Vshare Redirect for Firefox & IE

Question

Dan1989 0 Newbie Poster

13 Years Ago

Hi,

I have a Vshare redirect that goes straight to vshare.toolbarhome.com/?hp=df when I open Internet Explorer. I thought I had got rid of it on Firefox as I edited the URL to about:home but when I input a search it goes straight back to the Vshare URL search link. I've posted all the correct logs below.

Also when I ran the DDS scan it took a while as I had to keep clicking to verify all the programs actions with Comodo Firewall, and after the scan my PC 'blue screened' so I had to rescan this after my computer rebooted.

Could someone please help me remove the redirect?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6569

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

13/05/2011 21:10:11
mbam-log-2011-05-13 (21-10-11).txt

Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 310989
Time elapsed: 1 hour(s), 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER One.log
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-13 19:33:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f WDC_WD64 rev.01.0
Running: qwinwjwx.exe; Driver: C:\Users\Dan\AppData\Local\Temp\pwldapow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-13 20:04:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 WDC_WD64 rev.01.0
Running: qwinwjwx.exe; Driver: C:\Users\Dan\AppData\Local\Temp\pwldapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x92E7AE02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x92E7C3AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x92E7AFEE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x9344BFC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x92E7A12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x9344CA56]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x92E7A00C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x92E7A7FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x92E7C03C]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwCreateThread [0x93484DB6]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwDeleteFile [0x93483E12]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x9345027C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x934502AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x92E7BA4C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x93450410]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x92E7A3F4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x9344CB2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x9344C104]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x92E7A698]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x9344C2F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x9344C428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x93450386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x934502F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x93450322]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x92E7B4E8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x93450354]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x92E7B79C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x9344BF66]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwSetInformationFile [0x93483E86]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x92E7BD44]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwSetValueKey [0x93484C92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x92E7A35E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x9344BF02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x92E7A584]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwTerminateProcess [0x93483D98]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x9344BE9E]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwCreateThreadEx [0x93484E54]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dan at 0:28:16.11 on 14/05/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1520 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
D:\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Dan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3200
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: VirtualCamera IEMenu Class: {0246a1a7-820a-469a-85a7-7b7f01eb808c} - c:\program files\virtualcamera\VirtualCameraMenu.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WebcamMaxAutoRun] "c:\program files\webcammax\WebcamMax.exe" -a
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Skytel] Skytel.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\dan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://acer.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\3x2d4t28.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kLU0QgDz&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\dan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kLU0QgDz&q=
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-8 53816]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-19 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-3 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 36568]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-8 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-8 158904]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-4-30 269448]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-19 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-19 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-12 148744]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;d:\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-8 870200]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-4-30 43552]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 350720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ada32547ff0c;Google Update Service (gupdate1c9ada32547ff0c);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-13 23:09:11 -------- d-----w- c:\users\dan\appdata\local\Apple Computer
