|
-
August 29th, 2010, 08:19 AM
#1
CONTACTS IN ADDRESS BOOK RECEIVING SPAM EMAILS I DIDN'T SEND
I think my D's computer has a virus as her friends have been receiving spam emails from her...through her hotmail account. When I check the sent messages however, there is nothing there so it doesn't seem as though her account is compromised. I ran several virus scans/anti spyware and nothing was found...yet suddenly super antispyware hangs without completing a scan.
Here is the malwarebytes log...I hope you can help.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4469
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
8/29/2010 8:01:37 AM
mbam-log-2010-08-29 (08-01-37).txt
Scan type: Quick scan
Objects scanned: 133885
Time elapsed: 5 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
August 29th, 2010, 08:52 AM
#2
Here is the gmer log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 08:50:46
Windows 6.0.6002 Service Pack 2
Running: tnf4dsbb.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\fwdiruob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8C4F4620]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 621 81CC8D84 4 Bytes [20, 46, 4F, 8C]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2804] ntdll.dll!LdrLoadDll 770F9390 5 Bytes JMP 008713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4248] USER32.dll!TrackPopupMenu 75A814F3 5 Bytes JMP 6A2C721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74157817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7415BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7414F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7414E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74188395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7415DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7414FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7414FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7417C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7414D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74146853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7414687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74152AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[580] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001F0002
IAT C:\Windows\system32\services.exe[580] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001F0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
-
August 29th, 2010, 09:14 AM
#3
DDS (Ver_10-03-17.01) - NTFSx86
Run by STEPHANIE at 9:07:06.04 on Sun 08/29/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.731 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\VM302Snap.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\STEPHANIE\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Domino] c:\windows\Domino.exe
mRun: [BigDogPath] c:\windows\VM302Snap.exe Vimicro USB PC Camera (ZC0302)
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
StartupFolder: c:\users\stepha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\stepha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\stepha~1\appdata\roaming\mozilla\firefox\profiles\0agl23iw.newprofile0828\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\stephanie\appdata\roaming\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\users\stephanie\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\stephanie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-27 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-27 53328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 vvftav302;vvftav302;c:\windows\system32\drivers\vvftav302.sys [2007-3-18 475136]
=============== Created Last 30 ================
2010-08-25 00:15:35 0 d-----w- c:\program files\Lavasoft
2010-08-24 22:23:55 0 d-----w- c:\programdata\Lavasoft
2010-08-24 21:23:35 212404 ----a-w- C:\MGlogs.zip
2010-08-24 21:23:33 0 d-----w- C:\MGtools
2010-08-24 16:13:32 0 d-----w- c:\program files\Trend Micro
2010-08-24 14:20:02 0 d-----w- c:\users\stepha~1\appdata\roaming\Malwarebytes
2010-08-24 14:19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 14:19:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 14:19:54 0 d-----w- c:\programdata\Malwarebytes
2010-08-24 14:19:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 14:13:33 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-24 13:57:02 98816 ----a-w- c:\windows\sed.exe
2010-08-24 13:57:02 77312 ----a-w- c:\windows\MBR.exe
2010-08-24 13:57:02 256512 ----a-w- c:\windows\PEV.exe
2010-08-24 13:57:02 161792 ----a-w- c:\windows\SWREG.exe
2010-08-24 13:35:26 0 ----a-w- c:\users\stephanie\defogger_reenable
2010-08-22 17:35:14 0 d-----w- c:\program files\CCleaner
2010-08-21 13:30:24 0 d-----w- c:\program files\TeamViewer
2010-08-12 17:13:19 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 17:13:10 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-12 17:13:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-12 17:13:00 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 17:12:43 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 17:12:41 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 17:12:20 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 17:12:19 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 17:12:17 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 17:12:14 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 17:12:14 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 17:12:11 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
==================== Find3M ====================
2010-03-06 00:05:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-06 00:05:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-06 00:05:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-10 21:13:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-11 10:10:24 22 --sha-w- c:\windows\sminst\HPCD.SYS
============= FINISH: 9:11:07.34 ===============
-
August 29th, 2010, 09:14 AM
#4
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2008 12:24:38 AM
System Uptime: 8/29/2010 8:54:04 AM (1 hours ago)
Motherboard: Hewlett-Packard | | 30D9
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 1867/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 138 GiB total, 81.273 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 2.01 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP189: 8/22/2010 1:31:38 PM - Removed Java(TM) 6 Update 2
RP190: 8/22/2010 1:48:26 PM - Removed Logitech Vid.
RP191: 8/22/2010 1:51:01 PM - Removed Logitech Webcam Software.
