Jump to content

question about bootkit_remover


Recommended Posts

Hi ,

I am using XP Pro and and get "access denied" when trying to access system volume information on a removable drive. I am set to see hidden files etc. but I also get "unknown boot code" from bootkit_remover.exe

When I use "fix" parameter from this utility it says "cant read first sector of disk"

Have tried a format but still the same.

Now I believe I do not really have a virus.

Any help appreciated

Dell Latitude D630

Link to post
Share on other sites

Hi, that is most likely caused by the fact that you have a Dell MBR.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Hi, that is most likely caused by the fact that you have a Dell MBR.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

OK tks for your help.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 2 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 171):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E3000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xB9F48000 fltMgr.sys

0xBA4BC000 compbatt.sys

0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB9F2A000 pcmcia.sys

0xBA0B8000 MountMgr.sys

0xB9F0B000 ftdisk.sys

0xB9EE5000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9ECD000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9EBB000 sr.sys

0xB9E7E000 PCTCore.sys

0xB9E27000 pctDS.sys

0xB9D82000 pctEFA.sys

0xB9D6C000 DRVMCDB.SYS

0xBA0F8000 PxHelp20.sys

0xB9D55000 KSecDD.sys

0xB9CC8000 Ntfs.sys

0xB9CB6000 inspect.sys

0xB9C89000 \WINDOWS\System32\DRIVERS\NDIS.SYS

0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS

0xBA108000 PBADRV.sys

0xBA118000 ohci1394.sys

0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xB9C6E000 Mup.sys

0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8C2D000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xB8C19000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA440000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB8BF6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA448000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8BD0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB89B4000 \SystemRoot\system32\DRIVERS\NETw4x32.sys

0xB8989000 \SystemRoot\system32\DRIVERS\b57xp32.sys

0xBA2D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB895D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xB88E2000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xBA450000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA2F8000 \SystemRoot\system32\DRIVERS\serial.sys

0xB9C3A000 \SystemRoot\system32\DRIVERS\serenum.sys

0xBA308000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA5CA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xBA318000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA148000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB88BF000 \SystemRoot\system32\DRIVERS\ks.sys

0xB9C32000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xB9C2E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xBA168000 \SystemRoot\System32\Drivers\tosrfcom.sys

0xBA764000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB9565000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB9C2A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB88A8000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB9555000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB9545000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB8897000 \SystemRoot\system32\DRIVERS\psched.sys

0xB9535000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB9C09000 \SystemRoot\system32\DRIVERS\eacfilt.sys

0xB8874000 \SystemRoot\system32\DRIVERS\ipsecw2k.sys

0xB8843000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xB9525000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB87EA000 \SystemRoot\system32\DRIVERS\update.sys

0xB9BF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB9BF1000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys

0xB9BED000 \SystemRoot\system32\DRIVERS\VMNET.SYS

0xBA478000 \SystemRoot\system32\DRIVERS\WaveFDE.sys

0xB9515000 \SystemRoot\system32\DRIVERS\tosporte.sys

0xB9505000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB94E5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5D6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA85A4000 \SystemRoot\system32\drivers\sthda.sys

0xA8582000 \SystemRoot\system32\drivers\portcls.sys

0xB94D5000 \SystemRoot\system32\drivers\drmk.sys

0xA856A000 \SystemRoot\system32\drivers\dxec01.sys

0xA8536000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xA8444000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xA8391000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS

0xBA5DC000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xBA1C8000 \SystemRoot\system32\DRIVERS\tosrfusb.sys

0xA82AF000 \SystemRoot\System32\DRIVERS\cmdguard.sys

0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA73D000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5E4000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA4A8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xBA4B0000 \SystemRoot\System32\drivers\vga.sys

0xBA5E6000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA348000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA368000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB91AB000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA827C000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA8224000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA820B000 \SystemRoot\System32\Drivers\avgtdix.sys

0xA81EA000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA81C2000 \SystemRoot\system32\DRIVERS\netbt.sys

