.0010 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/11 21:19:21.0044 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/11 21:19:21.0069 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/11 21:19:21.0148 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/11 21:19:21.0232 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/11 21:19:21.0265 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/11 21:19:21.0293 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/11 21:19:21.0318 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/12/11 21:19:21.0345 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/11 21:19:21.0431 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/11 21:19:21.0459 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/11 21:19:21.0506 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/11 21:19:21.0530 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/11 21:19:21.0564 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/11 21:19:21.0638 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/11 21:19:21.0685 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/11 21:19:21.0709 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/11 21:19:21.0782 msvad_simple (ba03a176197d06ecaf0da86942375156) C:\Windows\system32\drivers\povrtdev.sys
2010/12/11 21:19:21.0860 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/11 21:19:21.0971 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/11 21:19:22.0173 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/11 21:19:22.0236 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/11 21:19:22.0264 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/11 21:19:22.0332 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/11 21:19:22.0365 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/11 21:19:22.0441 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/11 21:19:22.0464 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/11 21:19:22.0652 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/12/11 21:19:22.0839 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/11 21:19:22.0910 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/11 21:19:22.0940 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/11 21:19:23.0069 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/11 21:19:23.0129 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/11 21:19:23.0181 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/11 21:19:23.0237 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/11 21:19:23.0261 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/11 21:19:23.0290 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/11 21:19:23.0366 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/11 21:19:23.0409 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/11 21:19:23.0443 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/11 21:19:23.0470 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/11 21:19:23.0511 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/11 21:19:23.0543 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2010/12/11 21:19:23.0586 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/11 21:19:23.0635 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/11 21:19:23.0803 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/11 21:19:23.0834 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/11 21:19:23.0917 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/11 21:19:23.0976 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/11 21:19:24.0089 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/11 21:19:24.0131 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/11 21:19:24.0203 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/11 21:19:24.0240 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/11 21:19:24.0329 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/11 21:19:24.0407 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/11 21:19:24.0440 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/11 21:19:24.0475 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/11 21:19:24.0522 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/11 21:19:24.0556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/11 21:19:24.0711 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/11 21:19:24.0783 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/11 21:19:24.0823 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/11 21:19:24.0904 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
2010/12/11 21:19:24.0985 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/11 21:19:25.0046 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/11 21:19:25.0078 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/11 21:19:25.0122 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/11 21:19:25.0152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/11 21:19:25.0196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/11 21:19:25.0246 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/11 21:19:25.0274 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/11 21:19:25.0295 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/11 21:19:25.0332 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/11 21:19:25.0370 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/11 21:19:25.0457 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/11 21:19:25.0482 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/11 21:19:25.0527 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/11 21:19:25.0614 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/11 21:19:25.0768 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/11 21:19:25.0802 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/11 21:19:25.0837 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/11 21:19:25.0879 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/11 21:19:25.0958 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/11 21:19:26.0034 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/11 21:19:26.0104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/11 21:19:26.0159 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/11 21:19:26.0272 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/11 21:19:26.0339 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/11 21:19:26.0419 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/11 21:19:26.0459 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/11 21:19:26.0487 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/11 21:19:26.0567 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/11 21:19:26.0591 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/11 21:19:26.0763 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/11 21:19:26.0840 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/11 21:19:26.0915 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/11 21:19:26.0955 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/11 21:19:27.0031 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/11 21:19:27.0086 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/11 21:19:27.0174 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/11 21:19:27.0305 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/11 21:19:27.0373 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/11 21:19:27.0411 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/11 21:19:27.0457 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/11 21:19:27.0499 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/11 21:19:27.0535 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/11 21:19:27.0611 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/11 21:19:27.0725 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/11 21:19:27.0780 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/11 21:19:27.0811 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/11 21:19:27.0888 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/11 21:19:27.0923 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/11 21:19:27.0955 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/11 21:19:28.0020 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/11 21:19:28.0100 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/11 21:19:28.0123 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/11 21:19:28.0147 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/11 21:19:28.0229 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2010/12/11 21:19:28.0301 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/11 21:19:28.0374 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/11 21:19:28.0414 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/11 21:19:28.0497 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/11 21:19:28.0553 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/11 21:19:28.0632 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 21:19:28.0657 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 21:19:28.0708 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/11 21:19:28.0741 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/11 21:19:28.0838 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/11 21:19:28.0920 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/11 21:19:29.0008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/11 21:19:29.0066 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/11 21:19:29.0112 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/11 21:19:29.0157 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/12/11 21:19:29.0194 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/11 21:19:29.0199 ================================================================================
2010/12/11 21:19:29.0199 Scan finished
2010/12/11 21:19:29.0199 ================================================================================
2010/12/11 21:19:29.0213 Detected object count: 1
2010/12/11 21:19:43.0355 \HardDisk0 - will be cured after reboot
2010/12/11 21:19:43.0355 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/11 21:20:03.0668 Deinitialize success

