Jump to content

Random Redirect in IE FF Chrome, can't download hijackthis


stayley

Recommended Posts

I am getting redirects or popup in all of my browsers. I get the google analytics & epoclick popups. I cannot download hijackthis. Need help, please.

Here is the log from MWB:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5095

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18241

11/18/2010 9:55:12 PM

mbam-log-2010-11-18 (21-55-12).txt

Scan type: Quick scan

Objects scanned: 178248

Time elapsed: 34 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello stayley! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 2

Download DDS and save it to your desktop from here or here or here.

Double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. DDS log with Attach.txt

Link to post
Share on other sites

mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5150

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18241

11/19/2010 9:23:56 AM

mbam-log-2010-11-19 (09-23-56).txt

Scan type: Quick scan

Objects scanned: 178852

Time elapsed: 36 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log

DDS (Ver_10-11-10.01) - NTFSx86

Run by stephen at 9:24:33.46 on Fri 11/19/2010

Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.361 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\stephen\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.Google.com/

uSearchMigratedDefaultURL = hxxp://www.Google.com/

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople

mSearch Page =

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

{7e853d72-626a-48ec-a868-ba8d5e23e045}

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Internet Service: {c46f137f-2c2a-4714-aa14-323137f882ae} -

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\documents and settings\stephen\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [spyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: state.va.us\www.deq

Trusted Zone: verizon.com

DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.taylorbeanonline.com/scriptx/smsx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163214234545

DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://remote.ewmortgage.com/tsweb/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://alamodetraining.webex.com/client/v_mywebex-t20/training/ieatgpc.cab

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 60936]

R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -semmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -sEMMSDE [?]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-3 24652]

R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-15 2944]

R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-15 61952]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-8-15 11008]

R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-8-15 10368]

R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-2 29184]

S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-26 24576]

S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.exe -i emmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.EXE -i EMMSDE [?]

=============== Created Last 30 ================

2010-11-19 13:42:31 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-19 13:41:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-19 13:41:29 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-11-19 13:41:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-11-19 13:41:29 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-11-19 13:41:29 117760 ------w- c:\windows\system32\prntvpt.dll

2010-11-19 13:41:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-11-19 13:41:28 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-11-19 13:41:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-11-19 13:41:28 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-11-19 13:41:27 -------- d-----w- C:\d8460462b997e73eef

2010-11-19 03:25:35 -------- d-----w- c:\docume~1\stephen\applic~1\Avira

2010-11-19 01:01:10 -------- d-----w- c:\docume~1\stephen\locals~1\applic~1\Temp

2010-11-11 19:05:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-11 19:04:36 -------- d-----w- c:\program files\Avira

2010-11-11 19:04:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-11-11 18:38:44 110080 ----a-r- c:\docume~1\stephen\applic~1\microsoft\installer\{4e97ae47-1293-4669-bbf3-4bde52501a1a}\IconF7A21AF7.exe

2010-11-11 18:38:44 110080 ----a-r- c:\docume~1\stephen\applic~1\microsoft\installer\{4e97ae47-1293-4669-bbf3-4bde52501a1a}\IconD7F16134.exe

2010-11-11 18:38:36 -------- d-----w- C:\sh4ldr

2010-11-11 18:37:44 -------- d-----w- c:\windows\4E97AE4712934669BBF34BDE52501A1A.TMP

2010-11-11 18:37:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2010-11-11 17:13:22 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-11-11 17:13:21 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-11-11 17:13:21 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-11-11 17:12:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-11-11 17:11:48 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-11-11 17:10:52 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-11-11 17:08:58 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-11-11 17:08:58 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-11-11 17:08:21 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-11-11 17:04:31 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-11 16:56:23 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-11-11 16:47:49 -------- d-----w- c:\docume~1\stephen\applic~1\Malwarebytes

2010-11-11 16:47:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-11 16:47:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-11 16:47:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-11 16:47:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86F7AAB8]

3 CLASSPNP[0xF769EFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000078[0x86EF62A0]

5 ACPI[0xF7515620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F7F940]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

============= FINISH: 9:25:46.26 ===============

Attach Log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 7/12/2006 4:13:22 PM

System Uptime: 11/18/2010 10:54:30 PM (11 hours ago)

Motherboard: Sony Corporation | | Q-Project

Processor: Intel® Pentium® M processor 1.86GHz | N/A | 1321/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 7.628 GiB free.

D: is Removable

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP598: 5/16/2010 11:35:58 AM - System Checkpoint

RP599: 6/3/2010 4:41:55 PM - System Checkpoint

RP600: 11/11/2010 12:42:40 PM - System Checkpoint

RP601: 11/11/2010 1:38:30 PM - Installed SpyHunter

RP602: 11/11/2010 1:52:35 PM - Avira AntiVir Personal - 11/11/2010 13:52

RP603: 11/18/2010 7:44:14 PM - Software Distribution Service 3.0

RP604: 11/18/2010 9:27:43 PM - Configured FP3 Player

RP605: 11/18/2010 9:46:11 PM - Removed MobileMe Control Panel

RP606: 11/19/2010 8:34:42 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Sansa Media Converter

Adobe Acrobat 5.0

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player 11

AoA DVD Copy

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Bonjour

Click to DVD 2.0.03 Menu Data

Click to DVD 2.5.20

Critical Update for Windows Media Player 11 (KB959772)

Digital Photo Navigator 1.5

DVgate Plus

Google Chrome

HDAUDIO SoftV92 Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Image Converter 2 Plus

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

InterActual Player

InterVideo WinDVD for VAIO

ISScript

iTunes

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 11

Macromedia Flash Player 8

Malwarebytes' Anti-Malware

mCore

mDriver

Memory Stick Formatter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Access 2000 Runtime