0xBA370000 \SystemRoot\System32\DRIVERS\cmdhlp.sys

0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA1E8000 \SystemRoot\System32\Drivers\oz776.sys

0xB9C4A000 \SystemRoot\System32\Drivers\SMCLIB.SYS

0xB9C46000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xA8178000 \SystemRoot\System32\drivers\afd.sys

0xBA208000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA814D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xBA218000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xA8125000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

0xBA228000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys

0xA808E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA238000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA380000 \SystemRoot\System32\Drivers\avgmfx86.sys

0xA803D000 \SystemRoot\System32\Drivers\avgldx86.sys

0xA8389000 \SystemRoot\System32\Drivers\ASPI32.SYS

0xA8385000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

0xBA298000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA8025000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA608000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA8121000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA3A8000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA6D9000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF04E000 \SystemRoot\System32\igxpdv32.DLL

0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xA7EBD000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys

0xBA248000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA7B1000 \SystemRoot\System32\DLA\DLADResM.SYS

0xA7EA5000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA3E8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xBA636000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xBA3F8000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xBA408000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xA7E67000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xA7E50000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xBA378000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xBA388000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys

0xA7D80000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA7D60000 \SystemRoot\system32\DRIVERS\s24trans.sys

0xA7A64000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA7D08000 \??\C:\WINDOWS\system32\drivers\hcmon.sys

0xA7CD8000 \??\C:\WINDOWS\system32\Drivers\vmci.sys

0xA78CC000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys

0xBA63A000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

0xA7735000 \SystemRoot\system32\DRIVERS\srv.sys

0xA7858000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA7568000 \SystemRoot\system32\drivers\wdmaud.sys

0xA762D000 \SystemRoot\system32\drivers\sysaudio.sys

0xBA428000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys

0xA61BC000 \SystemRoot\System32\Drivers\HTTP.sys

0xA5F61000 \SystemRoot\system32\drivers\kmixer.sys

0xBA3E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 81):