**************************************************************



And here's the MBR log:

**************************************************************

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 191):
0x82241000 \SystemRoot\system32\ntkrnlpa.exe
0x8220E000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\system32\drivers\isapnp.sys
0x80720000 \SystemRoot\system32\drivers\mpio.sys
0x8073C000 \SystemRoot\System32\drivers\partmgr.sys
0x8074B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80758000 \SystemRoot\system32\drivers\volmgr.sys
0x80767000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B1000 \SystemRoot\system32\drivers\intelide.sys
0x807B8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C6000 \SystemRoot\system32\drivers\aliide.sys
0x807CD000 \SystemRoot\system32\drivers\amdide.sys
0x807D4000 \SystemRoot\system32\drivers\cmdide.sys
0x807DC000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B2000 \SystemRoot\system32\drivers\msdsm.sys
0x805CC000 \SystemRoot\system32\drivers\nvraid.sys
0x88008000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88029000 \SystemRoot\system32\drivers\pciide.sys
0x88030000 \SystemRoot\system32\drivers\viaide.sys
0x88038000 \SystemRoot\system32\drivers\iastorv.sys
0x880D9000 \SystemRoot\system32\drivers\atapi.sys
0x880E1000 \SystemRoot\system32\drivers\ataport.SYS
0x880FF000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x88119000 \SystemRoot\system32\drivers\storport.sys
0x8815A000 \SystemRoot\system32\drivers\msahci.sys
0x88164000 \SystemRoot\system32\drivers\hpcisss.sys
0x8816F000 \SystemRoot\system32\drivers\adp94xx.sys
0x8820E000 \SystemRoot\system32\drivers\adpahci.sys
0x8825A000 \SystemRoot\system32\drivers\adpu160m.sys
0x88275000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8829B000 \SystemRoot\system32\drivers\adpu320.sys
0x882C1000 \SystemRoot\system32\drivers\djsvs.sys
0x882D5000 \SystemRoot\system32\drivers\arc.sys
0x882EB000 \SystemRoot\system32\drivers\arcsas.sys
0x88301000 \SystemRoot\system32\drivers\elxstor.sys
0x88395000 \SystemRoot\system32\drivers\i2omp.sys
0x8839F000 \SystemRoot\system32\drivers\iirsp.sys
0x883AF000 \SystemRoot\system32\drivers\iteatapi.sys
0x883BB000 \SystemRoot\system32\drivers\iteraid.sys
0x883C7000 \SystemRoot\system32\drivers\lsi_fc.sys
0x883E1000 \SystemRoot\system32\drivers\lsi_sas.sys
0x88200000 \SystemRoot\system32\drivers\megasas.sys
0x88404000 \SystemRoot\system32\drivers\megasr.sys
0x884BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x884C6000 \SystemRoot\system32\drivers\nfrd960.sys
0x884D4000 \SystemRoot\system32\drivers\nvstor.sys
0x8860F000 \SystemRoot\system32\drivers\ql2300.sys
0x88747000 \SystemRoot\system32\drivers\ql40xx.sys
0x8879C000 \SystemRoot\system32\drivers\sisraid2.sys
0x887A9000 \SystemRoot\system32\drivers\sisraid4.sys
0x887BE000 \SystemRoot\system32\drivers\symc8xx.sys
0x887CA000 \SystemRoot\system32\drivers\sym_hi.sys
0x887D5000 \SystemRoot\system32\drivers\sym_u3.sys
0x884E1000 \SystemRoot\system32\drivers\uliahci.sys
0x8851D000 \SystemRoot\system32\drivers\ulsata.sys
0x8853E000 \SystemRoot\system32\drivers\ulsata2.sys
0x8856A000 \SystemRoot\system32\drivers\vsmraid.sys
0x8858B000 \SystemRoot\system32\drivers\fltmgr.sys
0x887E0000 \SystemRoot\system32\drivers\fileinfo.sys
0x88801000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88872000 \SystemRoot\system32\drivers\ndis.sys
0x8897D000 \SystemRoot\system32\drivers\msrpc.sys
0x889A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A00000 \SystemRoot\System32\drivers\tcpip.sys
0x88AEA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D14000 \SystemRoot\system32\drivers\wd.sys
0x88D1C000 \SystemRoot\system32\drivers\volsnap.sys
0x88D55000 \SystemRoot\System32\Drivers\spldr.sys
0x88D5D000 \SystemRoot\system32\drivers\sbp2port.sys
0x88D72000 \SystemRoot\System32\Drivers\mup.sys
0x88D81000 \SystemRoot\System32\drivers\ecache.sys
0x88DA8000 \SystemRoot\system32\drivers\disk.sys
0x88DB9000 \SystemRoot\system32\drivers\crcdisk.sys
0x88DEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88DE4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88B05000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88B14000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C607000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CCEA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CD8B000 \SystemRoot\System32\drivers\watchdog.sys
0x8CD97000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CDA2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDE0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B1D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88BAA000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CE0B000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CF2B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CF3E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8CF43000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CF4E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CF7E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF80000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CF8B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CF8F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CFA7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CFD6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CFE1000 \SystemRoot\system32\drivers\povrtdev.sys
0x88BCC000 \SystemRoot\system32\drivers\portcls.sys
0x885BD000 \SystemRoot\system32\drivers\drmk.sys
0x8D002000 \SystemRoot\system32\drivers\ks.sys
0x8D02C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D043000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D04E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D071000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D080000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D094000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D0A9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D0B9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D0BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D0C5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D0D2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D107000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D118000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8D153000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D403000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D506000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D5BB000 \SystemRoot\system32\drivers\modem.sys