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Starter Edition 2006

Microsoft Digital Image Starter Edition 2006 Editor

Microsoft Digital Image Starter Edition 2006 Library

Microsoft Office Professional Edition 2003

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (EMMSDE)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Works

mMHouse

Move Media Player

mPfMgr

mProSafe

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

Netflix Movie Viewer

Netscape Browser (remove only)

Office 2003 Trial Assistant

OpenMG Secure Module 4.4.00

PCFriendly

pdfFactory

Photodex Presenter

PowerDVD

QuickTime

Realtek High Definition Audio Driver

Rhapsody Player Engine

Roxio DigitalMedia Audio

Roxio DigitalMedia Copy

Roxio DigitalMedia Data

Safari

Search Enhancement by AOL Search

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB960714)

Security Update for Windows Internet Explorer 8 (KB961260)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Setting Utility Series

SonicStage 3.4

Sony Certificate PCH

Sony MP4 Shared Library

Sony Utilities DLL

Sony Video Shared Library

SpyHunter

Unity Web Player

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

VAIO Breeze Wallpaper

VAIO Camera Utility

VAIO Central

VAIO Entertainment Platform

VAIO Event Service

VAIO Light Flo Wallpaper

VAIO Media 5.0

VAIO Media AC3 Decoder 1.0

VAIO Media Integrated Server 5.0

VAIO Media Redistribution 5.0

VAIO Media Registration Tool 5.0

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents

VAIO Power Management

VAIO Registration

VAIO Security Center

VAIO Support Central

VAIO Update 2

VAIO Wireless LAN Setup Utility

VAIOSurveySA

Viewpoint Media Player

WebEx

WebFldrs XP

Winamp

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 8 Beta 2

Windows Live installer

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix - KB894476

Windows Media Player 10 Hotfix [see KB886612 for more information]

Windows Media Player 11

Windows Media Player Hotfix [see KB832353 for more information]

Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

11/19/2010 9:24:38 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

11/19/2010 8:50:43 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 0013A935420A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

11/18/2010 9:46:45 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/18/2010 9:09:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file serscan.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.

11/18/2010 7:39:19 PM, error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: The system cannot find the file specified.

11/18/2010 7:39:19 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Viewpoint Media Player

You can read, how to do this here:

Step 2

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

ComboFix 10-11-19.01 - stephen 11/19/2010 20:03:03.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -5:00]

Running from: c:\documents and settings\stephen\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\stephen\Recent\Thumbs.db

c:\program files\Mozilla Firefox\components\npclntax.xpt

c:\windows\jestertb.dll

c:\windows\system32\gotomon.log

c:\windows\system32\Thumbs.db

c:\windows\system32\twain.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))

.

2010-11-20 00:56 . 2010-11-20 00:56 -------- d-sh--w- c:\documents and settings\stephen\IECompatCache

2010-11-19 18:12 . 2010-11-19 18:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-19 16:38 . 2010-11-19 16:38 -------- d-----w- c:\windows\LastGood.Tmp

2010-11-19 16:35 . 2010-11-19 16:35 -------- d-sh--w- c:\documents and settings\stephen\IETldCache

2010-11-19 16:28 . 2010-11-19 16:30 -------- dc-h--w- c:\windows\ie8

2010-11-19 16:26 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-11-19 16:26 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-11-19 16:26 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-11-19 16:26 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-11-19 16:26 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-19 16:26 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-11-19 16:26 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-11-19 16:26 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-11-19 13:42 . 2010-11-19 13:42 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-19 13:42 . 2010-11-19 13:42 -------- d-----w- c:\program files\MSBuild

2010-11-19 13:42 . 2010-11-19 13:42 -------- d-----w- c:\program files\Reference Assemblies

2010-11-19 13:41 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-19 13:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-11-19 13:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-11-19 13:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-11-19 13:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-11-19 13:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-11-19 13:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-11-19 13:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-11-19 13:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-11-19 13:41 . 2010-11-19 13:41 -------- d-----w- C:\d8460462b997e73eef

2010-11-19 03:25 . 2010-11-19 03:25 -------- d-----w- c:\documents and settings\stephen\Application Data\Avira

2010-11-19 01:01 . 2010-11-19 01:02 -------- d-----w- c:\documents and settings\stephen\Local Settings\Application Data\Temp

2010-11-11 19:05 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-11-11 19:05 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-11 19:05 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-11-11 19:05 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-11-11 19:04 . 2010-11-11 19:04 -------- d-----w- c:\program files\Avira

2010-11-11 19:04 . 2010-11-11 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-11-11 18:38 . 2010-11-11 18:38 110080 ----a-r- c:\documents and settings\stephen\Application Data\Microsoft\Installer\{4E97AE47-1293-4669-BBF3-4BDE52501A1A}\IconF7A21AF7.exe

2010-11-11 18:38 . 2010-11-11 18:38 110080 ----a-r- c:\documents and settings\stephen\Application Data\Microsoft\Installer\{4E97AE47-1293-4669-BBF3-4BDE52501A1A}\IconD7F16134.exe

2010-11-11 18:38 . 2010-11-11 18:38 -------- d-----w- C:\sh4ldr

2010-11-11 18:37 . 2010-11-11 18:38 -------- d-----w- c:\windows\4E97AE4712934669BBF34BDE52501A1A.TMP

