Jump to content

Virus attacking my graphics


Recommended Posts

  • Replies 147
  • Created
  • Last Reply

Good morning preconmanager,

OK. Please give this rootkit scan a shot.

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

Link to post
Share on other sites

Hello preconmanager,

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Yes. When I enter the name of a known anti-malware website in the search bar. Once I arrive at the search site, I see the top portion of the website with the standard blue background, but the portion showing the information or download is hidden with a black "veil" or obscures with a grey "veil" that is changing grey tones. During the last scan you had me run, the symptoms were that I could not see the files being scanned but I could see the file scanner page heading and that the scan was running.

Link to post
Share on other sites

Good morning,

I will do. I have not been successful in booting from safe mode, but will try. Would it also be prudent to try Chameleon or some program that does Malware search before Windows startup?

Incidently, I have discovered that I can get the monitor interuption to stop by placing the Windows Task Manager over a portion of a webpage. In reading other posts, I got the idea to record the changes in processes before and after a monitor interuption. Don't know if this is relative, but I thought I would try it.

Link to post
Share on other sites

When rebooting from Safe Mode I received the following message;

Data Execution Prevention

To help protect your computer, windows closed this program

NVIDIA Driver Helper Service, Version 82.08

I sent the report to Microsoft.

This reminded me of a recent download. Thinking my monitor needed a driver update because of the disrupt symptoms, and because my DVD/CD Writer showed an incorrect product, tried an update driver through HP recently. Could this be a issue?

Link to post
Share on other sites

Howdy preconmanager,

Your logs aren't showing any malware.

Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:
    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.
    p22001166.gif
  • Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
    p22001647.gif
  • Click on the box next to the Restart System when Finished. Then click on Start.

=====

You could try rolling back your graphics driver and see if that fixes the issue. Please let me know if you would like help doing so.

Link to post
Share on other sites

Good morning preconmanager,

Please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 148):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D1000 \WINDOWS\system32\hal.dll

0xF7AB0000 \WINDOWS\system32\KDCOM.DLL

0xF79C0000 \WINDOWS\system32\BOOTVID.dll

0xF7481000 ACPI.sys

0xF7AB2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7470000 pci.sys

0xF75B0000 isapnp.sys

0xF75C0000 ohci1394.sys

0xF75D0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF7B78000 pciide.sys

0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7AB4000 viaide.sys

0xF7AB6000 intelide.sys

0xF75E0000 MountMgr.sys

0xF7451000 ftdisk.sys

0xF7AB8000 dmload.sys

0xF742B000 dmio.sys

0xF7838000 PartMgr.sys

0xF75F0000 VolSnap.sys

0xF7356000 iaStor.sys

0xF733E000 atapi.sys

0xF72FB000 ftsata2.sys

0xF72E3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xF7600000 disk.sys

0xF7610000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF72C3000 fltmgr.sys

0xF72B1000 sr.sys

0xF7286000 MpFilter.sys

0xF7620000 bb-run.sys

0xF7840000 PxHelp20.sys

0xF726F000 KSecDD.sys

0xF71E2000 Ntfs.sys

0xF71B5000 NDIS.sys

0xF719B000 Mup.sys

0xF7A78000 \SystemRoot\system32\DRIVERS\tunmp.sys

0xF68E9000 \SystemRoot\system32\DRIVERS\AmdK8.sys

0xF7990000 \SystemRoot\system32\DRIVERS\aracpi.sys

0xF6549000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF6535000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7998000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF6511000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF79A0000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF79A8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF68B9000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF6405000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0xF63E2000 \SystemRoot\system32\DRIVERS\ks.sys

0xF79B0000 \SystemRoot\System32\Drivers\Modem.SYS

0xF63BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7A94000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

0xF6370000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

0xF6339000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS

0xF7660000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF79B8000 \SystemRoot\system32\DRIVERS\PS2.sys

0xF7880000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7AF0000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys

0xF7A98000 \SystemRoot\system32\DRIVERS\arpolicy.sys

0xF7C42000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7670000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7A9C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF62FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7680000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7690000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7888000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF62E9000 \SystemRoot\system32\DRIVERS\psched.sys