0x8D5C8000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8D5E9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D5F2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D5F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D19A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D1A1000 \SystemRoot\System32\drivers\vga.sys
0x8D1AD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D1CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D1D6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D1DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D1E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D1F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CFEA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x889E3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D80F000 \SystemRoot\system32\drivers\afd.sys
0x8D857000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D889000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D89F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D8AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D8C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D8FC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D906000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D91D000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8D931000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D93E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D949000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8D953000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D96A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x94A10000 \SystemRoot\System32\win32k.sys
0x8D98B000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D995000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D99E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D9AE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D9B6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94C30000 \SystemRoot\System32\TSDDD.dll
0x94C50000 \SystemRoot\System32\cdd.dll
0x94C60000 \SystemRoot\System32\ATMFD.DLL
0x8D9C5000 \SystemRoot\system32\drivers\luafv.sys
0x81806000 \SystemRoot\system32\drivers\spsys.sys
0x818B6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x818C6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x818F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x818FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8190D000 \SystemRoot\system32\drivers\HTTP.sys
0x8197A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81997000 \SystemRoot\system32\DRIVERS\bowser.sys
0x819B0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x819C5000 \SystemRoot\system32\drivers\mrxdav.sys
0x8D9E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA820C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8245000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA825D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8285000 \SystemRoot\System32\DRIVERS\srv.sys
0xA82EB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA82EF000 \SystemRoot\system32\drivers\peauth.sys
0xA83CD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA83D7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA83E3000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA82D3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
536 csrss.exe
580 C:\Windows\System32\wininit.exe
588 csrss.exe
624 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
852 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\audiodg.exe
1216 C:\Windows\System32\SLsvc.exe
1256 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\wlanext.exe
1684 C:\Windows\System32\spoolsv.exe
1740 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\taskeng.exe
1960 C:\Windows\System32\dwm.exe
2004 C:\Windows\explorer.exe
196 C:\Users\Valued Customer\AppData\Roaming\dwm.exe
1236 C:\Windows\System32\taskeng.exe
2072 C:\Users\Valued Customer\AppData\Roaming\Microsoft\conhost.exe
2260 C:\Users\VALUED~1\AppData\Local\temp\csrss.exe
2584 C:\Windows\System32\svchost.exe
2596 C:\Program Files\SMINST\BLService.exe
2616 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2776 C:\Windows\System32\svchost.exe
2808 C:\Users\Valued Customer\AppData\Local\TVersity\Media Server\MediaServer.exe
2904 C:\Windows\System32\SearchIndexer.exe
2948 C:\Windows\System32\drivers\XAudio.exe
3488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3536 C:\Windows\System32\hkcmd.exe
3612 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3740 C:\Windows\System32\igfxsrvc.exe
3828 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3860 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
3884 C:\Program Files\Java\jre6\bin\jusched.exe
3896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3920 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3928 C:\Windows\System32\wbem\unsecapp.exe
4020 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4032 C:\Program Files\Windows Media Player\wmpnscfg.exe
4040 WmiPrvSE.exe
808 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2728 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2740 C:\Program Files\Windows Media Player\wmpnetwk.exe
3200 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3812 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3964 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4524 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4864 C:\Program Files\Mozilla Firefox\firefox.exe
4280 C:\Windows\System32\SearchProtocolHost.exe
3696 C:\Windows\System32\SearchFilterHost.exe
4912 C:\Users\Valued Customer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`ad100000 (NTFS)