2010-11-11 18:37 . 2010-11-11 18:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-11-11 17:13 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-11-11 17:13 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-11-11 17:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-11-11 17:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-11-11 17:11 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-11-11 17:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-11-11 17:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-11-11 17:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-11-11 17:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-11-11 17:04 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-11 16:56 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-11-11 16:47 . 2010-11-11 16:47 -------- d-----w- c:\documents and settings\stephen\Application Data\Malwarebytes

2010-11-11 16:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-11 16:47 . 2010-11-11 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-11 16:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-11 16:47 . 2010-11-11 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 17:23 . 2006-03-02 19:48 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2006-03-02 19:48 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2006-03-02 19:48 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2006-03-02 19:48 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-01 11:51 . 2006-03-02 19:48 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2006-03-02 19:48 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2006-03-02 19:48 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-23 16:12 . 2006-03-02 19:48 617472 ----a-w- c:\windows\system32\comctl32.dll

2004-08-10 04:30 . 2008-03-09 02:45 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Google Update"="c:\documents and settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]

"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-29 32768]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-10-28 573440]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-11-05 4098904]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-21 01:42 73728 ------w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]

backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ccProxy"=2 (0x2)

"ccISPwdSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2010 2:05 PM 135336]

R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE [?]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [11/5/2010 5:53 PM 327000]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 5:10 PM 5248]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/2/2006 2:49 PM 29184]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [8/15/2006 4:42 PM 2944]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [8/15/2006 4:53 PM 61952]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [8/15/2006 4:42 PM 11008]

S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [8/15/2006 4:42 PM 10368]

S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [12/26/2006 5:42 PM 24576]

S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE [?]

.

Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-763951124-3310558196-3032050449-1006Core.job

- c:\documents and settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 01:00]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-763951124-3310558196-3032050449-1006UA.job

- c:\documents and settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 01:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.Google.com/

uSearchMigratedDefaultURL = hxxp://www.Google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: state.va.us\www.deq

Trusted Zone: verizon.com

DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB

DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB

DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe

MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe

MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

AddRemove-AOL Search Enhancement - c:\program files\AOL\AOL Search Enhancement\uninst.exe

AddRemove-{EE5B8E34-973C-4FBE-AC83-99F064009FC7} - c:\program files\Enigma Software Group\SpyHunter\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-19 20:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)

c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2896)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\brss01a.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Apoint\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-11-19 20:22:27 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-20 01:22

Pre-Run: 7,940,710,400 bytes free

Post-Run: 8,579,362,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 82F27A3D51BB0E6C3936A9669CD40555

Link to post
Share on other sites

Step 1

Perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.

Step 2

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Can't download rootkit

AV Scan results:

Avira AntiVir Personal

Report file date: Monday, November 22, 2010 22:37

Scanning for 3077234 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : MAMA

Version information:

BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 02:22:23

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 02:22:29

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 02:22:29

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 02:22:29

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 02:22:29

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 02:22:30

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 02:22:30

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 02:22:31

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 02:22:31

VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 02:22:31

VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 02:22:32

VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 01:06:00

VBASE020.VDF : 7.10.14.42 2048 Bytes 11/19/2010 01:06:00

VBASE021.VDF : 7.10.14.43 2048 Bytes 11/19/2010 01:06:00

VBASE022.VDF : 7.10.14.44 2048 Bytes 11/19/2010 01:06:01

VBASE023.VDF : 7.10.14.45 2048 Bytes 11/19/2010 01:06:01

VBASE024.VDF : 7.10.14.46 2048 Bytes 11/19/2010 01:06:01

VBASE025.VDF : 7.10.14.47 2048 Bytes 11/19/2010 01:06:02

VBASE026.VDF : 7.10.14.48 2048 Bytes 11/19/2010 01:06:03

VBASE027.VDF : 7.10.14.49 2048 Bytes 11/19/2010 01:06:03

VBASE028.VDF : 7.10.14.50 2048 Bytes 11/19/2010 01:06:03

VBASE029.VDF : 7.10.14.51 2048 Bytes 11/19/2010 01:06:03

VBASE030.VDF : 7.10.14.52 2048 Bytes 11/19/2010 01:06:04

VBASE031.VDF : 7.10.14.60 108544 Bytes 11/22/2010 14:36:48

Engineversion : 8.2.4.112

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54

AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/22/2010 14:38:49

AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 14:38:29

AESBX.DLL : 8.1.3.2 254324 Bytes 11/22/2010 14:38:53

AERDL.DLL : 8.1.9.2 635252 Bytes 11/19/2010 02:22:45

AEPACK.DLL : 8.2.3.11 471416 Bytes 11/19/2010 02:22:43

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/22/2010 14:38:27

AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/22/2010 14:38:20

AEHELP.DLL : 8.1.14.0 246134 Bytes 11/19/2010 02:22:38

AEGEN.DLL : 8.1.4.2 401781 Bytes 11/22/2010 14:37:13

AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 14:37:01

AECORE.DLL : 8.1.18.1 196984 Bytes 11/22/2010 14:36:54

AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56

AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, November 22, 2010 22:37

Starting search for hidden objects.