0 System Idle Process

4 System

1800 C:\WINDOWS\system32\smss.exe

1912 csrss.exe

1936 C:\WINDOWS\system32\winlogon.exe

2000 C:\WINDOWS\system32\services.exe

2012 C:\WINDOWS\system32\lsass.exe

412 C:\WINDOWS\system32\svchost.exe

496 svchost.exe

1084 C:\Program Files\COMODO\Firewall\cmdagent.exe

1128 C:\WINDOWS\system32\svchost.exe

1180 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

1404 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

736 svchost.exe

920 svchost.exe

1880 C:\WINDOWS\system32\spoolsv.exe

2024 scardsvr.exe

504 svchost.exe

692 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

764 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

804 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

1256 C:\Program Files\AVG\AVG8\avgrsx.exe

1480 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

1636 C:\Program Files\Java\jre6\bin\jqs.exe

1512 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

644 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

724 C:\WINDOWS\system32\NLSSRV32.EXE

788 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

896 C:\Program Files\PC Tools Security\pctsAuxs.exe

1020 C:\Program Files\PC Tools Security\pctsSvc.exe

1660 C:\WINDOWS\system32\stacsv.exe

2224 C:\WINDOWS\system32\svchost.exe

2400 tcsd_win32.exe

2476 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

2672 C:\WINDOWS\explorer.exe

2724 C:\WINDOWS\system32\vmnat.exe

2804 C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe

3164 C:\WINDOWS\system32\dllhost.exe

3248 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

3716 C:\PROGRA~1\AVG\AVG8\avgemc.exe

3832 C:\Program Files\VMware\VMware Server\vmware-authd.exe

1716 C:\Program Files\AVG\AVG8\avgcsrvx.exe

2096 wmiprvse.exe

2340 C:\WINDOWS\system32\vmnetdhcp.exe

2880 C:\Program Files\VMware\VMware Server\vmware-hostd.exe

3020 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

2560 C:\WINDOWS\system32\dllhost.exe

4080 wmiprvse.exe

3064 C:\Program Files\PC Tools Security\pctsGui.exe

3372 msdtc.exe

2444 alg.exe

2760 C:\WINDOWS\system32\wuauclt.exe

2412 C:\WINDOWS\system32\ctfmon.exe

2572 C:\Program Files\DellTPad\Apoint.exe

2268 C:\WINDOWS\system32\hkcmd.exe

1016 C:\WINDOWS\system32\igfxpers.exe

3380 C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

4460 C:\WINDOWS\system32\igfxsrvc.exe

5136 C:\Program Files\DellTPad\ApMsgFwd.exe

5308 C:\Program Files\Dell\QuickSet\quickset.exe

5316 C:\Program Files\DellTPad\hidfind.exe

5332 C:\Program Files\DellTPad\ApntEx.exe

5548 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

5572 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

5716 C:\WINDOWS\system32\KADxMain.exe

5996 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

4756 C:\PROGRA~1\AVG\AVG8\avgtray.exe

5092 C:\Program Files\COMODO\Firewall\cfp.exe

1680 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

4840 C:\Program Files\PC Tools Security\BDT\FGuard.exe

5268 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

2120 C:\PROGRA~1\MI3AA1~1\rapimgr.exe

4240 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

1136 C:\Program Files\Digital Line Detect\DLG.exe

4968 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

5908 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

6072 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

6036 C:\Program Files\firefox\firefox.exe

4384 C:\Program Files\firefox\plugin-container.exe

3556 C:\WINDOWS\system32\notepad.exe

5988 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9120823ASG, Rev: 3.ADD

PhysicalDrive1 Model Number: WD4000AAK External, Rev: 1.06

Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

372 GB \\.\PhysicalDrive1 RE: Unknown MBR code

SHA1: 79D7AEC487DFDD445C6A0908CE4C984DA566FF03

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

What is your second harddisk? If it contains recovery data, it is normal. Your master disk (which has windows on it) is okay.

OK I have connected both of my removable drives into my DELL laptop

Drive E has films and music on it . It is an Elements powered by WD. I have turned off restores on this drive as thought it would protect against virus' better ?

Drive F is a Freeagent Seagate. It is empty I formatted it yesterday.

Can you recommend what I need to run to be protected. I currently run in background

AVG free

PC Tools AntiVirus Free

(These both runscans every day)

Malware Bytes - which I run when I think of it.

Comodo Firewall - Wlthough I am having some trouble getting latest version to work 100% so may drop it.

Thanks

Steve.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 2 (build 2600)

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 171):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E3000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xB9F48000 fltMgr.sys

0xBA4BC000 compbatt.sys

0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB9F2A000 pcmcia.sys

0xBA0B8000 MountMgr.sys

0xB9F0B000 ftdisk.sys

0xB9EE5000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9ECD000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9EBB000 sr.sys

0xB9E7E000 PCTCore.sys

0xB9E27000 pctDS.sys

0xB9D82000 pctEFA.sys

0xB9D6C000 DRVMCDB.SYS

0xBA0F8000 PxHelp20.sys

0xB9D55000 KSecDD.sys

0xB9CC8000 Ntfs.sys

0xB9CB6000 inspect.sys

0xB9C89000 \WINDOWS\System32\DRIVERS\NDIS.SYS

0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS

0xBA108000 PBADRV.sys

0xBA118000 ohci1394.sys

0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xB9C6E000 Mup.sys

0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xBA2C8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8C2D000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xB8C19000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA440000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB8BF6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA448000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8BD0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB89B4000 \SystemRoot\system32\DRIVERS\NETw4x32.sys

0xB8989000 \SystemRoot\system32\DRIVERS\b57xp32.sys

0xBA2D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB895D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xB88E2000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xBA450000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA2F8000 \SystemRoot\system32\DRIVERS\serial.sys