PhysicalDrive0 Model Number: ST9160310AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

*************************************************

Firefox is already improving. I'm not getting the weird pop-ups or strange error messages on start-up.

Thanks again!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 12 December 2010 - 06:02 AM

Okay, now we should replace the recoding

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#7 ThePharmist

ThePharmist
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 12 December 2010 - 08:23 PM

OK, I think I did this right. Here's the report MBRCheck generated after I restarted my computer and ran it again.

*****************************************

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 191):
0x82236000 \SystemRoot\system32\ntkrnlpa.exe
0x82203000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\acpi.sys
0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E9000 \SystemRoot\system32\drivers\pci.sys
0x80710000 \SystemRoot\system32\drivers\isapnp.sys
0x8071F000 \SystemRoot\system32\drivers\mpio.sys
0x8073B000 \SystemRoot\System32\drivers\partmgr.sys
0x8074A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80757000 \SystemRoot\system32\drivers\volmgr.sys
0x80766000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B0000 \SystemRoot\system32\drivers\intelide.sys
0x807B7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C5000 \SystemRoot\system32\drivers\aliide.sys
0x807CC000 \SystemRoot\system32\drivers\amdide.sys
0x807D3000 \SystemRoot\system32\drivers\cmdide.sys
0x807DB000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B5000 \SystemRoot\system32\drivers\msdsm.sys
0x805CF000 \SystemRoot\system32\drivers\nvraid.sys
0x88007000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88028000 \SystemRoot\system32\drivers\pciide.sys
0x8802F000 \SystemRoot\system32\drivers\viaide.sys
0x88037000 \SystemRoot\system32\drivers\iastorv.sys
0x880D8000 \SystemRoot\system32\drivers\atapi.sys
0x880E0000 \SystemRoot\system32\drivers\ataport.SYS
0x880FE000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x88118000 \SystemRoot\system32\drivers\storport.sys
0x88159000 \SystemRoot\system32\drivers\msahci.sys
0x88163000 \SystemRoot\system32\drivers\hpcisss.sys
0x8816E000 \SystemRoot\system32\drivers\adp94xx.sys
0x8820E000 \SystemRoot\system32\drivers\adpahci.sys
0x8825A000 \SystemRoot\system32\drivers\adpu160m.sys
0x88275000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8829B000 \SystemRoot\system32\drivers\adpu320.sys
0x882C1000 \SystemRoot\system32\drivers\djsvs.sys
0x882D5000 \SystemRoot\system32\drivers\arc.sys
0x882EB000 \SystemRoot\system32\drivers\arcsas.sys
0x88301000 \SystemRoot\system32\drivers\elxstor.sys
0x88395000 \SystemRoot\system32\drivers\i2omp.sys
0x8839F000 \SystemRoot\system32\drivers\iirsp.sys
0x883AF000 \SystemRoot\system32\drivers\iteatapi.sys
0x883BB000 \SystemRoot\system32\drivers\iteraid.sys
0x883C7000 \SystemRoot\system32\drivers\lsi_fc.sys
0x883E1000 \SystemRoot\system32\drivers\lsi_sas.sys
0x88200000 \SystemRoot\system32\drivers\megasas.sys
0x88401000 \SystemRoot\system32\drivers\megasr.sys
0x884B8000 \SystemRoot\system32\drivers\mraid35x.sys
0x884C3000 \SystemRoot\system32\drivers\nfrd960.sys
0x884D1000 \SystemRoot\system32\drivers\nvstor.sys
0x88601000 \SystemRoot\system32\drivers\ql2300.sys
0x88739000 \SystemRoot\system32\drivers\ql40xx.sys
0x8878E000 \SystemRoot\system32\drivers\sisraid2.sys
0x8879B000 \SystemRoot\system32\drivers\sisraid4.sys
0x887B0000 \SystemRoot\system32\drivers\symc8xx.sys
0x887BC000 \SystemRoot\system32\drivers\sym_hi.sys
0x887C7000 \SystemRoot\system32\drivers\sym_u3.sys
0x884DE000 \SystemRoot\system32\drivers\uliahci.sys
0x887D2000 \SystemRoot\system32\drivers\ulsata.sys
0x8851A000 \SystemRoot\system32\drivers\ulsata2.sys
0x88546000 \SystemRoot\system32\drivers\vsmraid.sys
0x88567000 \SystemRoot\system32\drivers\fltmgr.sys
0x88599000 \SystemRoot\system32\drivers\fileinfo.sys
0x88806000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88877000 \SystemRoot\system32\drivers\ndis.sys
0x88982000 \SystemRoot\system32\drivers\msrpc.sys
0x889AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A0E000 \SystemRoot\System32\drivers\tcpip.sys
0x88AF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D11000 \SystemRoot\system32\drivers\wd.sys
0x88D19000 \SystemRoot\system32\drivers\volsnap.sys
0x88D52000 \SystemRoot\System32\Drivers\spldr.sys
0x88D5A000 \SystemRoot\system32\drivers\sbp2port.sys
0x88D6F000 \SystemRoot\System32\Drivers\mup.sys
0x88D7E000 \SystemRoot\System32\drivers\ecache.sys
0x88DA5000 \SystemRoot\system32\drivers\disk.sys
0x88DB6000 \SystemRoot\system32\drivers\crcdisk.sys
0x88DEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88DF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88B13000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88DE1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C60C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CCEF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CD90000 \SystemRoot\System32\drivers\watchdog.sys
0x8CD9C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CDA7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B22000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88BAF000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x88BD1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CDF4000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8C600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x885A9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CDF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88BE4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CDFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x889E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D001000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D030000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D03B000 \SystemRoot\system32\drivers\povrtdev.sys
0x8D044000 \SystemRoot\system32\drivers\portcls.sys
0x8D071000 \SystemRoot\system32\drivers\drmk.sys
0x8D096000 \SystemRoot\system32\drivers\ks.sys