RP192: 8/24/2010 9:39:48 AM - Windows Update
RP193: 8/24/2010 6:23:29 PM - Installed Ad-Aware 2007
RP194: 8/24/2010 6:27:41 PM - Removed Ad-Aware 2007
RP195: 8/24/2010 8:15:24 PM - Installed Ad-Aware
RP196: 8/27/2010 1:34:35 PM - Windows Update
==== Installed Programs ======================
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.2.3
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Antivirus
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CustomerResearchQFolder
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
dj_sf_software
dj_sf_software_req
DVD Suite
EA Link
EZVirtual Cam 2.0
Facebook Plug-In
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 B2
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0093
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 20
LabelPrint
LightScribe System Software 1.10.13.1
LimeWire 5.3.6
Logitech Vid
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
Network Magic
PanoStandAlone
Power2Go
PowerDirector
PSSWCORE
Pure Networks Platform
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype Toolbars
Skype™ 4.2
Status
SUPERAntiSpyware Free Edition
The Sims™ Life Stories
Toolbox
Touch Pad Driver
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
==== End Of File ===========================
-
August 29th, 2010, 11:19 AM
#5
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
==============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
August 29th, 2010, 01:59 PM
#6
Here is the mbr check
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario C700 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 151):
0x81C0C000 \SystemRoot\system32\ntkrnlpa.exe
0x81FC5000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80726000 \SystemRoot\system32\drivers\volmgr.sys
0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077F000 \SystemRoot\system32\drivers\intelide.sys
0x80786000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80794000 \SystemRoot\System32\drivers\mountmgr.sys
0x8220B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x822D3000 \SystemRoot\system32\drivers\atapi.sys
0x822DB000 \SystemRoot\system32\drivers\ataport.SYS
0x822F9000 \SystemRoot\system32\drivers\msahci.sys
0x82303000 \SystemRoot\system32\drivers\fltmgr.sys
0x82335000 \SystemRoot\system32\drivers\fileinfo.sys
0x82345000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A00000 \SystemRoot\system32\drivers\ndis.sys
0x87B0B000 \SystemRoot\system32\drivers\msrpc.sys
0x87B36000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C07000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F17000 \SystemRoot\system32\drivers\volsnap.sys
0x87F50000 \SystemRoot\System32\Drivers\spldr.sys
0x87F58000 \SystemRoot\System32\Drivers\mup.sys
0x87F67000 \SystemRoot\System32\drivers\ecache.sys
0x87F8E000 \SystemRoot\system32\drivers\disk.sys
0x87F9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FD6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FE1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FEA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87FF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87FFD000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87DD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87E00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87DE4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B806000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BE0F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BEAE000 \SystemRoot\System32\drivers\watchdog.sys
0x8BEBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BF47000 \SystemRoot\system32\DRIVERS\athr.sys
0x87DED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87B71000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87BAF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87BBE000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x87BCF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x87BE2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x823B6000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x87BED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x823E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87DF8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x807A4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x805BD000 \SystemRoot\system32\DRIVERS\storport.sys
0x82200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x807EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C204000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C227000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C236000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C24A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C25F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C26F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C271000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C29B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C2A5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C2B2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C2BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C2F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C301000 \SystemRoot\system32\drivers\CHDART.sys
0x8C331000 \SystemRoot\system32\drivers\portcls.sys
0x8C35E000 \SystemRoot\system32\drivers\drmk.sys
0x8C383000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C40C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C50F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C5C4000 \SystemRoot\system32\drivers\modem.sys
0x8C5D1000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8C5E3000 \SystemRoot\system32\drivers\USBD.SYS
0x8C5E5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C5EE000 \SystemRoot\System32\Drivers\Null.SYS
0x8C5F5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C400000 \SystemRoot\System32\drivers\vga.sys
0x8C3C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C3E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C3EA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C3F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C60D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C61B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C624000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C63A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C64E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8C658000 \SystemRoot\system32\drivers\afd.sys
0x8C6A0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8C6A4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C6D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C6EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C6FA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C70D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x8C72F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C735000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C771000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C77B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C792000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C7B3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87D0C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x92EE0000 \SystemRoot\System32\win32k.sys