0xB9C3A000 \SystemRoot\system32\DRIVERS\serenum.sys

0xBA308000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA5CA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xBA318000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA148000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB88BF000 \SystemRoot\system32\DRIVERS\ks.sys

0xB9C32000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xB9C2E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xBA168000 \SystemRoot\System32\Drivers\tosrfcom.sys

0xBA764000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB9565000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB9C2A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB88A8000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB9555000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB9545000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB8897000 \SystemRoot\system32\DRIVERS\psched.sys

0xB9535000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB9C09000 \SystemRoot\system32\DRIVERS\eacfilt.sys

0xB8874000 \SystemRoot\system32\DRIVERS\ipsecw2k.sys

0xB8843000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xB9525000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB87EA000 \SystemRoot\system32\DRIVERS\update.sys

0xB9BF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB9BF1000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys

0xB9BED000 \SystemRoot\system32\DRIVERS\VMNET.SYS

0xBA478000 \SystemRoot\system32\DRIVERS\WaveFDE.sys

0xB9515000 \SystemRoot\system32\DRIVERS\tosporte.sys

0xB9505000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB94E5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5D6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA85A4000 \SystemRoot\system32\drivers\sthda.sys

0xA8582000 \SystemRoot\system32\drivers\portcls.sys

0xB94D5000 \SystemRoot\system32\drivers\drmk.sys

0xA856A000 \SystemRoot\system32\drivers\dxec01.sys

0xA8536000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xA8444000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xA8391000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS

0xBA5DC000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xBA1C8000 \SystemRoot\system32\DRIVERS\tosrfusb.sys

0xA82AF000 \SystemRoot\System32\DRIVERS\cmdguard.sys

0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA73D000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5E4000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA4A8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xBA4B0000 \SystemRoot\System32\drivers\vga.sys

0xBA5E6000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA348000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA368000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB91AB000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA827C000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA8224000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA820B000 \SystemRoot\System32\Drivers\avgtdix.sys

0xA81EA000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA81C2000 \SystemRoot\system32\DRIVERS\netbt.sys

0xBA370000 \SystemRoot\System32\DRIVERS\cmdhlp.sys

0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA1E8000 \SystemRoot\System32\Drivers\oz776.sys

0xB9C4A000 \SystemRoot\System32\Drivers\SMCLIB.SYS

0xB9C46000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xA8178000 \SystemRoot\System32\drivers\afd.sys

0xBA208000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA814D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xBA218000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xA8125000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

0xBA228000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys

0xA808E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA238000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA380000 \SystemRoot\System32\Drivers\avgmfx86.sys

0xA803D000 \SystemRoot\System32\Drivers\avgldx86.sys

0xA8389000 \SystemRoot\System32\Drivers\ASPI32.SYS

0xA8385000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

0xBA298000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA8025000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA608000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA8121000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA3A8000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA6D9000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF04E000 \SystemRoot\System32\igxpdv32.DLL

0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xA7EBD000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys

0xBA248000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA7B1000 \SystemRoot\System32\DLA\DLADResM.SYS

0xA7EA5000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA3E8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xBA636000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xBA3F8000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xBA408000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xA7E67000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xA7E50000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xBA378000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xBA388000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys

0xA7D80000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA7D60000 \SystemRoot\system32\DRIVERS\s24trans.sys

0xA7A64000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA7D08000 \??\C:\WINDOWS\system32\drivers\hcmon.sys

0xA7CD8000 \??\C:\WINDOWS\system32\Drivers\vmci.sys

0xA78CC000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys

0xBA63A000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

0xA7735000 \SystemRoot\system32\DRIVERS\srv.sys

0xA7858000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA7568000 \SystemRoot\system32\drivers\wdmaud.sys

0xA762D000 \SystemRoot\system32\drivers\sysaudio.sys

0xBA428000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys

0xA61BC000 \SystemRoot\System32\Drivers\HTTP.sys

0xA5F61000 \SystemRoot\system32\drivers\kmixer.sys

0xBA3E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 82):