0x8D0C0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D0D7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D0E2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D105000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D114000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D128000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D13D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D14D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D14F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D159000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D166000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D19B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D1AC000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8D206000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D244000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D347000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D1E7000 \SystemRoot\system32\drivers\modem.sys
0x885D9000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8D1F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88BEF000 \SystemRoot\System32\Drivers\Null.SYS
0x88BF6000 \SystemRoot\System32\Drivers\Beep.SYS
0x887F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88A00000 \SystemRoot\System32\drivers\vga.sys
0x881D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x807EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x807F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x805EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D402000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D410000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D419000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D42F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D443000 \SystemRoot\system32\drivers\afd.sys
0x8D48B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D4BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D4D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D4E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D4F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D530000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D53A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D551000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8D565000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D572000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D57D000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8D587000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D59E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x94C90000 \SystemRoot\System32\win32k.sys
0x8D5BF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D5C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D5D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D5E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D5EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94EB0000 \SystemRoot\System32\TSDDD.dll
0x94ED0000 \SystemRoot\System32\cdd.dll
0x94EE0000 \SystemRoot\System32\ATMFD.DLL
0x88DBF000 \SystemRoot\system32\drivers\luafv.sys
0xA7E0A000 \SystemRoot\system32\drivers\spsys.sys
0xA7EBA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA7ECA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA7EF4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7EFE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7F11000 \SystemRoot\system32\drivers\HTTP.sys
0xA7F7E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7F9B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA7FB4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA7FC9000 \SystemRoot\system32\drivers\mrxdav.sys
0xA9001000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9020000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9059000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9071000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9099000 \SystemRoot\System32\DRIVERS\srv.sys
0xA90FF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9103000 \SystemRoot\system32\drivers\peauth.sys
0xA91E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA91EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA91F7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA90E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB220E000 \SystemRoot\system32\DRIVERS\athr.sys
0x77B00000 \Windows\System32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
536 csrss.exe
580 C:\Windows\System32\wininit.exe
592 csrss.exe
624 C:\Windows\System32\services.exe
652 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1180 C:\Windows\System32\SLsvc.exe
1208 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1656 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\svchost.exe
1788 C:\Windows\System32\taskeng.exe
1832 C:\Windows\System32\dwm.exe
336 C:\Windows\System32\svchost.exe
500 C:\Program Files\SMINST\BLService.exe
540 C:\Program Files\CyberLink\Shared files\RichVideo.exe
712 C:\Windows\explorer.exe
1172 C:\Windows\System32\svchost.exe
1400 C:\Users\Valued Customer\AppData\Roaming\dwm.exe
808 C:\Users\Valued Customer\AppData\Local\TVersity\Media Server\MediaServer.exe
2024 C:\Windows\System32\taskeng.exe
2340 C:\Users\Valued Customer\AppData\Local\temp\csrss.exe
2384 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2416 C:\Users\Valued Customer\AppData\Roaming\Microsoft\conhost.exe
2440 C:\Windows\System32\hkcmd.exe
2732 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2780 C:\Windows\System32\igfxsrvc.exe
2944 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2960 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
2992 C:\Program Files\Java\jre6\bin\jusched.exe
3060 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3080 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3372 C:\Windows\System32\SearchIndexer.exe
3408 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3428 C:\Windows\System32\drivers\XAudio.exe
3436 C:\Program Files\Windows Media Player\wmpnscfg.exe
2040 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2288 C:\Program Files\Windows Media Player\wmpnetwk.exe
2604 WmiPrvSE.exe
2800 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2264 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
2884 C:\Windows\System32\wbem\unsecapp.exe
3612 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
1740 C:\Windows\System32\wlanext.exe
496 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3912 C:\Windows\System32\SearchProtocolHost.exe
2320 C:\Windows\System32\SearchFilterHost.exe
4148 C:\Program Files\Mozilla Firefox\firefox.exe
4940 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5480 C:\Users\Valued Customer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`ad100000 (NTFS)