0x8C7C0000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C7CA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93100000 \SystemRoot\System32\TSDDD.dll
0x93120000 \SystemRoot\System32\cdd.dll
0x8C7D9000 \SystemRoot\system32\drivers\luafv.sys
0x80C0D000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0x80C24000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x80C2C000 \SystemRoot\system32\drivers\spsys.sys
0x80CDC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80CEC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80D16000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80D20000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x80D2A000 \SystemRoot\system32\DRIVERS\purendis.sys
0x80D34000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80D47000 \SystemRoot\system32\drivers\HTTP.sys
0x80DB4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80DD1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80DEA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x85604000 \SystemRoot\system32\drivers\mrxdav.sys
0x85625000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x85644000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8567D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x85695000 \SystemRoot\System32\DRIVERS\srv2.sys
0x856BC000 \SystemRoot\System32\DRIVERS\srv.sys
0x8570A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x8570E000 \SystemRoot\system32\drivers\peauth.sys
0x857EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x80C00000 \SystemRoot\System32\drivers\tcpipreg.sys
0x857F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB2A0E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B70000 \WINDOWS\System32\ntdll.dll
Processes (total 86):
0 System Idle Process
4 System
416 C:\WINDOWS\System32\smss.exe
556 csrss.exe
600 C:\WINDOWS\System32\wininit.exe
612 csrss.exe
644 C:\WINDOWS\System32\services.exe
656 C:\WINDOWS\System32\lsass.exe
664 C:\WINDOWS\System32\lsm.exe
772 C:\WINDOWS\System32\winlogon.exe
848 C:\WINDOWS\System32\svchost.exe
924 C:\WINDOWS\System32\svchost.exe
964 C:\WINDOWS\System32\svchost.exe
1064 C:\WINDOWS\System32\svchost.exe
1136 C:\WINDOWS\System32\svchost.exe
1156 C:\WINDOWS\System32\svchost.exe
1232 C:\WINDOWS\System32\audiodg.exe
1264 C:\WINDOWS\System32\SLsvc.exe
1324 C:\WINDOWS\System32\svchost.exe
1472 C:\WINDOWS\System32\svchost.exe
1636 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1652 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1672 C:\Program Files\Alwil Software\Avast4\ashServ.exe
2012 C:\WINDOWS\System32\dwm.exe
2036 C:\WINDOWS\explorer.exe
436 C:\WINDOWS\System32\igfxtray.exe
424 C:\WINDOWS\System32\hkcmd.exe
440 C:\WINDOWS\System32\igfxpers.exe
12 C:\Program Files\Windows Defender\MSASCui.exe
548 C:\WINDOWS\System32\igfxsrvc.exe
408 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
748 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
972 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
1368 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1484 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1468 C:\Program Files\HP\QuickPlay\QPService.exe
832 C:\Program Files\iTunes\iTunesHelper.exe
1728 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1520 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1884 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
1908 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1980 C:\WINDOWS\Domino.exe
1616 C:\WINDOWS\VM302Snap.exe
2028 C:\Program Files\Apoint2K\Apoint.exe
308 C:\Program Files\Windows Sidebar\sidebar.exe
1016 C:\Program Files\Apoint2K\ApMsgFwd.exe
2060 C:\Program Files\Apoint2K\ApntEx.exe
2176 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2412 C:\Program Files\Skype\Phone\Skype.exe
2420 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2428 C:\Program Files\Logitech\Logitech Vid\Vid.exe
2436 C:\Program Files\Windows Media Player\wmpnscfg.exe
2444 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2468 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2664 C:\Program Files\Mozilla Firefox\firefox.exe
2836 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
3380 C:\WINDOWS\System32\taskeng.exe
3388 C:\WINDOWS\System32\spoolsv.exe
3432 C:\WINDOWS\System32\taskeng.exe
3476 C:\WINDOWS\System32\svchost.exe
3980 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
4000 C:\WINDOWS\System32\atashost.exe
4012 C:\Program Files\Bonjour\mDNSResponder.exe
4060 C:\WINDOWS\System32\svchost.exe
360 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2568 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2856 C:\WINDOWS\System32\svchost.exe
2684 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2968 C:\WINDOWS\System32\svchost.exe
3040 C:\WINDOWS\System32\svchost.exe
3112 C:\WINDOWS\System32\SearchIndexer.exe
3484 C:\WINDOWS\System32\drivers\XAudio.exe
3500 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3936 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
1732 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
4052 C:\Program Files\iPod\bin\iPodService.exe
4252 WmiPrvSE.exe
4604 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
4836 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4896 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5588 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1644 C:\WINDOWS\System32\sort.exe
5676 C:\WINDOWS\System32\SearchProtocolHost.exe
5744 C:\WINDOWS\System32\SearchFilterHost.exe
4680 C:\WINDOWS\explorer.exe
2632 C:\Users\STEPHANIE\Desktop\MBRCheck(2).exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`65285000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVS-60VAT0, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
-
August 29th, 2010, 02:05 PM
#7
OK, we have MBR issue here...
Run MBRCheck again.
When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter
When the program asks you to Enter your choice, enter 2 and press the Enter key.
Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.
Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.
Next the program will prompt for confirmation.
Type YES and hit Enter.
When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.
Then reboot, run MBRCheck again and post new log.
-
August 29th, 2010, 03:06 PM
#8
combo fix
ComboFix 10-08-28.02 - STEPHANIE 08/29/2010 14:05:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.871 [GMT -4:00]
Running from: c:\users\STEPHANIE\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.