0 System Idle Process

4 System

1800 C:\WINDOWS\system32\smss.exe

1912 csrss.exe

1936 C:\WINDOWS\system32\winlogon.exe

2000 C:\WINDOWS\system32\services.exe

2012 C:\WINDOWS\system32\lsass.exe

412 C:\WINDOWS\system32\svchost.exe

496 svchost.exe

1084 C:\Program Files\COMODO\Firewall\cmdagent.exe

1128 C:\WINDOWS\system32\svchost.exe

1180 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

1404 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

736 svchost.exe

920 svchost.exe

1880 C:\WINDOWS\system32\spoolsv.exe

2024 scardsvr.exe

504 svchost.exe

692 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

764 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

804 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

1256 C:\Program Files\AVG\AVG8\avgrsx.exe

1480 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

1636 C:\Program Files\Java\jre6\bin\jqs.exe

1512 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

644 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

724 C:\WINDOWS\system32\NLSSRV32.EXE

788 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

896 C:\Program Files\PC Tools Security\pctsAuxs.exe

1020 C:\Program Files\PC Tools Security\pctsSvc.exe

1660 C:\WINDOWS\system32\stacsv.exe

2224 C:\WINDOWS\system32\svchost.exe

2400 tcsd_win32.exe

2476 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

2672 C:\WINDOWS\explorer.exe

2724 C:\WINDOWS\system32\vmnat.exe

2804 C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe

3164 C:\WINDOWS\system32\dllhost.exe

3248 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

3716 C:\PROGRA~1\AVG\AVG8\avgemc.exe

3832 C:\Program Files\VMware\VMware Server\vmware-authd.exe

1716 C:\Program Files\AVG\AVG8\avgcsrvx.exe

2096 wmiprvse.exe

2340 C:\WINDOWS\system32\vmnetdhcp.exe

2880 C:\Program Files\VMware\VMware Server\vmware-hostd.exe

3020 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

2560 C:\WINDOWS\system32\dllhost.exe

4080 wmiprvse.exe

3064 C:\Program Files\PC Tools Security\pctsGui.exe

3372 msdtc.exe

2444 alg.exe

2760 C:\WINDOWS\system32\wuauclt.exe

2412 C:\WINDOWS\system32\ctfmon.exe

2572 C:\Program Files\DellTPad\Apoint.exe

2268 C:\WINDOWS\system32\hkcmd.exe

1016 C:\WINDOWS\system32\igfxpers.exe

3380 C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe

4460 C:\WINDOWS\system32\igfxsrvc.exe

5136 C:\Program Files\DellTPad\ApMsgFwd.exe

5308 C:\Program Files\Dell\QuickSet\quickset.exe

5316 C:\Program Files\DellTPad\hidfind.exe

5332 C:\Program Files\DellTPad\ApntEx.exe

5548 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

5572 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

5716 C:\WINDOWS\system32\KADxMain.exe

5996 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

4756 C:\PROGRA~1\AVG\AVG8\avgtray.exe

5092 C:\Program Files\COMODO\Firewall\cfp.exe

1680 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

4840 C:\Program Files\PC Tools Security\BDT\FGuard.exe

5268 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

2120 C:\PROGRA~1\MI3AA1~1\rapimgr.exe

4240 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

1136 C:\Program Files\Digital Line Detect\DLG.exe

4968 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

5908 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

6072 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

6036 C:\Program Files\firefox\firefox.exe

4384 C:\Program Files\firefox\plugin-container.exe

2060 C:\Program Files\PC Tools Security\Update.exe

5744 C:\WINDOWS\system32\notepad.exe

5580 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9120823ASG, Rev: 3.ADD

PhysicalDrive1 Model Number: WD4000AAK External, Rev: 1.06

PhysicalDrive2 Model Number: SeagateFreeAgent Go, Rev: 0148

Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

372 GB \\.\PhysicalDrive1 RE: Unknown MBR code

SHA1: 79D7AEC487DFDD445C6A0908CE4C984DA566FF03

465 GB \\.\PhysicalDrive2 RE: Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Link to post
Share on other sites

Nothing wrong with this. :(

I recommend to run only one AV: so either AVG or PC Tools. Two or more AV's will compete with each other and let malware slip by. Best would be to uninstall one of these.