HKEY_USERS\S-1-5-21-763951124-3310558196-3032050449-1006\Software\Microsoft\Protected Storage System Provider\S-1-5-21-763951124-3310558196-3032050449-1006\data

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\EMMSDE\MSSQLServer\uptime_time_utc

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist

[NOTE] The registry entry is invisible.

c:\windows\system32\rundll32.exe

c:\WINDOWS\system32\rundll32.exe

[NOTE] The process is not visible.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '29' Module(s) have been scanned

Scan process 'msdtc.exe' - '40' Module(s) have been scanned

Scan process 'dllhost.exe' - '61' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '67' Module(s) have been scanned

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'avscan.exe' - '60' Module(s) have been scanned

Scan process 'avcenter.exe' - '64' Module(s) have been scanned

Scan process 'gnotify.exe' - '72' Module(s) have been scanned

Scan process 'avshadow.exe' - '26' Module(s) have been scanned

Scan process 'avguard.exe' - '55' Module(s) have been scanned

Scan process 'alg.exe' - '33' Module(s) have been scanned

Scan process 'iPodService.exe' - '30' Module(s) have been scanned

Scan process 'ctfmon.exe' - '25' Module(s) have been scanned

Scan process 'WMPNSCFG.exe' - '28' Module(s) have been scanned

Scan process 'avgnt.exe' - '53' Module(s) have been scanned

Scan process 'SpyHunter4.exe' - '99' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '54' Module(s) have been scanned

Scan process 'Apntex.exe' - '16' Module(s) have been scanned

Scan process 'hkcmd.exe' - '22' Module(s) have been scanned

Scan process 'igfxpers.exe' - '23' Module(s) have been scanned

Scan process 'ISBMgr.exe' - '32' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '25' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '51' Module(s) have been scanned

Scan process 'SPMgr.exe' - '40' Module(s) have been scanned

Scan process 'jusched.exe' - '21' Module(s) have been scanned

Scan process 'VAIOUpdt.exe' - '63' Module(s) have been scanned

Scan process 'VCUServe.exe' - '34' Module(s) have been scanned

Scan process 'Apoint.exe' - '38' Module(s) have been scanned

Scan process 'VzFw.exe' - '34' Module(s) have been scanned

Scan process 'VzCdbSvc.exe' - '53' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '22' Module(s) have been scanned

Scan process 'igfxext.exe' - '20' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '53' Module(s) have been scanned

Scan process 'VCSW.exe' - '35' Module(s) have been scanned

Scan process 'VESMgr.exe' - '61' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '21' Module(s) have been scanned

Scan process 'sqlservr.exe' - '53' Module(s) have been scanned

Scan process 'MDM.EXE' - '21' Module(s) have been scanned

Scan process 'jqs.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '25' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'sched.exe' - '43' Module(s) have been scanned

Scan process 'spoolsv.exe' - '92' Module(s) have been scanned

Scan process 'brss01a.exe' - '18' Module(s) have been scanned

Scan process 'brsvc01a.exe' - '9' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'Explorer.EXE' - '137' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '29' Module(s) have been scanned

Scan process 'EvtEng.exe' - '55' Module(s) have been scanned

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '171' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '54' Module(s) have been scanned

Scan process 'SH4SER~1.EXE' - '14' Module(s) have been scanned

Scan process 'lsass.exe' - '58' Module(s) have been scanned

Scan process 'services.exe' - '39' Module(s) have been scanned

Scan process 'winlogon.exe' - '68' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1797' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Program Files\Enigma Software Group\SpyHunter\Backup\a0045827.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware

--> System Volume Information/_restore{64A8D0A0-6094-4429-A400-B81F08F758ED}/RP293/A0045827.dll

[DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\coresrv.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/CoreSrv.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostie.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/HostIE.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostoe.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/HostOE.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostol.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/Zangomail.A adware or spyware

--> Program Files/Zango/bin/10.0.370.0/HostOL.dll

[DETECTION] Contains recognition pattern of the ADSPY/Zangomail.A adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\instie.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/Hotbar.AY.5 adware or spyware

--> Program Files/Zango/bin/10.0.370.0/InstIE.dll

[DETECTION] Contains recognition pattern of the ADSPY/Hotbar.AY.5 adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\npclntax_zangosa.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/firefox/extensions/plugins/npclntax_ZangoSA.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Mozilla Firefox/plugins/npclntax_ZangoSA.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\oeaddon.exe.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/OEAddOn.exe

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\shoppingreport.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware

--> Program Files/ShoppingReport/Bin/2.0.26/ShoppingReport.dll

[DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\srv.exe.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/Srv.exe

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\toolbar.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/Zango.E adware or spyware

--> Program Files/Zango/bin/10.0.370.0/Toolbar.dll

[DETECTION] Contains recognition pattern of the ADSPY/Zango.E adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\wallpaper.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/Wallpaper.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosa.exe.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/Zango.C adware or spyware

--> Program Files/Zango/bin/10.0.370.0/ZangoSA.exe

[DETECTION] Contains recognition pattern of the ADSPY/Zango.C adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosaax.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/ZangoSAAX.dll

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosadf.exe.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

--> Program Files/Zango/bin/10.0.370.0/ZangoSADF.exe

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosahook.dll.dat

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the ADSPY/Zango.G adware or spyware

--> Program Files/Zango/bin/10.0.370.0/ZangoSAHook.dll

[DETECTION] Contains recognition pattern of the ADSPY/Zango.G adware or spyware

Beginning disinfection:

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosahook.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/Zango.G adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '46356af7.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosadf.exe.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '5ea24550.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosaax.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '0cfd1fb8.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosa.exe.dat

[DETECTION] Contains recognition pattern of the ADSPY/Zango.C adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '6aca507a.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\wallpaper.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '2f407d44.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\toolbar.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/Zango.E adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '50564f2b.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\srv.exe.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '1cd5637e.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\shoppingreport.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '60f62338.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\oeaddon.exe.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '4dba0c76.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\npclntax_zangosa.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '54d037e7.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\instie.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/Hotbar.AY.5 adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '389c1bd6.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostol.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/Zangomail.A adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '49252242.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostoe.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '473f1285.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostie.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '02166bc7.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\coresrv.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '0b1e6f6c.qua'.