2010-08-29 18:14 . 2010-08-29 18:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-29 18:14 . 2010-08-29 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-28 11:08 . 2010-08-28 11:08 63488 ----a-w- c:\users\STEPHANIE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-25 16:03 . 2010-08-25 17:27 -------- d-----w- c:\windows\BDOSCAN8
2010-08-25 00:15 . 2010-08-25 00:15 -------- d-----w- c:\program files\Lavasoft
2010-08-24 22:23 . 2010-08-24 22:27 -------- d-----w- c:\programdata\Lavasoft
2010-08-24 21:23 . 2010-08-24 21:34 212404 ----a-w- C:\MGlogs.zip
2010-08-24 21:23 . 2010-08-24 21:34 -------- d-----w- C:\MGtools
2010-08-24 16:13 . 2010-08-24 16:13 -------- d-----w- c:\program files\Trend Micro
2010-08-24 14:20 . 2010-08-24 14:20 -------- d-----w- c:\users\STEPHANIE\AppData\Roaming\Malwarebytes
2010-08-24 14:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 14:19 . 2010-08-24 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 14:19 . 2010-08-24 14:19 -------- d-----w- c:\programdata\Malwarebytes
2010-08-24 14:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 17:35 . 2010-08-22 17:35 -------- d-----w- c:\program files\CCleaner
2010-08-21 13:30 . 2010-08-21 13:30 -------- d-----w- c:\program files\TeamViewer
2010-08-12 17:13 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 17:13 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-12 17:13 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-12 17:13 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 17:12 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 17:12 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 17:12 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 17:12 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 17:12 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 17:12 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 17:12 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 17:12 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 12:56 . 2009-12-05 00:52 -------- d-----w- c:\users\STEPHANIE\AppData\Roaming\LimeWire
2010-08-29 12:55 . 2009-11-28 03:31 -------- d-----w- c:\users\STEPHANIE\AppData\Roaming\Skype
2010-08-28 18:02 . 2010-02-04 23:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-28 11:08 . 2010-02-04 23:39 117760 ----a-w- c:\users\STEPHANIE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-24 22:32 . 2010-02-04 23:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 17:52 . 2010-02-21 02:25 -------- d-----w- c:\program files\Logitech
2010-08-22 17:52 . 2010-02-21 02:15 -------- d-----w- c:\program files\Common Files\logishrd
2010-08-22 17:32 . 2008-02-27 08:26 -------- d-----w- c:\program files\Java
2010-08-22 17:32 . 2008-02-27 08:26 -------- d-----w- c:\program files\Common Files\Java
2010-08-22 16:24 . 2009-11-28 03:33 -------- d-----w- c:\users\STEPHANIE\AppData\Roaming\skypePM
2010-08-21 14:37 . 2008-02-27 07:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-18 15:12 . 2008-02-27 07:33 -------- d-----w- c:\program files\Microsoft Works
2010-08-18 14:59 . 2008-02-27 07:55 -------- d-----w- c:\programdata\Microsoft Help
2010-07-23 14:26 . 2010-07-23 14:26 -------- d-----w- c:\program files\Common Files\Skype
2010-06-01 01:23 . 2009-11-27 19:22 77016 ----a-w- c:\users\STEPHANIE\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-11 10:10 . 2009-11-27 23:39 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-03-27 49152]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
c:\users\STEPHANIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,a6,aa,dc,96,aa,ca,01
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-06 12872]
R3 vvftav302;vvftav302;c:\windows\system32\drivers\vvftav302.sys [2007-03-18 475136]
R3 ZSMC302;PLEOMAX PWC-3800;c:\windows\system32\Drivers\usbvm302.sys [x]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-06 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-21 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:05]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 18:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\STEPHANIE\AppData\Roaming\Mozilla\Firefox\Profiles\0agl23iw.newprofile0828\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\STEPHANIE\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\users\STEPHANIE\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\STEPHANIE\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 14:14
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1252)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2010-08-29 14:18:49
ComboFix-quarantined-files.txt 2010-08-29 18:18
ComboFix2.txt 2010-08-24 14:13
Pre-Run: 87,235,387,392 bytes free
Post-Run: 87,212,019,712 bytes free
- - End Of File - - BBC790EC45D92DE83C0E1571B256C7EF
-
August 29th, 2010, 03:09 PM
#9
2nd mbr check log
facturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario C700 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 150):
0x81C18000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD1000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\acpi.sys
0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E9000 \SystemRoot\system32\drivers\pci.sys
0x80710000 \SystemRoot\System32\drivers\partmgr.sys
0x8071F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80722000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072C000 \SystemRoot\system32\drivers\volmgr.sys
0x8073B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80785000 \SystemRoot\system32\drivers\intelide.sys
0x8078C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079A000 \SystemRoot\System32\drivers\mountmgr.sys
0x82208000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x822D0000 \SystemRoot\system32\drivers\atapi.sys
0x822D8000 \SystemRoot\system32\drivers\ataport.SYS
0x822F6000 \SystemRoot\system32\drivers\msahci.sys
0x82300000 \SystemRoot\system32\drivers\fltmgr.sys
0x82332000 \SystemRoot\system32\drivers\fileinfo.sys
0x82342000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A09000 \SystemRoot\system32\drivers\ndis.sys
0x87B14000 \SystemRoot\system32\drivers\msrpc.sys
0x87B3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0E000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F17000 \SystemRoot\system32\drivers\volsnap.sys
0x87F50000 \SystemRoot\System32\Drivers\spldr.sys
0x87F58000 \SystemRoot\System32\Drivers\mup.sys
0x87F67000 \SystemRoot\System32\drivers\ecache.sys
0x87F8E000 \SystemRoot\system32\drivers\disk.sys
0x87F9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FD6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FE1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FEA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87FF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87FFD000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87DDB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87E00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87DEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C209000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C2A8000 \SystemRoot\System32\drivers\watchdog.sys
0x8C2B4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C341000 \SystemRoot\system32\DRIVERS\athr.sys
0x87DF4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87B7A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87BB8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87BC7000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x87BD8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C3FA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x87C00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x823B3000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x87BEB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x823DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87BF6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x807AA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x805B4000 \SystemRoot\system32\DRIVERS\storport.sys