0xF76A0000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7890000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7898000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF62B9000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF76B0000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF78A0000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7AF6000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF625B000 \SystemRoot\system32\DRIVERS\update.sys

0xF7167000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF76D0000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF76E0000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7AF8000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF76F0000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

0xF3794000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xF3770000 \SystemRoot\system32\drivers\portcls.sys

0xF7730000 \SystemRoot\system32\drivers\drmk.sys

0xF7B16000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7CC3000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B18000 \SystemRoot\System32\Drivers\Beep.SYS

0xF78E8000 \SystemRoot\System32\drivers\vga.sys

0xF7B1A000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B1C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF78F0000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF78F8000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7173000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF3715000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF36BC000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF3684000 \SystemRoot\system32\DRIVERS\tcpip6.sys

0xF365C000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF6253000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xF363A000 \SystemRoot\System32\drivers\afd.sys

0xF7760000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF360F000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF359F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF3551000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF7790000 \SystemRoot\system32\drivers\ip6fw.sys

0xF77A0000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF77C0000 \SystemRoot\System32\Drivers\Fips.SYS

0xF352D000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xF7900000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF7908000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF3490000 \SystemRoot\system32\DRIVERS\bcmwlhigh5.sys

0xF620B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF77F0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7918000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7920000 \SystemRoot\system32\DRIVERS\arhidfltr.sys

0xF376C000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF7B4A000 \SystemRoot\system32\DRIVERS\armoucfltr.sys

0xF3478000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7B58000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF6321000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7930000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xF7C72000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBD3D8000 \SystemRoot\System32\ATMFD.DLL

0xB8532000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys

0xF33F0000 \SystemRoot\system32\DRIVERS\nwlnknb.sys

0xF33E0000 \SystemRoot\system32\DRIVERS\EAPPkt.sys

0xB8640000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB82DA000 \SystemRoot\system32\DRIVERS\nwrdr.sys

0xB82AD000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB81A8000 \SystemRoot\system32\drivers\wdmaud.sys

0xB8382000 \SystemRoot\system32\drivers\sysaudio.sys

0xB7F89000 \SystemRoot\System32\Drivers\HTTP.sys

0xB8158000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys

0xB7DC9000 \SystemRoot\system32\DRIVERS\srv.sys

0xB7CEA000 \??\C:\WINDOWS\system32\drivers\mqac.sys

0xB7BC8000 \??\C:\WINDOWS\system32\drivers\RMCast.sys

0xB7E61000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB86B0000 \SystemRoot\system32\DRIVERS\nwlnkfwd.sys

0xB7870000 \SystemRoot\system32\DRIVERS\nwlnkflt.sys

0xB772C000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xF7970000 \SystemRoot\System32\Drivers\TDTCP.SYS

0xB730B000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xF78C8000 \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms

0xB86B8000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A21BFACB-9AB1-4D11-B4C4-2FFF0D9C5BD4}\MpKsl51babad4.sys

0xB6EA1000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB7690000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB6E81000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB54CB000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):

0 System Idle Process

4 System

756 C:\WINDOWS\system32\smss.exe

1060 csrss.exe

1084 C:\WINDOWS\system32\winlogon.exe

1128 C:\WINDOWS\system32\services.exe

1140 C:\WINDOWS\system32\lsass.exe

1296 C:\WINDOWS\system32\svchost.exe

1336 C:\WINDOWS\system32\svchost.exe

1376 C:\Program Files\Microsoft Security Client\MsMpEng.exe

1416 C:\WINDOWS\system32\svchost.exe

1740 svchost.exe

1764 C:\WINDOWS\system32\svchost.exe

1792 svchost.exe

1812 C:\WINDOWS\system32\svchost.exe

256 C:\WINDOWS\system32\spoolsv.exe

372 svchost.exe

1020 msdtc.exe

1304 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1468 C:\WINDOWS\arservice.exe