PhysicalDrive0 Model Number: ST9160310AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**************************************************************

When it gave the option on this one I chose 'n' - I wasn't sure if I was supposed to try fixing it again. Anyway, if this isn't the information you need just let me know.

Thanks!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 12 December 2010 - 08:39 PM

When it gave the option on this one I chose 'n' - I wasn't sure if I was supposed to try fixing it again. Anyway, if this isn't the information you need just let me know.


Please rerun MBRCheck and choose Yes, then follow the rest of the instruction above.
Posted Image
m0le is a proud member of UNITE

#9 ThePharmist

ThePharmist
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 December 2010 - 06:55 PM

I've run MBRCheck about 5 times now, and each time it gives the same message about "Unknown MBR Code" and gives me the choice to repair or quit. Each time I go through the steps above to repair, then restart the PC and run MBRCheck again I get the message again. I've pasted the most recent log below:

*********************************************************

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 191):
0x8221B000 \SystemRoot\system32\ntkrnlpa.exe
0x825D4000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\system32\drivers\isapnp.sys
0x8071C000 \SystemRoot\system32\drivers\mpio.sys
0x80738000 \SystemRoot\System32\drivers\partmgr.sys
0x80747000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80754000 \SystemRoot\system32\drivers\volmgr.sys
0x80763000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AD000 \SystemRoot\system32\drivers\intelide.sys
0x807B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C2000 \SystemRoot\system32\drivers\aliide.sys
0x807C9000 \SystemRoot\system32\drivers\amdide.sys
0x807D0000 \SystemRoot\system32\drivers\cmdide.sys
0x807D8000 \SystemRoot\System32\drivers\mountmgr.sys
0x805BB000 \SystemRoot\system32\drivers\msdsm.sys
0x805D5000 \SystemRoot\system32\drivers\nvraid.sys
0x88004000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88025000 \SystemRoot\system32\drivers\pciide.sys
0x8802C000 \SystemRoot\system32\drivers\viaide.sys
0x88034000 \SystemRoot\system32\drivers\iastorv.sys
0x880D5000 \SystemRoot\system32\drivers\atapi.sys
0x880DD000 \SystemRoot\system32\drivers\ataport.SYS
0x880FB000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x88115000 \SystemRoot\system32\drivers\storport.sys
0x88156000 \SystemRoot\system32\drivers\msahci.sys
0x88160000 \SystemRoot\system32\drivers\hpcisss.sys
0x8816B000 \SystemRoot\system32\drivers\adp94xx.sys
0x88200000 \SystemRoot\system32\drivers\adpahci.sys
0x8824C000 \SystemRoot\system32\drivers\adpu160m.sys
0x88267000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8828D000 \SystemRoot\system32\drivers\adpu320.sys
0x882B3000 \SystemRoot\system32\drivers\djsvs.sys
0x882C7000 \SystemRoot\system32\drivers\arc.sys
0x882DD000 \SystemRoot\system32\drivers\arcsas.sys
0x882F3000 \SystemRoot\system32\drivers\elxstor.sys
0x88387000 \SystemRoot\system32\drivers\i2omp.sys
0x88391000 \SystemRoot\system32\drivers\iirsp.sys
0x883A1000 \SystemRoot\system32\drivers\iteatapi.sys
0x883AD000 \SystemRoot\system32\drivers\iteraid.sys
0x883B9000 \SystemRoot\system32\drivers\lsi_fc.sys
0x883D3000 \SystemRoot\system32\drivers\lsi_sas.sys
0x883EB000 \SystemRoot\system32\drivers\megasas.sys
0x88408000 \SystemRoot\system32\drivers\megasr.sys
0x884BF000 \SystemRoot\system32\drivers\mraid35x.sys
0x884CA000 \SystemRoot\system32\drivers\nfrd960.sys
0x884D8000 \SystemRoot\system32\drivers\nvstor.sys
0x88606000 \SystemRoot\system32\drivers\ql2300.sys
0x8873E000 \SystemRoot\system32\drivers\ql40xx.sys
0x88793000 \SystemRoot\system32\drivers\sisraid2.sys
0x887A0000 \SystemRoot\system32\drivers\sisraid4.sys
0x887B5000 \SystemRoot\system32\drivers\symc8xx.sys
0x887C1000 \SystemRoot\system32\drivers\sym_hi.sys
0x887CC000 \SystemRoot\system32\drivers\sym_u3.sys
0x884E5000 \SystemRoot\system32\drivers\uliahci.sys
0x887D7000 \SystemRoot\system32\drivers\ulsata.sys
0x88521000 \SystemRoot\system32\drivers\ulsata2.sys
0x8854D000 \SystemRoot\system32\drivers\vsmraid.sys
0x8856E000 \SystemRoot\system32\drivers\fltmgr.sys
0x885A0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8880A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8887B000 \SystemRoot\system32\drivers\ndis.sys
0x88986000 \SystemRoot\system32\drivers\msrpc.sys
0x889B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A04000 \SystemRoot\System32\drivers\tcpip.sys
0x88AEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C0F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D1F000 \SystemRoot\system32\drivers\wd.sys
0x88D27000 \SystemRoot\system32\drivers\volsnap.sys
0x88D60000 \SystemRoot\System32\Drivers\spldr.sys
0x88D68000 \SystemRoot\system32\drivers\sbp2port.sys
0x88D7D000 \SystemRoot\System32\Drivers\mup.sys