0x807D9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x805F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C623000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C632000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C646000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C65B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C66B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C66D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C697000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C6A1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C6AE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C6B7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C6EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C6FD000 \SystemRoot\system32\drivers\CHDART.sys
0x8C72D000 \SystemRoot\system32\drivers\portcls.sys
0x8C75A000 \SystemRoot\system32\drivers\drmk.sys
0x8C77F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C807000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C90A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C9BF000 \SystemRoot\system32\drivers\modem.sys
0x8C9CC000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8C9DE000 \SystemRoot\system32\drivers\USBD.SYS
0x8C9E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C9E9000 \SystemRoot\System32\Drivers\Null.SYS
0x8C9F0000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C7BD000 \SystemRoot\System32\drivers\vga.sys
0x8C7C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C9F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C7EA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C7F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CA0E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CA1C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CA25000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CA3B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CA4F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8CA59000 \SystemRoot\system32\drivers\afd.sys
0x8CAA1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8CAA5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CAD7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CAED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CAFB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CB0E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x8CB30000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8CB36000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CB72000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CB7C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CB93000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8CBB4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87D13000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93010000 \SystemRoot\System32\win32k.sys
0x8CBC1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CBCB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93230000 \SystemRoot\System32\TSDDD.dll
0x93250000 \SystemRoot\System32\cdd.dll
0x8CBDA000 \SystemRoot\system32\drivers\luafv.sys
0xA660E000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0xA6625000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xA662D000 \SystemRoot\system32\drivers\spsys.sys
0xA66DD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA66ED000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA6717000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6721000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA672B000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA6735000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA6748000 \SystemRoot\system32\drivers\HTTP.sys
0xA67B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA67D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA67EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAF608000 \SystemRoot\system32\drivers\mrxdav.sys
0xAF629000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF648000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAF681000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAF699000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAF6C0000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF70E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAF712000 \SystemRoot\system32\drivers\peauth.sys
0xAF7F0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6600000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF600000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x77020000 \WINDOWS\System32\ntdll.dll
Processes (total 86):
0 System Idle Process
4 System
416 C:\WINDOWS\System32\smss.exe
532 csrss.exe
576 C:\WINDOWS\System32\wininit.exe
588 csrss.exe
620 C:\WINDOWS\System32\services.exe
632 C:\WINDOWS\System32\lsass.exe
640 C:\WINDOWS\System32\lsm.exe
712 C:\WINDOWS\System32\winlogon.exe
820 C:\WINDOWS\System32\svchost.exe
896 C:\WINDOWS\System32\svchost.exe
936 C:\WINDOWS\System32\svchost.exe
1040 C:\WINDOWS\System32\svchost.exe
1108 C:\WINDOWS\System32\svchost.exe
1120 C:\WINDOWS\System32\svchost.exe
1188 C:\WINDOWS\System32\audiodg.exe
1232 C:\WINDOWS\System32\SLsvc.exe
1276 C:\WINDOWS\System32\svchost.exe
1444 C:\WINDOWS\System32\svchost.exe
1564 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1584 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1604 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1964 C:\WINDOWS\System32\dwm.exe
1992 C:\WINDOWS\explorer.exe
288 C:\WINDOWS\System32\igfxtray.exe
300 C:\WINDOWS\System32\hkcmd.exe
320 C:\WINDOWS\System32\igfxpers.exe
324 C:\Program Files\Windows Defender\MSASCui.exe
432 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
424 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
504 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
500 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
536 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
612 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
592 C:\Program Files\HP\QuickPlay\QPService.exe
568 C:\Program Files\iTunes\iTunesHelper.exe
812 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
636 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
828 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
956 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1116 C:\WINDOWS\Domino.exe
1176 C:\WINDOWS\VM302Snap.exe
1212 C:\Program Files\Apoint2K\Apoint.exe
1364 C:\Program Files\Windows Sidebar\sidebar.exe
1392 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
688 C:\Program Files\Apoint2K\ApMsgFwd.exe
1272 C:\Program Files\Skype\Phone\Skype.exe
1936 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2036 C:\Program Files\Logitech\Logitech Vid\Vid.exe
1088 C:\Program Files\Windows Media Player\wmpnscfg.exe
1100 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
1032 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
1208 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2080 C:\WINDOWS\System32\igfxsrvc.exe
2196 C:\Program Files\Apoint2K\ApntEx.exe
2736 C:\Program Files\Mozilla Firefox\firefox.exe
2860 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
3032 C:\Program Files\Mozilla Firefox\plugin-container.exe
3452 C:\WINDOWS\System32\spoolsv.exe
3476 C:\WINDOWS\System32\svchost.exe
3532 C:\WINDOWS\System32\taskeng.exe
3616 C:\WINDOWS\System32\taskeng.exe
3700 <unknown>
4032 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
4052 C:\WINDOWS\System32\atashost.exe
4084 C:\Program Files\Bonjour\mDNSResponder.exe
972 C:\WINDOWS\System32\svchost.exe
1956 <unknown>
1884 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1384 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2976 C:\WINDOWS\System32\svchost.exe
3088 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3156 C:\WINDOWS\System32\svchost.exe
3220 C:\WINDOWS\System32\svchost.exe
3272 C:\WINDOWS\System32\SearchIndexer.exe
2908 C:\WINDOWS\System32\drivers\XAudio.exe
2272 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3792 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3184 WmiPrvSE.exe
1892 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
4424 C:\Users\STEPHANIE\Desktop\MBRCheck(2).exe
5024 WmiPrvSE.exe
5032 C:\Program Files\Windows Media Player\wmpnetwk.exe
5344 C:\Program Files\iPod\bin\iPodService.exe
5508 <unknown>
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`65285000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVS-60VAT0, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
-
August 29th, 2010, 03:14 PM
#10
Then reboot, run MBRCheck again and post new log.