C:\Program Files\Enigma Software Group\SpyHunter\Backup\a0045827.dll.dat

[DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware

[NOTE] The file was moved to the quarantine directory under the name '5319765a.qua'.

End of the scan: Tuesday, November 23, 2010 09:21

Used time: 2:08:46 Hour(s)

The scan has been done completely.

9358 Scanned directories

404509 Files were scanned

17 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

16 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

404492 Files not concerned

9431 Archives were scanned

0 Warnings

16 Notes

444292 Objects were scanned with rootkit scan

4 Hidden objects were found

Link to post
Share on other sites

Rookkit Unhooker Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xAA3F5000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 3977216 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xF6E6D000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3289088 bytes (Intel

Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

Tdsskiller report:

2010/11/24 16:53:30.0906 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/24 16:53:30.0906 ================================================================================

2010/11/24 16:53:30.0906 SystemInfo:

2010/11/24 16:53:30.0906

2010/11/24 16:53:30.0906 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/24 16:53:30.0906 Product type: Workstation

2010/11/24 16:53:30.0906 ComputerName: MAMA

2010/11/24 16:53:30.0906 UserName: stephen

2010/11/24 16:53:30.0906 Windows directory: C:\WINDOWS

2010/11/24 16:53:30.0906 System windows directory: C:\WINDOWS

2010/11/24 16:53:30.0906 Processor architecture: Intel x86

2010/11/24 16:53:30.0906 Number of processors: 1

2010/11/24 16:53:30.0906 Page size: 0x1000

2010/11/24 16:53:30.0906 Boot type: Normal boot

2010/11/24 16:53:30.0906 ================================================================================

2010/11/24 16:53:31.0171 Initialize success

2010/11/24 16:54:00.0078 ================================================================================

2010/11/24 16:54:00.0078 Scan started

2010/11/24 16:54:00.0078 Mode: Manual;

2010/11/24 16:54:00.0078 ================================================================================

2010/11/24 16:54:01.0406 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/24 16:54:01.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/11/24 16:54:01.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/24 16:54:01.0703 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/11/24 16:54:01.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/24 16:54:02.0078 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/11/24 16:54:02.0203 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/24 16:54:02.0343 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/11/24 16:54:02.0453 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/24 16:54:02.0546 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/24 16:54:02.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/24 16:54:02.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/24 16:54:02.0859 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/11/24 16:54:02.0937 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/11/24 16:54:03.0046 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/11/24 16:54:03.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/24 16:54:03.0343 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

2010/11/24 16:54:03.0468 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

2010/11/24 16:54:03.0562 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys

2010/11/24 16:54:03.0640 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys

2010/11/24 16:54:03.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/24 16:54:03.0906 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/24 16:54:04.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/24 16:54:04.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/24 16:54:04.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/24 16:54:04.0437 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/24 16:54:04.0593 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/24 16:54:04.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/24 16:54:04.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/24 16:54:05.0015 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/11/24 16:54:05.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/24 16:54:05.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/24 16:54:05.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/24 16:54:05.0437 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/11/24 16:54:05.0546 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2010/11/24 16:54:05.0625 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2010/11/24 16:54:05.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/24 16:54:05.0937 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys

2010/11/24 16:54:06.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/24 16:54:06.0140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/24 16:54:06.0265 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/24 16:54:06.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/24 16:54:06.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/24 16:54:06.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/24 16:54:06.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/24 16:54:06.0687 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/11/24 16:54:06.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/24 16:54:06.0875 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/24 16:54:06.0984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/24 16:54:07.0125 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/24 16:54:07.0187 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/24 16:54:07.0296 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/24 16:54:07.0390 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/11/24 16:54:07.0531 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/11/24 16:54:07.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/24 16:54:07.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/24 16:54:08.0093 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/11/24 16:54:08.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/24 16:54:08.0578 IntcAzAudAddService (8443479648f804445e9dafef0f219231) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/11/24 16:54:08.0906 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/11/24 16:54:09.0015 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/24 16:54:09.0109 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/24 16:54:09.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/24 16:54:09.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/24 16:54:09.0421 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/24 16:54:09.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/24 16:54:09.0578 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/24 16:54:09.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/24 16:54:09.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/24 16:54:09.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/24 16:54:09.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/24 16:54:10.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/24 16:54:10.0296 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/11/24 16:54:10.0421 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2010/11/24 16:54:10.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/24 16:54:10.0593 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/24 16:54:10.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/24 16:54:10.0734 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/24 16:54:10.0781 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/24 16:54:10.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/24 16:54:10.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/24 16:54:11.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/24 16:54:11.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/24 16:54:11.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/24 16:54:11.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/24 16:54:11.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/24 16:54:11.0593 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/24 16:54:11.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/24 16:54:11.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/24 16:54:11.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/24 16:54:11.0968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/24 16:54:12.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/24 16:54:12.0125 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/24 16:54:12.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/24 16:54:12.0406 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/24 16:54:12.0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/24 16:54:12.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/24 16:54:12.0687 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/24 16:54:12.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/24 16:54:12.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/24 16:54:13.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/24 16:54:13.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/24 16:54:13.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/24 16:54:13.0296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/24 16:54:13.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/11/24 16:54:13.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/24 16:54:13.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/24 16:54:13.0687 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/24 16:54:13.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/24 16:54:13.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/11/24 16:54:14.0000 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/11/24 16:54:14.0250 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2010/11/24 16:54:14.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/24 16:54:14.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/24 16:54:14.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/24 16:54:14.0578 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/24 16:54:14.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/24 16:54:15.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/24 16:54:15.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/24 16:54:15.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/24 16:54:15.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/24 16:54:15.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/24 16:54:15.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/24 16:54:15.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/24 16:54:15.0843 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