You only need a firewall if you are not connected through a router. If you use a router, you are already behind a hardware firewall.

Link to post
Share on other sites

Nothing wrong with this. :(

I recommend to run only one AV: so either AVG or PC Tools. Two or more AV's will compete with each other and let malware slip by. Best would be to uninstall one of these.

You only need a firewall if you are not connected through a router. If you use a router, you are already behind a hardware firewall.

Ok thanks for the help. I do not understand why I cannot view the "system volume information " folder though. Especially after I have just formatted the drive. ?

I have un-installed AVG.

Regarding the firewall. Yes I do have a router. ? Not sure what you mean by hardware firewall. Do you mean the fact that NAT would be in operation no unknown inbound route would be permitted. ?

Rgds.

Steve.

Link to post
Share on other sites

Ok thanks for the help. I do not understand why I cannot view the "system volume information " folder though. Especially after I have just formatted the drive. ?
This folder is well-protected because it contains the System Restore points. Permissions are set this way by Windows that only SYSTEM has access and it is recommended to keep things that way. There is no need to access that folder.
Regarding the firewall. Yes I do have a router. ? Not sure what you mean by hardware firewall. Do you mean the fact that NAT would be in operation no unknown inbound route would be permitted. ?
A router acts as hardware firewall. The router itself (a hardware piece) acts as firewall by isolating your computer from the WWW. Your computer does not connect directly to the www, it connects to the router, from where the connection to the open/unprotected web is made.

I hope this explains it to you. :(

Link to post
Share on other sites

This folder is well-protected because it contains the System Restore points. Permissions are set this way by Windows that only SYSTEM has access and it is recommended to keep things that way. There is no need to access that folder.

A router acts as hardware firewall. The router itself (a hardware piece) acts as firewall by isolating your computer from the WWW. Your computer does not connect directly to the www, it connects to the router, from where the connection to the open/unprotected web is made.

I hope this explains it to you. :(

This folder is well-protected because it contains the System Restore points. Permissions are set this way by Windows that only SYSTEM has access

OK but I cannot understand why I view the C drive but not the E drive. See screenshot.

untitled.bmp

When I see what the ATTRIB command shows this makes me think in my un-educagted way that a virus is stopping me from viewing this directory. And it also begs the question what ownership does software like Malwarbytes and PC Tools antivirus execute with. I look at task manager and see that pctools does indeed run as SYSTEM but of course because I run malwarebytes manually it is only administrator. So I disagree it should be kept this way. I want access to all of my system but cannot see how to get it.

A router acts as hardware firewall. The router itself (a hardware piece) acts as firewall by isolating your computer from the WWW.

I understand your point and I see how a router stops requests coming in. But again in my mind if a virus is present somehow before an antivirus picks it up it could in effect make a request going out of a router which will not stop it. And in doing this push valuable information out, whereas a firewall will notify of an unknown application starting up and seeking www. access.

Rgds

Steve.

Link to post
Share on other sites

And in doing this push valuable information out, whereas a firewall will notify of an unknown application starting up and seeking www. access.
In my experience that same virus will, together with the AV also have corrupted/disabled the software firewall. Its a lot easier for malware to mess with a software firewall than with a hardware firewall.

You might want to error check your E drive. You can do so by right-clicking, select Properties, look on the tabs for the Error checking option and run it.

System Restore should only be set to monitor your system partition, not your other drivers/partitions. Right click on My Computer >> Properties >> System Restore and refine as needed. See http://bertk.mvps.org/html/drivedisable.html

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.