1552 C:\Program Files\Bonjour\mDNSResponder.exe

1616 C:\WINDOWS\ehome\ehrecvr.exe

1656 C:\WINDOWS\ehome\ehSched.exe

2016 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

536 C:\Program Files\Google\Update\GoogleUpdate.exe

900 C:\WINDOWS\system32\inetsrv\inetinfo.exe

920 C:\Program Files\Java\jre7\bin\jqs.exe

1672 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

2244 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

2276 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

2364 C:\WINDOWS\system32\nvsvc32.exe

2400 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

2480 C:\WINDOWS\system32\snmp.exe

2576 svchost.exe

2720 C:\WINDOWS\system32\svchost.exe

3076 C:\WINDOWS\system32\mqsvc.exe

3336 C:\Program Files\Canon\CAL\CALMAIN.exe

1804 C:\WINDOWS\system32\mqtgsvc.exe

628 Matsvc.exe

584 C:\WINDOWS\system32\dllhost.exe

2952 alg.exe

2396 C:\WINDOWS\system32\wscntfy.exe

2420 C:\WINDOWS\explorer.exe

2512 C:\WINDOWS\system32\rundll32.exe

3100 C:\Program Files\iTunes\iTunesHelper.exe

3116 C:\WINDOWS\system32\rundll32.exe

3168 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

3084 C:\WINDOWS\ehome\ehtray.exe

3452 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

3608 C:\WINDOWS\ehome\ehmsas.exe

880 C:\WINDOWS\arpwrmsg.exe

876 C:\WINDOWS\system32\svchost.exe

2992 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

1256 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2180 C:\Program Files\iPod\bin\iPodService.exe

364 C:\WINDOWS\system32\svchost.exe

2996 C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe

2092 C:\WINDOWS\RTHDCPL.EXE

1688 C:\Program Files\Microsoft Security Client\msseces.exe

2600 C:\WINDOWS\system32\ctfmon.exe

2168 C:\Program Files\NETGEAR\WNA3100\WNA3100.exe

3324 C:\hp\KBD\kbd.exe

3440 C:\WINDOWS\system\hpsysdrv.exe

5008 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

5552 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`74075800 (FAT32)

PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03

Size Device Name MBR Status

--------------------------------------------

186 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

Link to post
Share on other sites

Good afternoon preconmanager,

Please print out these instructions or copy them to a Notepad file for an easier reading and run MBRCheck.

  • At "Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit", type Y and hit "Enter".
  • At "Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice", type 2 and hit "Enter".
  • At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter 0 for drive C: 0
  • At "Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive", type 1 and hit "Enter".
  • At "Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:", type YES and hit "Enter".
    You will receive a "Successfully wrote new MBR code!" message.
  • At "Done! Press ENTER to exit...", press the "Enter" key and reboot your computer.

Please re-run MBRCheck.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Do the issues remain?

Link to post
Share on other sites

The issues remain. The Windows log in was a little easier, but the blue screen flickers after boot. You "Unite" message still creates instability in my screen.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 146):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D1000 \WINDOWS\system32\hal.dll

0xF7AB0000 \WINDOWS\system32\KDCOM.DLL

0xF79C0000 \WINDOWS\system32\BOOTVID.dll

0xF7481000 ACPI.sys

0xF7AB2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7470000 pci.sys

0xF75B0000 isapnp.sys

0xF75C0000 ohci1394.sys

0xF75D0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF7B78000 pciide.sys

0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7AB4000 viaide.sys

0xF7AB6000 intelide.sys

0xF75E0000 MountMgr.sys

0xF7451000 ftdisk.sys

0xF7AB8000 dmload.sys

0xF742B000 dmio.sys

0xF7838000 PartMgr.sys

0xF75F0000 VolSnap.sys

0xF7356000 iaStor.sys

0xF733E000 atapi.sys

0xF72FB000 ftsata2.sys

0xF72E3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xF7600000 disk.sys

0xF7610000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF72C3000 fltmgr.sys

0xF72B1000 sr.sys

0xF7286000 MpFilter.sys

0xF7620000 bb-run.sys

0xF7840000 PxHelp20.sys

0xF726F000 KSecDD.sys

0xF71E2000 Ntfs.sys

0xF71B5000 NDIS.sys

0xF719B000 Mup.sys

0xF7A64000 \SystemRoot\system32\DRIVERS\tunmp.sys

0xF674C000 \SystemRoot\system32\DRIVERS\AmdK8.sys

0xF7958000 \SystemRoot\system32\DRIVERS\aracpi.sys

0xF63DC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF63C8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7960000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF63A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7968000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF673C000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7650000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7660000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF6381000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7970000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF7670000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF6275000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0xF7978000 \SystemRoot\System32\Drivers\Modem.SYS