2010/11/24 16:54:15.0953 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/11/24 16:54:16.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/24 16:54:16.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/24 16:54:16.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/11/24 16:54:16.0343 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/24 16:54:16.0406 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2010/11/24 16:54:16.0437 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys

2010/11/24 16:54:16.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/24 16:54:16.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/24 16:54:16.0671 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/24 16:54:16.0765 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/11/24 16:54:16.0859 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/24 16:54:16.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/24 16:54:16.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/24 16:54:17.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/24 16:54:17.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/24 16:54:17.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/24 16:54:17.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/24 16:54:17.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/24 16:54:17.0562 tifmsony (72aaa3343af62e02ae37001eea5c9a0e) C:\WINDOWS\system32\drivers\tifmsony.sys

2010/11/24 16:54:17.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/24 16:54:17.0984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/24 16:54:18.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/24 16:54:18.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/24 16:54:18.0234 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/24 16:54:18.0359 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/11/24 16:54:18.0390 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/24 16:54:18.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/24 16:54:18.0500 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/24 16:54:18.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/24 16:54:18.0640 usbvm321 (f9d550545afec1d581d2539f3488c4cd) C:\WINDOWS\system32\Drivers\usbvm321.sys

2010/11/24 16:54:18.0765 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/11/24 16:54:18.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/24 16:54:19.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/24 16:54:19.0328 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2010/11/24 16:54:19.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/24 16:54:19.0843 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/24 16:54:19.0968 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/11/24 16:54:20.0218 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/24 16:54:20.0312 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/24 16:54:20.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/24 16:54:20.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/24 16:54:20.0781 ================================================================================

2010/11/24 16:54:20.0781 Scan finished

2010/11/24 16:54:20.0781 ================================================================================

Link to post
Share on other sites

This is the log for the program that was created: I hope that it is what you're looking for:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHV2100BH_PL rev.00000029 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

Link to post
Share on other sites

  1. Download Bootkit remover to your Desktop.
  2. Extract Remover to your desktop
  3. Double-click Remover to run it (Vista users right-click and select Run as Administrator)
  4. It will show a Black screen with some data on it
  5. Right click on the screen and click Select All
  6. Press Ctrl+C (on keyboard) to copy the data
  7. Open a notepad and press Ctrl+V to paste the data

Link to post
Share on other sites

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

Program version: 1.2.0.0

OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`805e2000

Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;

Press any key to quit...

Link to post
Share on other sites

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D0000 \WINDOWS\system32\hal.dll

0xF7B3E000 \WINDOWS\system32\KDCOM.DLL

0xF7A4E000 \WINDOWS\system32\BOOTVID.dll

0xF750F000 ACPI.sys

0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF74FE000 pci.sys

0xF763E000 isapnp.sys

0xF764E000 ohci1394.sys

0xF765E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF7A52000 compbatt.sys

0xF7A56000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7C06000 pciide.sys

0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7B42000 intelide.sys

0xF74E0000 pcmcia.sys

0xF766E000 MountMgr.sys

0xF74C1000 ftdisk.sys

0xF7A5A000 ACPIEC.sys

0xF7C07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xF78C6000 PartMgr.sys

0xF767E000 VolSnap.sys

0xF74A9000 atapi.sys

0xF768E000 disk.sys

0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF7489000 fltmgr.sys

0xF76AE000 PxHelp20.sys

0xF7472000 KSecDD.sys

0xF745F000 WudfPf.sys

0xF73D2000 Ntfs.sys

0xF73A5000 NDIS.sys

0xF738B000 Mup.sys

0xF6A9E000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF7B22000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF6701000 \SystemRoot\system32\DRIVERS\ialmnt5.sys

0xF66ED000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF66C5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7996000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF66A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF799E000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF668E000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys

0xF6A8E000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF6671000 \SystemRoot\system32\drivers\tifmsony.sys

0xF634E000 \SystemRoot\system32\DRIVERS\w29n51.sys

0xF79A6000 \SystemRoot\System32\Drivers\SonyNC.sys

0xF6A7E000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF79AE000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF6334000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0xF79B6000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF6A6E000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7B2A000 \SystemRoot\system32\drivers\pfc.sys

0xF6A5E000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF6A4E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF7D62000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF6A3E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7B2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF62AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF777E000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF778E000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF79D6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF629A000 \SystemRoot\system32\DRIVERS\psched.sys

0xF779E000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF79DE000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF79E6000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF77BE000 \SystemRoot\System32\Drivers\pcouffin.sys

0xF77CE000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7B7A000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF625F000 \SystemRoot\system32\DRIVERS\ks.sys

0xF6201000 \SystemRoot\system32\DRIVERS\update.sys

0xF7356000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF77DE000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xAA3F5000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xAA3D1000 \SystemRoot\system32\drivers\portcls.sys

0xF77FE000 \SystemRoot\system32\drivers\drmk.sys

0xAA39F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xAA2AB000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xAA1FA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF79F6000 \SystemRoot\System32\Drivers\Modem.SYS

0xF781E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7B88000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7B8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C37000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B8C000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7A16000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7A1E000 \SystemRoot\System32\drivers\vga.sys

0xF7B8E000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7A26000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7A2E000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7AEE000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAA19F000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAA146000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xAA11E000 \SystemRoot\system32\DRIVERS\netbt.sys

0xAA0FC000 \SystemRoot\System32\drivers\afd.sys

0xF782E000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7A36000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xAA0D1000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAA061000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF784E000 \SystemRoot\System32\Drivers\Fips.SYS