...
-
August 29th, 2010, 03:22 PM
#11
next mbr after reboot
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario C700 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 151):
0x81C1C000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD5000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\system32\drivers\intelide.sys
0x8078B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80799000 \SystemRoot\System32\drivers\mountmgr.sys
0x8220F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x822D7000 \SystemRoot\system32\drivers\atapi.sys
0x822DF000 \SystemRoot\system32\drivers\ataport.SYS
0x822FD000 \SystemRoot\system32\drivers\msahci.sys
0x82307000 \SystemRoot\system32\drivers\fltmgr.sys
0x82339000 \SystemRoot\system32\drivers\fileinfo.sys
0x82349000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A0A000 \SystemRoot\system32\drivers\ndis.sys
0x87B15000 \SystemRoot\system32\drivers\msrpc.sys
0x87B40000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0F000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F18000 \SystemRoot\system32\drivers\volsnap.sys
0x87F51000 \SystemRoot\System32\Drivers\spldr.sys
0x87F59000 \SystemRoot\System32\Drivers\mup.sys
0x87F68000 \SystemRoot\System32\drivers\ecache.sys
0x87F8F000 \SystemRoot\system32\drivers\disk.sys
0x87FA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC1000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FE2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FEB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87FFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87E00000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87DDC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87DEC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87DF3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B805000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BE0E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BEAD000 \SystemRoot\System32\drivers\watchdog.sys
0x8BEB9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BF46000 \SystemRoot\system32\DRIVERS\athr.sys
0x87C00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87B7B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87BB9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87BC8000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x87BD9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x87BEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x823BA000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x823E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x807A9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87BF7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x807C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x805B2000 \SystemRoot\system32\DRIVERS\storport.sys
0x823F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C00D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C024000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C02F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C052000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C061000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C075000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C08A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C09A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C09C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C0C6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C0D0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C0DD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C0E6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C11B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C12C000 \SystemRoot\system32\drivers\CHDART.sys
0x8C15C000 \SystemRoot\system32\drivers\portcls.sys
0x8C189000 \SystemRoot\system32\drivers\drmk.sys
0x8C1AE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C202000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C305000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C3BA000 \SystemRoot\system32\drivers\modem.sys
0x8C3C7000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8C3D9000 \SystemRoot\system32\drivers\USBD.SYS
0x8C3DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C3E4000 \SystemRoot\System32\Drivers\Null.SYS
0x8C3EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3F2000 \SystemRoot\System32\drivers\vga.sys
0x8C402000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C423000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C42B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C433000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C43E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C44C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C455000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C46B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C47F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8C489000 \SystemRoot\system32\drivers\afd.sys
0x8C4D1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8C4D5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C507000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C51D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C52B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C53E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x8C560000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C566000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C5A2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C5AC000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C5C3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C5E4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87D14000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x92AF0000 \SystemRoot\System32\win32k.sys
0x8C5F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C1EC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92D10000 \SystemRoot\System32\TSDDD.dll
0x92D30000 \SystemRoot\System32\cdd.dll
0xA6609000 \SystemRoot\system32\drivers\luafv.sys
0xA6624000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0xA663B000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xA6643000 \SystemRoot\system32\drivers\spsys.sys
0xA66F3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA6703000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA672D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6737000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA6741000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA674B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA675E000 \SystemRoot\system32\drivers\HTTP.sys
0xA67CB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAF40E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAF427000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAF43C000 \SystemRoot\system32\drivers\mrxdav.sys
0xAF45D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF47C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAF4B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAF4CD000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAF4F4000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF542000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x85808000 \SystemRoot\system32\drivers\peauth.sys
0x858E6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x858F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x858FC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x85904000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x771C0000 \WINDOWS\System32\ntdll.dll
Processes (total 88):
0 System Idle Process
4 System
440 C:\WINDOWS\System32\smss.exe
556 csrss.exe
600 C:\WINDOWS\System32\wininit.exe
612 csrss.exe
644 C:\WINDOWS\System32\services.exe
656 C:\WINDOWS\System32\lsass.exe
664 C:\WINDOWS\System32\lsm.exe
772 C:\WINDOWS\System32\winlogon.exe
848 C:\WINDOWS\System32\svchost.exe
924 C:\WINDOWS\System32\svchost.exe
964 C:\WINDOWS\System32\svchost.exe
1076 C:\WINDOWS\System32\svchost.exe
1128 C:\WINDOWS\System32\svchost.exe
1148 C:\WINDOWS\System32\svchost.exe
1220 C:\WINDOWS\System32\audiodg.exe