0xF624D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7A84000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

0xF61DB000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

0xF61A4000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS

0xF7680000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7980000 \SystemRoot\system32\DRIVERS\PS2.sys

0xF7988000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7ACE000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys

0xF7A88000 \SystemRoot\system32\DRIVERS\arpolicy.sys

0xF7C78000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7690000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7A8C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF618D000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF76A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF76B0000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7990000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF617C000 \SystemRoot\system32\DRIVERS\psched.sys

0xF76C0000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7998000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF79A0000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF614C000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF76D0000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF79A8000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7AD0000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF60EE000 \SystemRoot\system32\DRIVERS\update.sys

0xF7AA8000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7700000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7710000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7AD2000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7720000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

0xF3627000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xF3603000 \SystemRoot\system32\drivers\portcls.sys

0xF7760000 \SystemRoot\system32\drivers\drmk.sys

0xF7AF0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7CCA000 \SystemRoot\System32\Drivers\Null.SYS

0xF7AF2000 \SystemRoot\System32\Drivers\Beep.SYS

0xF78C8000 \SystemRoot\System32\drivers\vga.sys

0xF7AF4000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7AF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF78D0000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF78D8000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF60E6000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF35A8000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF354F000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF3517000 \SystemRoot\system32\DRIVERS\tcpip6.sys

0xF34EF000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF60DE000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xF34CD000 \SystemRoot\System32\drivers\afd.sys

0xF7790000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF34A2000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF3432000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF77B0000 \SystemRoot\System32\Drivers\Fips.SYS

0xF340C000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF77C0000 \SystemRoot\system32\drivers\ip6fw.sys

0xF77D0000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF3320000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xF78E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF78F0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF3283000 \SystemRoot\system32\DRIVERS\bcmwlhigh5.sys

0xF7163000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7800000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF78F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7900000 \SystemRoot\system32\DRIVERS\arhidfltr.sys

0xF7A48000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF7B14000 \SystemRoot\system32\DRIVERS\armoucfltr.sys

0xF326B000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7B20000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF622D000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7920000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xF7C6F000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBD3D8000 \SystemRoot\System32\ATMFD.DLL

0xB8532000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys

0xF77E0000 \SystemRoot\system32\DRIVERS\nwlnknb.sys

0xF77F0000 \SystemRoot\system32\DRIVERS\EAPPkt.sys

0xB85AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB82DA000 \SystemRoot\system32\DRIVERS\nwrdr.sys

0xB82AD000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB8108000 \SystemRoot\system32\drivers\wdmaud.sys

0xB83AA000 \SystemRoot\system32\drivers\sysaudio.sys

0xB7FB1000 \SystemRoot\System32\Drivers\HTTP.sys

0xB7DF1000 \SystemRoot\system32\DRIVERS\srv.sys

0xB805A000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys

0xB7C72000 \??\C:\WINDOWS\system32\drivers\mqac.sys

0xB7BF0000 \??\C:\WINDOWS\system32\drivers\RMCast.sys

0xB7E89000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF7928000 \SystemRoot\system32\DRIVERS\nwlnkfwd.sys

0xB769C000 \SystemRoot\system32\DRIVERS\nwlnkflt.sys

0xB7658000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xF78B0000 \SystemRoot\System32\Drivers\TDTCP.SYS

0xB7333000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xF7880000 \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):

0 System Idle Process

4 System

756 C:\WINDOWS\system32\smss.exe

1060 csrss.exe

1084 C:\WINDOWS\system32\winlogon.exe

1128 C:\WINDOWS\system32\services.exe

1140 C:\WINDOWS\system32\lsass.exe

1296 C:\WINDOWS\system32\svchost.exe

1336 C:\WINDOWS\system32\svchost.exe

1376 C:\Program Files\Microsoft Security Client\MsMpEng.exe

1416 C:\WINDOWS\system32\svchost.exe

1732 svchost.exe

1760 C:\WINDOWS\system32\svchost.exe

1796 svchost.exe

1816 C:\WINDOWS\system32\svchost.exe

256 C:\WINDOWS\system32\spoolsv.exe

352 svchost.exe

1000 msdtc.exe

1268 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1392 C:\WINDOWS\arservice.exe