0xAA03B000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF785E000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF786E000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xF7C45000 \SystemRoot\system32\DRIVERS\DMICall.sys

0xA9F50000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xF7B9C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys

0xF7AFA000 \SystemRoot\System32\Drivers\ASPI32.SYS

0xF76FE000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA9F13000 \SystemRoot\System32\Drivers\usbvm321.sys

0xF770E000 \SystemRoot\System32\Drivers\STREAM.SYS

0xF7A46000 \SystemRoot\System32\Drivers\USBCAMD2.SYS

0xF78E6000 \SystemRoot\system32\DRIVERS\SonyImgF.sys

0xF78F6000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xAA1F6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF772E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xAA1F2000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xAA1EA000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xA9EFB000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7BC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xAA037000 \SystemRoot\System32\drivers\Dxapi.sys

0xF790E000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7D91000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF020000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF041000 \SystemRoot\System32\ialmdev5.DLL

0xBF075000 \SystemRoot\System32\ialmdd5.DLL

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xA9DA6000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xA9E03000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xA9DFF000 \SystemRoot\system32\DRIVERS\s24trans.sys

0xA9D8A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA9981000 \SystemRoot\system32\drivers\wdmaud.sys

0xA9E93000 \SystemRoot\system32\drivers\sysaudio.sys

0xA9814000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA934B000 \SystemRoot\System32\Drivers\HTTP.sys

0xA939C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA91DB000 \SystemRoot\system32\DRIVERS\srv.sys

0xF7BAA000 \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys

0xA8641000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 72):

0 System Idle Process

4 System

608 C:\WINDOWS\system32\smss.exe

680 csrss.exe

704 C:\WINDOWS\system32\winlogon.exe

752 C:\WINDOWS\system32\services.exe

764 C:\WINDOWS\system32\lsass.exe

924 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

936 C:\WINDOWS\system32\svchost.exe

1000 svchost.exe

1092 C:\WINDOWS\system32\svchost.exe

1124 C:\WINDOWS\system32\svchost.exe

1268 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

1424 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

1448 C:\WINDOWS\explorer.exe

1504 svchost.exe

1612 svchost.exe

1888 C:\WINDOWS\system32\BRSVC01A.EXE

1908 C:\WINDOWS\system32\BRSS01A.EXE

1916 C:\WINDOWS\system32\spoolsv.exe

1960 C:\Program Files\Avira\AntiVir Desktop\sched.exe

196 svchost.exe

640 C:\Program Files\Apoint\Apoint.exe

656 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

668 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

684 C:\Program Files\Java\jre6\bin\jusched.exe

728 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

944 C:\WINDOWS\RTHDCPL.EXE

980 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

1040 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

1064 C:\WINDOWS\system32\igfxpers.exe

1076 C:\WINDOWS\system32\hkcmd.exe

1260 C:\Program Files\iTunes\iTunesHelper.exe

1256 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

1288 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

1344 C:\Program Files\Google\Gmail Notifier\gnotify.exe

1384 C:\Program Files\Windows Media Player\wmpnscfg.exe

1536 C:\WINDOWS\system32\ctfmon.exe

2036 C:\Program Files\Apoint\ApntEx.exe

500 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

512 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

1228 C:\Program Files\Bonjour\mDNSResponder.exe

156 C:\WINDOWS\system32\svchost.exe

1668 C:\Program Files\Java\jre6\bin\jqs.exe

1764 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

1768 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

2080 C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe

2476 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

2584 C:\WINDOWS\system32\svchost.exe

2640 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

2712 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

2884 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

2992 wmpnetwk.exe

3112 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

3408 igfxext.exe

3432 igfxsrvc.exe

1560 C:\Program Files\iPod\bin\iPodService.exe

2344 alg.exe

540 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2472 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3380 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3580 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2352 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3876 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

3084 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3160 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2688 C:\Documents and Settings\stephen\Local Settings\temp\wze161\remover.exe

1380 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

232 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2336 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

3768 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

464 C:\Documents and Settings\stephen\Desktop\Virus Cleaning\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 00000029

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

It seems okay....

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply.

    drweb.jpg

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D0000 \WINDOWS\system32\hal.dll

0xF7B3E000 \WINDOWS\system32\KDCOM.DLL

0xF7A4E000 \WINDOWS\system32\BOOTVID.dll

0xF750F000 ACPI.sys

0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF74FE000 pci.sys

0xF763E000 isapnp.sys

0xF764E000 ohci1394.sys

0xF765E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF7A52000 compbatt.sys

0xF7A56000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7C06000 pciide.sys

0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7B42000 intelide.sys

0xF74E0000 pcmcia.sys

0xF766E000 MountMgr.sys

0xF74C1000 ftdisk.sys

0xF7A5A000 ACPIEC.sys

0xF7C07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xF78C6000 PartMgr.sys

0xF767E000 VolSnap.sys

0xF74A9000 atapi.sys

0xF768E000 disk.sys

0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF7489000 fltmgr.sys

0xF76AE000 PxHelp20.sys

0xF7472000 KSecDD.sys

0xF745F000 WudfPf.sys

0xF73D2000 Ntfs.sys

0xF73A5000 NDIS.sys

0xF738B000 Mup.sys

0xF6E9A000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF7B1A000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF6B0F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys

0xF6AFB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF6AD3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF799E000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF6AAF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF79A6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF6A9C000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys

0xF6E8A000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF6A7F000 \SystemRoot\system32\drivers\tifmsony.sys

