Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rikvm_C6F09094.sys What Is this


  • This topic is locked This topic is locked
11 replies to this topic

#1 Seth420

Seth420

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 09 September 2011 - 03:10 PM

Norton Power Eraser keeps Detecting a file in my C:\windows\system32\drivers\rikvm_C6F09094.sys

But when i try in locate the file in explorer it is not there, (show all system files and hiddin files is on) I even tried the dir.. command in cmd and no such file

Every time i run NPE that file show's up I have tried search engines and BleepingComputers file database, Can't find any information on what program this file supports.

Does anyone have any info on this file?
File: rikvm_C6F09094.sys
Location: 0x07413000 \Windows\system32\Drivers\rikvm_C6F09094.sys

Hp dv7 Laptop
Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Intel® Core™ i7-2630QM CPU @ 2.00GHz
"I fear not the man who has practiced 10,000 kicks once, but I fear the man who had practiced one kick 10,000 times."
Bruce Lee

"Empty your mind, be formless. Shapeless, like water. If you put water into a cup, it becomes the cup. You put water into a bottle and it becomes the bottle. You put it in a teapot it becomes the teapot. Now, water can flow or it can crash. Be water my friend."
Bruce Lee

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 09 September 2011 - 08:59 PM

Skip the above .. This is a Sys file so Do NOT delete
Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Seth420

Seth420
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 09 September 2011 - 09:53 PM

I scanned my computer with Both Malwarebytes Anti-Malware and SUPERAntiSpyware in safe mode.

Malwarebytes Anti-Malware: Did not find anything
SUPERAntiSpyware: Only found tracking cookies
Microsoft Standalone System Sweeper: Did not find anything
Norton Power Eraser: Found rikvm_C6F09094.sys and spinrite.exe

spinrite.exe : Is a illegitimate program I use to fix corrupt HDDs
rikvm_C6F09094.sys : Is found again but cannot locate it manually

I thought that it might be a rouge Registry entry from a program that i uninstalled at an earlier date so i did a search in the windows Registry Editor for "rikvm" and no results.
My next thought is maybe it is listed in my Master Boot Record somewhere.
What are your thoughts?

Also Thank you for your Speedy Response to my first post.
"I fear not the man who has practiced 10,000 kicks once, but I fear the man who had practiced one kick 10,000 times."
Bruce Lee

"Empty your mind, be formless. Shapeless, like water. If you put water into a cup, it becomes the cup. You put water into a bottle and it becomes the bottle. You put it in a teapot it becomes the teapot. Now, water can flow or it can crash. Be water my friend."
Bruce Lee

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 09 September 2011 - 10:33 PM

That is why I wanted to see if MBR saw it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Seth420

Seth420
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 09 September 2011 - 10:35 PM

I tried mbr.exe both ways from the command line and by exicuting the .exe file in my root directory and got an error

In cmd i had to run as administrator otherwise i got the "Access Denied" error


-Copied From File "mbr.log"
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR
"I fear not the man who has practiced 10,000 kicks once, but I fear the man who had practiced one kick 10,000 times."
Bruce Lee

"Empty your mind, be formless. Shapeless, like water. If you put water into a cup, it becomes the cup. You put water into a bottle and it becomes the bottle. You put it in a teapot it becomes the teapot. Now, water can flow or it can crash. Be water my friend."
Bruce Lee

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 09 September 2011 - 10:46 PM

Hmmm, try MBRCheck

.Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator).
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.

Edited by boopme, 09 September 2011 - 10:49 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Seth420

Seth420
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 09 September 2011 - 10:58 PM