1252 C:\WINDOWS\System32\SLsvc.exe
1288 C:\WINDOWS\System32\svchost.exe
1480 C:\WINDOWS\System32\svchost.exe
1596 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1612 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1632 C:\Program Files\Alwil Software\Avast4\ashServ.exe
2016 C:\WINDOWS\System32\dwm.exe
212 C:\WINDOWS\explorer.exe
384 C:\WINDOWS\System32\igfxtray.exe
460 C:\WINDOWS\System32\hkcmd.exe
448 C:\WINDOWS\System32\igfxpers.exe
524 C:\Program Files\Windows Defender\MSASCui.exe
520 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
560 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
432 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
596 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
856 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1140 C:\Program Files\HP\QuickPlay\QPService.exe
1332 C:\Program Files\iTunes\iTunesHelper.exe
1412 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1472 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1564 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
832 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1020 C:\WINDOWS\Domino.exe
1136 C:\WINDOWS\VM302Snap.exe
1572 C:\Program Files\Apoint2K\Apoint.exe
804 C:\Program Files\Windows Sidebar\sidebar.exe
716 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1240 C:\Program Files\Skype\Phone\Skype.exe
1204 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1852 C:\Program Files\Logitech\Logitech Vid\Vid.exe
1848 C:\Program Files\Windows Media Player\wmpnscfg.exe
1844 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
1884 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
1964 C:\WINDOWS\System32\igfxsrvc.exe
1340 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
464 C:\Program Files\Apoint2K\ApMsgFwd.exe
2212 C:\Program Files\Apoint2K\ApntEx.exe
2744 C:\Program Files\Mozilla Firefox\firefox.exe
2892 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
3044 C:\Program Files\Mozilla Firefox\plugin-container.exe
3128 C:\WINDOWS\System32\taskeng.exe
3172 C:\WINDOWS\System32\spoolsv.exe
3196 C:\WINDOWS\System32\svchost.exe
3236 C:\WINDOWS\System32\taskeng.exe
3764 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3784 C:\WINDOWS\System32\atashost.exe
3796 C:\Program Files\Bonjour\mDNSResponder.exe
3840 C:\WINDOWS\System32\svchost.exe
4004 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
4044 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1988 C:\WINDOWS\System32\svchost.exe
2280 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2668 C:\WINDOWS\System32\svchost.exe
2060 C:\WINDOWS\System32\svchost.exe
2872 C:\WINDOWS\System32\SearchIndexer.exe
3292 C:\WINDOWS\System32\drivers\XAudio.exe
3404 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3668 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2520 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3572 C:\Program Files\Windows Media Player\wmpnetwk.exe
4192 WmiPrvSE.exe
4372 C:\Program Files\iPod\bin\iPodService.exe
4452 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4560 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5108 C:\WINDOWS\System32\SearchProtocolHost.exe
5300 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
5608 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2640 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5652 C:\WINDOWS\System32\SearchFilterHost.exe
1900 C:\Users\STEPHANIE\Desktop\MBRCheck(2).exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`65285000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVS-60VAT0, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
August 29th, 2010, 03:28 PM
#12
Unfortunately, our fix didn't work, so we we'll try another way....
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)
- Place a blank CD in your CD drive.
- Double click on NTBR_CD.exe file and a folder of the same name will appear.
- Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
- Follow the prompts to burn the CD.
- Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
- If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
- Insert the newly created CD into your infected PC and reboot your computer.
- Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
- Read the warning and then continue as prompted.
- You first need to select your keyboard layout - press Enter for English.
- Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
- On the following screen enter 5 to select Install Standard MBR code.
- Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
- When asked to confirm please do so.
- Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
- Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted run MBRCheck one more time and let me have the log produced.
-
August 29th, 2010, 03:31 PM
#13
It will take me a while for the cd as we are on vacation so I don't have a cd available...will buy one today and post later on today. Thank you for your help.
-
August 29th, 2010, 03:45 PM
#14
No problem 
-
August 29th, 2010, 09:05 PM
#15
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario C700 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 150):
0x81C4C000 \SystemRoot\system32\ntkrnlpa.exe
0x81C19000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\system32\drivers\intelide.sys
0x8078E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8220D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x822D5000 \SystemRoot\system32\drivers\atapi.sys
0x822DD000 \SystemRoot\system32\drivers\ataport.SYS
0x822FB000 \SystemRoot\system32\drivers\msahci.sys
0x82305000 \SystemRoot\system32\drivers\fltmgr.sys
0x82337000 \SystemRoot\system32\drivers\fileinfo.sys
0x82347000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A0F000 \SystemRoot\system32\drivers\ndis.sys
0x87B1A000 \SystemRoot\system32\drivers\msrpc.sys
0x87B45000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0B000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F1A000 \SystemRoot\system32\drivers\volsnap.sys
0x87F53000 \SystemRoot\System32\Drivers\spldr.sys
0x87F5B000 \SystemRoot\System32\Drivers\mup.sys
0x87F6A000 \SystemRoot\System32\drivers\ecache.sys
0x87F91000 \SystemRoot\system32\drivers\disk.sys
0x87FA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC3000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FD9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FE4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FED000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87FFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87E00000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87DD8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87E03000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87DE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B608000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BC11000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BCB0000 \SystemRoot\System32\drivers\watchdog.sys
0x8BCBC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BE0B000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BEC4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BECF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BF0D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BF1C000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x8BF2D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BF40000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8BF45000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BF50000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8BF7C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BF87000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BF9F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BFA5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BD49000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BFD4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BFDF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BD8A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BDAD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BDBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BDD0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BDE5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BFF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87B80000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BDF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87DF1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x87BAA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87BDF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x823B8000 \SystemRoot\system32\drivers\CHDART.sys