0xF675C000 \SystemRoot\system32\DRIVERS\w29n51.sys

0xF79AE000 \SystemRoot\System32\Drivers\SonyNC.sys

0xF6E7A000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF79B6000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF6742000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0xF79BE000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF6E6A000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7B22000 \SystemRoot\system32\drivers\pfc.sys

0xF6E5A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF777E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF7CB0000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF778E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7B26000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF672B000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF779E000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF77AE000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF79C6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF671A000 \SystemRoot\system32\DRIVERS\psched.sys

0xF77BE000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF79CE000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF79D6000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF77CE000 \SystemRoot\System32\Drivers\pcouffin.sys

0xF77DE000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7B7C000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF66C3000 \SystemRoot\system32\DRIVERS\ks.sys

0xF6665000 \SystemRoot\system32\DRIVERS\update.sys

0xF7B3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF77EE000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xAA3E2000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xAA3BE000 \SystemRoot\system32\drivers\portcls.sys

0xF780E000 \SystemRoot\system32\drivers\drmk.sys

0xAA38C000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xAA298000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xAA1E7000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF79DE000 \SystemRoot\System32\Drivers\Modem.SYS

0xF782E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7B80000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7B82000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C30000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B84000 \SystemRoot\System32\Drivers\Beep.SYS

0xF79FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7A06000 \SystemRoot\System32\drivers\vga.sys

0xF7B86000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B88000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7A0E000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7A16000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7AE2000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAA18C000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAA133000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xAA10B000 \SystemRoot\system32\DRIVERS\netbt.sys

0xAA0E9000 \SystemRoot\System32\drivers\afd.sys

0xF783E000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7A1E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xAA0BE000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAA04E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF785E000 \SystemRoot\System32\Drivers\Fips.SYS

0xAA028000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF786E000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF787E000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xF7D6C000 \SystemRoot\system32\DRIVERS\DMICall.sys

0xA9F12000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xF7B92000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys

0xF6C1C000 \SystemRoot\System32\Drivers\ASPI32.SYS

0xA9E96000 \SystemRoot\System32\Drivers\usbvm321.sys

0xF771E000 \SystemRoot\System32\Drivers\STREAM.SYS

0xF78E6000 \SystemRoot\System32\Drivers\USBCAMD2.SYS

0xF78EE000 \SystemRoot\system32\DRIVERS\SonyImgF.sys

0xF78F6000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF7AF6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF772E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7AFA000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF7B06000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF776E000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA9E7E000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7BA4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF7ADE000 \SystemRoot\System32\drivers\Dxapi.sys

0xF792E000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7D3F000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF020000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF041000 \SystemRoot\System32\ialmdev5.DLL

0xBF075000 \SystemRoot\System32\ialmdd5.DLL

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xA9D29000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xA9CF5000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xA9CE9000 \SystemRoot\system32\DRIVERS\s24trans.sys

0xA9CC1000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA998C000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA994F000 \SystemRoot\system32\drivers\wdmaud.sys

0xA9BE9000 \SystemRoot\system32\drivers\sysaudio.sys

0xA92F6000 \SystemRoot\System32\Drivers\HTTP.sys

0xA9226000 \SystemRoot\system32\DRIVERS\srv.sys

0xA9403000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xF7BD4000 \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys

0xA8932000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):

0 System Idle Process

4 System

640 C:\WINDOWS\system32\smss.exe

688 csrss.exe

712 C:\WINDOWS\system32\winlogon.exe

760 C:\WINDOWS\system32\services.exe

772 C:\WINDOWS\system32\lsass.exe

936 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

948 C:\WINDOWS\system32\svchost.exe

1004 svchost.exe

1096 C:\WINDOWS\system32\svchost.exe

1128 C:\WINDOWS\system32\svchost.exe

1284 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

1432 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

1452 C:\WINDOWS\explorer.exe

1500 svchost.exe

1620 svchost.exe

1888 C:\WINDOWS\system32\BRSVC01A.EXE

1908 C:\WINDOWS\system32\BRSS01A.EXE

1916 C:\WINDOWS\system32\spoolsv.exe

1960 C:\Program Files\Avira\AntiVir Desktop\sched.exe

2024 svchost.exe

584 C:\Program Files\Apoint\Apoint.exe

360 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

660 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

676 C:\Program Files\Java\jre6\bin\jusched.exe

672 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

720 C:\WINDOWS\RTHDCPL.EXE

892 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

956 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

1048 C:\WINDOWS\system32\igfxpers.exe

1056 C:\WINDOWS\system32\hkcmd.exe

1168 C:\Program Files\iTunes\iTunesHelper.exe

1224 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

1244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

1364 C:\Program Files\Google\Gmail Notifier\gnotify.exe

1380 C:\Program Files\Windows Media Player\wmpnscfg.exe

1568 C:\WINDOWS\system32\ctfmon.exe

152 C:\Program Files\Apoint\ApntEx.exe

416 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

432 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

452 C:\Program Files\Bonjour\mDNSResponder.exe

1156 C:\WINDOWS\system32\svchost.exe

616 C:\Program Files\Java\jre6\bin\jqs.exe

1944 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

1592 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

1556 C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe

2256 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

2460 C:\WINDOWS\system32\svchost.exe

2576 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

2640 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

2884 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

3032 wmpnetwk.exe

3264 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

3544 igfxext.exe

3644 igfxsrvc.exe

448 C:\Program Files\iPod\bin\iPodService.exe

2268 alg.exe

3360 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3652 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3664 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3736 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3916 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2712 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3804 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

664 C:\Program Files\iTunes\iTunes.exe

4032 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

1756 C:\Documents and Settings\stephen\Desktop\Virus Cleaning\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 00000029

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.