Here is what I got when i ran MBRCheck.exe

-Copied from file "MBRCheck_09.09.11_23.49.45.txt"
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 182):
0x02E12000 \SystemRoot\system32\ntoskrnl.exe
0x033FB000 \SystemRoot\system32\hal.dll
0x00BAB000 \SystemRoot\system32\kdcom.dll
0x00C58000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CA7000 \SystemRoot\system32\PSHED.dll
0x00CBB000 \SystemRoot\system32\CLFS.SYS
0x00D19000 \SystemRoot\system32\CI.dll
0x00DD9000 \SystemRoot\System32\drivers\SMR210.SYS
0x00C00000 \SystemRoot\System32\drivers\FLTMGR.SYS
0x00E51000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F04000 \SystemRoot\system32\drivers\ACPI.sys
0x00F5B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F64000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F6E000 \SystemRoot\system32\drivers\pci.sys
0x00FA1000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FAE000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FCC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD8000 \SystemRoot\system32\drivers\volmgr.sys
0x010DB000 \SystemRoot\System32\drivers\volmgrx.sys
0x01137000 \SystemRoot\System32\drivers\mountmgr.sys
0x01278000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x013CC000 \SystemRoot\system32\drivers\atapi.sys
0x013D5000 \SystemRoot\system32\drivers\ataport.SYS
0x01200000 \SystemRoot\system32\drivers\msahci.sys
0x0120B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0121B000 \SystemRoot\system32\drivers\amdxata.sys
0x01151000 \SystemRoot\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
0x01226000 \SystemRoot\system32\drivers\fileinfo.sys
0x01460000 \SystemRoot\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
0x01601000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0156E000 \SystemRoot\System32\Drivers\msrpc.sys
0x017A4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x017BF000 \SystemRoot\System32\drivers\pcw.sys
0x017D0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01852000 \SystemRoot\system32\drivers\ndis.sys
0x01945000 \SystemRoot\system32\drivers\NETIO.SYS
0x019A5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A55000 \SystemRoot\System32\drivers\tcpip.sys
0x01C59000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01CA3000 \SystemRoot\system32\DRIVERS\wd.sys
0x01CAB000 \SystemRoot\system32\drivers\volsnap.sys
0x01CF7000 \SystemRoot\System32\Drivers\spldr.sys
0x01CFF000 \SystemRoot\System32\drivers\rdyboost.sys
0x01D39000 \SystemRoot\System32\Drivers\mup.sys
0x01D4B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D54000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01D5E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D98000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DAE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x031A9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03000000 \SystemRoot\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
0x0467D000 \SystemRoot\System32\Drivers\NISx64\1301000.01C\SRTSP64.SYS
0x0473B000 \SystemRoot\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
0x0476C000 \SystemRoot\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
0x04781000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04802000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110909.002\EX64.SYS
0x047B8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110909.002\ENG64.SYS
0x047D8000 \SystemRoot\System32\Drivers\Null.SYS
0x047E1000 \SystemRoot\System32\Drivers\Beep.SYS
0x047E8000 \SystemRoot\System32\drivers\vga.sys
0x04600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04625000 \SystemRoot\System32\drivers\watchdog.sys
0x04635000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0463E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04647000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04650000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0465B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x031D3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0466C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04CB5000 \SystemRoot\system32\drivers\afd.sys
0x04D3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04D83000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04D8C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04DB2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04DC8000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x04DD6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04DE5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04C00000 \SystemRoot\system32\drivers\termdd.sys
0x04C14000 \SystemRoot\System32\Drivers\NISx64\1301000.01C\SYMNETS.SYS
0x04C7F000 \??\C:\Users\ROBERT~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS
0x04C89000 \??\C:\Users\ROBERT~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
0x01A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04C93000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04C9F000 \SystemRoot\system32\drivers\mssmbios.sys
0x040AA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110908.030\IDSvia64.sys
0x04127000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x041A0000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x041C6000 \SystemRoot\System32\drivers\discache.sys
0x041D5000 \SystemRoot\System32\Drivers\dfsc.sys
0x04000000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04EDF000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110901.001\BHDrvx64.sys
0x04E00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04E05000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0501D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05CAC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05DA0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05C00000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05C24000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05C35000 \SystemRoot\system32\drivers\usbehci.sys
0x05C46000 \SystemRoot\system32\drivers\USBPORT.SYS
0x068C7000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x07149000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x07156000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x071DB000 \SystemRoot\system32\drivers\i8042prt.sys
0x06800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05E37000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05F94000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05F96000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05FA5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05FB2000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x05FBF000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05FC8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05FDE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05FEE000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x0680F000 \SystemRoot\system32\DRIVERS\ks.sys
0x05FF4000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06852000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05E16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06876000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x068A5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x057D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05DE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05E22000 \SystemRoot\system32\drivers\swenum.sys
0x05E24000 \SystemRoot\system32\DRIVERS\circlass.sys
0x05000000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04E4F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EA9000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04011000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04026000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04049000 \SystemRoot\system32\drivers\portcls.sys
0x04086000 \SystemRoot\system32\drivers\drmk.sys
0x08A55000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x08AD7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08AF2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08B0F000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x08B21000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x08B2A000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x08B3B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08B49000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08B62000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x08B70000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x08B7D000 \SystemRoot\system32\DRIVERS\point64.sys
0x08B8D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0302E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x08B9B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x08BAE000 \SystemRoot\System32\drivers\Dxapi.sys
0x08BBA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x08BE8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x08A00000 \SystemRoot\system32\drivers\luafv.sys
0x08A23000 \SystemRoot\system32\drivers\WudfPf.sys
0x03182000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x01DDE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x019D0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03CFA000 \SystemRoot\system32\drivers\HTTP.sys
0x03DC3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DE1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03C7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05814000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
0x07461000 \SystemRoot\system32\drivers\peauth.sys
0x07507000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07512000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07543000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07555000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09AF5000 \SystemRoot\System32\DRIVERS\srv.sys
0x09B8D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09BBE000 \SystemRoot\system32\DRIVERS\WSDScan.sys
0x09BCA000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x77400000 \Windows\System32\ntdll.dll
0x47990000 \Windows\System32\smss.exe
0xFF720000 \Windows\System32\apisetschema.dll
0xFFD30000 \Windows\System32\autochk.exe