0x807AC000 \SystemRoot\system32\drivers\portcls.sys
0x807D9000 \SystemRoot\system32\drivers\drmk.sys
0x805BC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C200000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C303000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C3B8000 \SystemRoot\system32\drivers\modem.sys
0x8C3C5000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8C3D7000 \SystemRoot\system32\drivers\USBD.SYS
0x8C3D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C3E2000 \SystemRoot\System32\Drivers\Null.SYS
0x8C3E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3F0000 \SystemRoot\System32\drivers\vga.sys
0x8C402000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C423000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C42B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C433000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C43E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C44C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C455000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C46B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C47F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8C489000 \SystemRoot\system32\drivers\afd.sys
0x8C4D1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8C4D5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C507000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C51D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C52B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C53E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x8C560000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C566000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C5A2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C5AC000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C5C3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C5E4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87D10000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93A80000 \SystemRoot\System32\win32k.sys
0x8C5F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x87BF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93CA0000 \SystemRoot\System32\TSDDD.dll
0x93CC0000 \SystemRoot\System32\cdd.dll
0xA6A0E000 \SystemRoot\system32\drivers\luafv.sys
0xA6A29000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0xA6A40000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xA6A48000 \SystemRoot\system32\drivers\spsys.sys
0xA6AF8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA6B08000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA6B32000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6B3C000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA6B46000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA6B50000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA6B63000 \SystemRoot\system32\drivers\HTTP.sys
0xA6BD0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x85806000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8581F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x85834000 \SystemRoot\system32\drivers\mrxdav.sys
0x85855000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x85874000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x858AD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x858C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x858EC000 \SystemRoot\System32\DRIVERS\srv.sys
0x8593A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB0C05000 \SystemRoot\system32\drivers\peauth.sys
0xB0CE3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB0CED000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0CF9000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x777E0000 \WINDOWS\System32\ntdll.dll
Processes (total 80):
0 System Idle Process
4 System
416 C:\WINDOWS\System32\smss.exe
492 csrss.exe
536 C:\WINDOWS\System32\wininit.exe
548 csrss.exe
580 C:\WINDOWS\System32\services.exe
592 C:\WINDOWS\System32\lsass.exe
600 C:\WINDOWS\System32\lsm.exe
704 C:\WINDOWS\System32\winlogon.exe
784 C:\WINDOWS\System32\svchost.exe
856 C:\WINDOWS\System32\svchost.exe
896 C:\WINDOWS\System32\svchost.exe
952 C:\WINDOWS\System32\svchost.exe
1012 C:\WINDOWS\System32\svchost.exe
1056 C:\WINDOWS\System32\svchost.exe
1160 C:\WINDOWS\System32\audiodg.exe
1188 C:\WINDOWS\System32\SLsvc.exe
1232 C:\WINDOWS\System32\svchost.exe
1432 C:\WINDOWS\System32\svchost.exe
1560 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1576 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1600 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1948 C:\WINDOWS\System32\dwm.exe
1976 C:\WINDOWS\explorer.exe
220 C:\WINDOWS\System32\igfxtray.exe
224 C:\WINDOWS\System32\hkcmd.exe
284 C:\WINDOWS\System32\igfxpers.exe
292 C:\Program Files\Windows Defender\MSASCui.exe
324 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
436 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
440 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
464 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
456 C:\WINDOWS\System32\igfxsrvc.exe
776 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
988 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1052 C:\Program Files\HP\QuickPlay\QPService.exe
1148 C:\Program Files\iTunes\iTunesHelper.exe
1204 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1336 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1360 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
1384 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1420 C:\WINDOWS\Domino.exe
1416 C:\WINDOWS\VM302Snap.exe
1448 C:\Program Files\Apoint2K\Apoint.exe
768 C:\Program Files\Windows Sidebar\sidebar.exe
1644 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1312 C:\Program Files\Skype\Phone\Skype.exe
1640 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
848 C:\Program Files\Logitech\Logitech Vid\Vid.exe
1784 C:\Program Files\Windows Media Player\wmpnscfg.exe
1132 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
1536 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
1872 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
296 C:\Program Files\Apoint2K\ApMsgFwd.exe
2152 C:\Program Files\Apoint2K\ApntEx.exe
3132 C:\WINDOWS\System32\taskeng.exe
3148 C:\WINDOWS\System32\spoolsv.exe
3176 C:\WINDOWS\System32\taskeng.exe
3232 C:\WINDOWS\System32\svchost.exe
3304 C:\Program Files\Google\Update\GoogleUpdate.exe
3684 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3704 C:\WINDOWS\System32\atashost.exe
3716 C:\Program Files\Bonjour\mDNSResponder.exe
3748 C:\Program Files\Google\Update\GoogleUpdate.exe
3772 C:\WINDOWS\System32\svchost.exe
3884 C:\Program Files\Google\Update\GoogleUpdate.exe
3968 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
4020 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2440 C:\WINDOWS\System32\svchost.exe
1940 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1168 C:\WINDOWS\System32\svchost.exe
968 C:\WINDOWS\System32\svchost.exe
2748 C:\WINDOWS\System32\SearchIndexer.exe
2816 C:\WINDOWS\System32\drivers\XAudio.exe
2836 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2928 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3460 C:\WINDOWS\System32\mobsync.exe
3468 C:\Users\STEPHANIE\Desktop\MBRCheck(2).exe
3908 WmiPrvSE.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`65285000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVS-60VAT0, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