0x88D8C000 \SystemRoot\System32\drivers\ecache.sys
0x88DB3000 \SystemRoot\system32\drivers\disk.sys
0x88DC4000 \SystemRoot\system32\drivers\crcdisk.sys
0x88C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88DEF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88B09000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88B18000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C60D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CCF0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CD91000 \SystemRoot\System32\drivers\watchdog.sys
0x8CD9D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CDA8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88B21000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x88BAE000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D00F000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D12F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D142000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8D147000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D152000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D182000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D184000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D18F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D193000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D1AB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D1DA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D1E5000 \SystemRoot\system32\drivers\povrtdev.sys
0x88BD0000 \SystemRoot\system32\drivers\portcls.sys
0x885B0000 \SystemRoot\system32\drivers\drmk.sys
0x885D5000 \SystemRoot\system32\drivers\ks.sys
0x881D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D1EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D40E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D431000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D440000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D454000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D469000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D479000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D47B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D485000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D492000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D4C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D4D8000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8D513000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D607000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D70A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D7BF000 \SystemRoot\system32\drivers\modem.sys
0x8D7CC000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8D7ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D7F6000 \SystemRoot\System32\Drivers\Null.SYS
0x8D600000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D55A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D561000 \SystemRoot\System32\drivers\vga.sys
0x8D56D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D58E000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8D5A2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D5AA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D5B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D5BD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D5CB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D5D4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D5EA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D80A000 \SystemRoot\system32\drivers\afd.sys
0x8D852000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D884000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D89A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D8A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D8BB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D8F7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D901000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D918000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D92F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D950000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D959000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D969000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D971000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D97E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D989000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x94690000 \SystemRoot\System32\win32k.sys
0x8D993000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D99D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x948B0000 \SystemRoot\System32\TSDDD.dll
0x948D0000 \SystemRoot\System32\cdd.dll
0x948E0000 \SystemRoot\System32\ATMFD.DLL
0x8D9AC000 \SystemRoot\system32\drivers\luafv.sys
0x81A03000 \SystemRoot\system32\drivers\spsys.sys