1548 C:\Program Files\Bonjour\mDNSResponder.exe

1576 C:\WINDOWS\ehome\ehrecvr.exe

1616 C:\WINDOWS\ehome\ehSched.exe

1988 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

204 C:\Program Files\Google\Update\GoogleUpdate.exe

696 C:\WINDOWS\system32\inetsrv\inetinfo.exe

796 C:\Program Files\Java\jre7\bin\jqs.exe

1492 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

1560 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

1628 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

1996 C:\WINDOWS\system32\nvsvc32.exe

2044 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

2144 C:\WINDOWS\system32\snmp.exe

2220 svchost.exe

2312 C:\WINDOWS\system32\svchost.exe

2972 C:\WINDOWS\system32\mqsvc.exe

3208 C:\WINDOWS\system32\wuauclt.exe

3320 C:\Program Files\Canon\CAL\CALMAIN.exe

4092 C:\WINDOWS\system32\mqtgsvc.exe

2156 C:\WINDOWS\explorer.exe

2188 C:\WINDOWS\system32\dllhost.exe

3000 alg.exe

2952 C:\WINDOWS\system32\rundll32.exe

3008 C:\Program Files\iTunes\iTunesHelper.exe

3048 C:\WINDOWS\system32\rundll32.exe

3120 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

3148 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

3152 C:\WINDOWS\system32\svchost.exe

3172 C:\WINDOWS\ehome\ehtray.exe

3344 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

3352 C:\WINDOWS\ehome\ehmsas.exe

3524 C:\WINDOWS\arpwrmsg.exe

3688 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

3800 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2804 C:\Program Files\iPod\bin\iPodService.exe

840 C:\WINDOWS\system32\svchost.exe

3032 C:\WINDOWS\RTHDCPL.EXE

3012 C:\Program Files\Microsoft Security Client\msseces.exe

3076 C:\WINDOWS\system32\ctfmon.exe

3220 C:\Program Files\NETGEAR\WNA3100\WNA3100.exe

3564 C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe

3668 C:\hp\KBD\kbd.exe

3788 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`74075800 (FAT32)

PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03

Size Device Name MBR Status

--------------------------------------------

186 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

Hello preconmanager,

No, that's fine.

Please download GMER from one of the following locations and save it to your Desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your Desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress).
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in Safe Mode.

-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

Link to post
Share on other sites

GMER 2.0.18444 - http://www.gmer.net

Rootkit scan 2013-01-15 13:09:55

Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3200826AS rev.3.03 186.31GB

Running: nopg1on3.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uwdiipob.sys

---- Kernel code sections - GMER 2.0 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF65B4360, 0x20574D, 0xE8000020]

---- EOF - GMER 2.0 ----

Link to post
Share on other sites

Howdy preconmanager,

OK well all of these scans are coming back clean.

I think the next step should be posting a topic in the PC Help section of this forum. Provide a link to this topic, and hopefully it gets solved. If not, I'll be here. :)

Link to post
Share on other sites

Thanks TDK for all your assistance. I appreciated your patience and dedication to my problem. I will post this issue as you suggest in the PC Help section.

The security updates Microsoft published over the past two days has helped in some areas, but I still experience what I am convinced is an "illicit program" trying to prevent me from discovering a cure by the way it reacts to block my help resources on the Web. When I find it, I will post back to you.

Cheers and all the best!

Link to post
Share on other sites

My scans of MBAM, MSE, MDO and SAS are all currently clean.

I am still experiencing the same symptoms whereas my monitor gets blocked (partially) when I run my virus scans or try to download anti-malware programs from various sites making the path to hopeful success very difficult and very suspicious. I use/move the Task Manager atop the afflicted area of the screen to partially obsure the scan or site until I can finally see what is being blocked.

I still cant help thinking that I might be infected somehow or my registry has been corrupted. I may also have had a visitor during the IE8 vulnerability if I read my System Security Scan log file correctly. I have since modified my security settings.

Today (with great difficulty and opposition) was finally able to finally get HJT loaded and run. I have the log available.

Any further assistance would be greatly appreciated.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.