Processes (total 94):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
512 csrss.exe
580 C:\Windows\System32\wininit.exe
600 csrss.exe
644 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\atiesrxx.exe
140 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
716 C:\Program Files\IDT\WDM\stacsv64.exe
1160 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\hpservice.exe
1256 C:\Windows\System32\atieclxx.exe
1348 C:\Windows\System32\vcsFPService.exe
1440 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\spoolsv.exe
1628 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1692 C:\Windows\System32\svchost.exe
1796 C:\Program Files\IDT\WDM\AESTSr64.exe
1836 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1908 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1952 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1976 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2020 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1072 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1528 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
1920 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
2104 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2128 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2168 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2344 C:\Windows\System32\svchost.exe
2376 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2420 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2504 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2948 C:\Windows\System32\SearchIndexer.exe
2432 C:\Windows\System32\svchost.exe
3096 WUDFHost.exe
3220 WmiPrvSE.exe
3528 C:\Windows\System32\dwm.exe
3536 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
3560 C:\Windows\explorer.exe
3576 C:\Windows\System32\taskhost.exe
3712 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3740 C:\Program Files\IDT\WDM\sttray64.exe
3756 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3860 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3964 C:\Windows\System32\svchost.exe
4032 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4080 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3356 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3332 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
3916 C:\Windows\SysWOW64\rundll32.exe
3484 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
4232 C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
4248 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4256 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
4388 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
4416 C:\Program Files\IPMsg\ipmsg.exe
4440 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4736 C:\Windows\System32\svchost.exe
4964 C:\Program Files\Windows Media Player\wmpnetwk.exe
5024 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3520 C:\Windows\System32\taskeng.exe
1688 C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
2900 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2540 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4812 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2568 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
3692 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
5140 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
5316 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
5728 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
5900 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
1320 C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
5420 C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
3060 C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
5552 C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
6100 C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
5648 C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
5612 WmiPrvSE.exe
5112 C:\Windows\System32\notepad.exe
2776 C:\Windows\System32\dllhost.exe
3800 C:\Windows\System32\audiodg.exe
3272 dllhost.exe
5052 dllhost.exe
4584 C:\Users\Robert\Desktop\Tool Kit\MBRCheck.exe
2992 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e0`ef100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1059GSM, Rev: GL002C

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3F7A35536DE962FFF1F2DC0F9C3D269F049695C1


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by Seth420, 09 September 2011 - 11:07 PM.

"I fear not the man who has practiced 10,000 kicks once, but I fear the man who had practiced one kick 10,000 times."
Bruce Lee

"Empty your mind, be formless. Shapeless, like water. If you put water into a cup, it becomes the cup. You put water into a bottle and it becomes the bottle. You put it in a teapot it becomes the teapot. Now, water can flow or it can crash. Be water my friend."
Bruce Lee

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 10 September 2011 - 09:48 AM

I see it here 0x05814000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys


You have an MBR infection
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


If you prees "Y" what info do you get
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Seth420

Seth420
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 10 September 2011 - 09:53 AM

Options:
[1] Dump the MBR of a physical disk to file
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:
"I fear not the man who has practiced 10,000 kicks once, but I fear the man who had practiced one kick 10,000 times."
Bruce Lee

"Empty your mind, be formless. Shapeless, like water. If you put water into a cup, it becomes the cup. You put water into a bottle and it becomes the bottle. You put it in a teapot it becomes the teapot. Now, water can flow or it can crash. Be water my friend."
Bruce Lee

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 10 September 2011 - 06:42 PM

OK, sorry to be so long today was busy.

We need to remove this thru ouPlease go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip[ the GMER for now and instead post the MBR and MBR Check logs you have posted above.

Let me know if that went well.r Malware section..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Seth420

Seth420
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 11 September 2011 - 12:21 PM

Thank you for your help I will keep you informed on my progress regarding my MBR infection,

This is a link to my new post that has my dds.scr log in it.
"I fear not the man who has practiced 10,000 kicks once, but I fear the man who had practiced one kick 10,000 times."
Bruce Lee

"Empty your mind, be formless. Shapeless, like water. If you put water into a cup, it becomes the cup. You put water into a bottle and it becomes the bottle. You put it in a teapot it becomes the teapot. Now, water can flow or it can crash. Be water my friend."
Bruce Lee

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 11 September 2011 - 04:44 PM

You're welcomw.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users