0x81AB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81AC3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81AF7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81B0A000 \SystemRoot\system32\drivers\HTTP.sys
0x81B77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81B94000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81BAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81BC2000 \SystemRoot\system32\drivers\mrxdav.sys
0x8D9C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9408000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9441000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9459000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9481000 \SystemRoot\System32\DRIVERS\srv.sys
0xA94E7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA94EB000 \SystemRoot\system32\drivers\peauth.sys
0xA95C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA95D3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA95DF000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA95E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x775B0000 \Windows\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
540 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
656 C:\Windows\System32\winlogon.exe
672 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\SLsvc.exe
1252 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\wlanext.exe
1744 C:\Windows\System32\dwm.exe
1788 C:\Windows\System32\spoolsv.exe
1844 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\taskeng.exe
1884 C:\Windows\explorer.exe
204 C:\Windows\System32\taskeng.exe
1292 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1408 C:\Windows\System32\hkcmd.exe
2136 C:\Windows\System32\svchost.exe
2204 C:\Program Files\SMINST\BLService.exe
2304 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2428 C:\Windows\System32\svchost.exe
2488 C:\Users\Valued Customer\AppData\Local\TVersity\Media Server\MediaServer.exe
2548 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2624 C:\Windows\System32\SearchIndexer.exe
2660 C:\Windows\System32\drivers\XAudio.exe
2764 C:\Windows\System32\igfxsrvc.exe
3096 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3116 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
3176 C:\Program Files\Java\jre6\bin\jusched.exe
3196 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3240 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3300 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3336 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3420 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3432 C:\Program Files\Windows Media Player\wmpnscfg.exe
3468 WmiPrvSE.exe
3676 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3780 C:\Program Files\Windows Media Player\wmpnetwk.exe
4064 C:\Windows\System32\wbem\unsecapp.exe
896 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1476 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3140 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
508 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3684 C:\Windows\System32\SearchProtocolHost.exe
884 C:\Windows\System32\SearchFilterHost.exe
504 C:\Users\Valued Customer\Desktop\MBRCheck.exe
1800 WmiPrvSE.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`ad100000 (NTFS)

PhysicalDrive0 Model Number: ST9160310AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

*************************************************************************

I've double and triple checked the instructions above to make sure I'm not missing a step, and I can't find anything I might be doing wrong. Is it normal to still find this unknown code after repairing and restarting? I'm sorry I'm not more of a help with this.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 13 December 2010 - 07:01 PM

Is it normal to still find this unknown code after repairing and restarting?


It can happen that MBRCheck doesn't work - not your fault. If you have your Vista disk then follow this:

1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
2. Press a key when you are prompted.
3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec.exe, and then press ENTER.
8. Type Bootrec.exe /FixMbr

No disk? Then download the recovery disk for your Vista from NeoSmart here. Now carry out the above.

Run MBRCheck to see if it worked and post the log.

Straightforward instructions (if you need them)
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 17 December 2010 - 08:45 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 ThePharmist

ThePharmist
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 18 December 2010 - 07:57 PM

Sorry I haven't replied, I've been away for the holidays and didn't bring my laptop with me (sending this post from my Blackberry). If you need to close this thread I can PM you once I'm home again.

Thanks again for all your help with this!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 18 December 2010 - 10:41 PM

I will close it until you return :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users