2011-05-13 12:27:22 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f944085b-1d4c-492f-88eb-50372102f366}\mpengine.dll
2011-05-13 12:26:42 -------- d-----w- c:\users\dan\appdata\local\{A816051F-B99F-4AF6-926F-2C654B57A3D7}
2011-05-12 12:36:17 -------- d-----w- c:\users\dan\appdata\local\{88FE1C04-3201-406E-A8CA-E53433FFB850}
2011-05-11 16:01:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-11 15:55:43 -------- d-----w- c:\users\dan\appdata\local\{A03487A6-45C1-48F6-B824-09AA5C43C02F}
2011-05-10 14:18:27 -------- d-----w- c:\users\dan\appdata\local\{13D3AD46-0CA4-4AFF-A336-949539FA3B75}
2011-05-09 23:14:52 -------- d-----w- c:\users\dan\appdata\local\{74ACF287-4341-48F3-AEA1-DE1D1FDDABF7}
2011-05-08 17:28:10 -------- d-----w- c:\users\dan\appdata\local\{3FFA7187-242F-43C3-8AA9-19383EBD8261}
2011-05-07 13:26:56 -------- d-----w- c:\users\dan\appdata\local\{12C0FE08-5E79-446C-A6ED-AD57BF789E5A}
2011-05-06 11:14:05 -------- d-----w- c:\users\dan\appdata\local\{1FEB6720-AE24-445F-80AD-9E761291032B}
2011-05-05 21:05:57 -------- d-----w- c:\users\dan\appdata\local\{8D743B0F-018C-4560-8430-F9A5C6B00BC2}
2011-05-04 19:04:28 -------- d-----w- c:\users\dan\appdata\local\{BF7AB647-A154-4339-93C1-418FC9F04099}
2011-05-03 18:34:42 -------- d-----w- c:\users\dan\appdata\local\{8EE0DB84-A497-472D-A51B-C78A68866688}
2011-05-02 12:40:19 -------- d-----w- c:\users\dan\appdata\local\{D940CFCC-E889-4495-A9F2-A51C9731E54F}
2011-05-01 19:09:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-01 19:09:28 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-01 19:09:28 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-01 19:09:28 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-01 19:09:28 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-01 19:09:28 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-01 19:09:28 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-01 19:09:28 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-30 18:39:58 -------- d-----w- c:\users\dan\appdata\local\{4E24F242-5300-4361-9779-81AECF96564B}
2011-04-29 23:31:41 -------- d-----w- c:\users\dan\appdata\local\{71A261DC-E243-420E-8211-311489A371CA}
2011-04-28 22:25:57 -------- d-----w- c:\users\dan\appdata\local\{E43BD2EB-3B05-4E55-893D-E48B8A89A0D2}
2011-04-27 13:12:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 13:12:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 13:12:01 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 13:07:40 -------- d-----w- c:\users\dan\appdata\local\{28538C96-7FB9-4A6C-AF55-BCD118488476}
2011-04-26 15:25:16 -------- d-----w- c:\program files\iPod
2011-04-26 15:25:14 -------- d-----w- c:\program files\iTunes
2011-04-26 15:22:40 -------- d-----w- c:\program files\Bonjour
2011-04-26 11:32:39 -------- d-----w- c:\users\dan\appdata\local\{BBA70595-B234-473F-86CA-442BF3DA04DD}
2011-04-24 11:55:16 -------- d-----w- c:\users\dan\appdata\local\{5F45D905-79DC-4E91-B57E-0220E659C580}
2011-04-22 10:41:42 -------- d-----w- c:\users\dan\appdata\local\{014FCAE7-6FA2-406C-9900-BC41A5E39873}
2011-04-21 12:00:57 -------- d-----w- c:\users\dan\appdata\local\{0940D61A-F09A-4C76-B168-AD27210A3F55}
2011-04-20 10:47:20 -------- d-----w- c:\users\dan\appdata\local\{313B135F-E0DD-4F48-97BB-C3312D73922F}
2011-04-19 15:25:51 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-04-19 15:21:09 -------- d-----w- c:\windows\system32\kodak
2011-04-19 13:02:29 -------- d-----w- c:\users\dan\appdata\local\{4BE42DDE-DB42-4654-902A-BE24EA0BADE5}
2011-04-18 12:48:44 -------- d-----w- c:\users\dan\appdata\local\{A90837B4-BB58-4B6C-AE22-12A9FC6B7478}
2011-04-17 19:56:43 -------- d-----w- c:\users\dan\appdata\local\{BEB9C130-2AE2-43A3-A3BB-10C2F57867F7}
2011-04-16 11:58:48 -------- d-----w- c:\users\dan\appdata\local\{9E9CC69A-501F-48F3-B350-0AE31B2985D4}
2011-04-15 12:13:07 -------- d-----w- c:\users\dan\appdata\local\{0992C422-393B-42CF-A7E6-38B6FEDBC2F9}
2011-04-14 17:24:02 -------- d-----w- c:\users\dan\appdata\local\{9629D358-AF4E-4A2F-961D-5076E32221E6}
2011-04-14 17:23:48 -------- d-----w- c:\users\dan\appdata\local\Trusteer
2011-04-14 17:19:51 -------- d-----w- c:\windows\en
2011-04-14 17:17:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-14 17:15:33 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-14 17:15:33 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-14 17:15:33 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-14 16:47:34 -------- d-----w- c:\users\dan\appdata\local\{51AE5E04-A3BF-4A3E-9AED-7A09B0243B02}
2011-04-14 13:08:06 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 13:08:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 02:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 02:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-04 19:13:05 284744 ----a-w- c:\windows\system32\guard32.dll
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 06:49:02 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 06:45:02 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 0:38:10.55 ===============

GMER Two.log
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-13 20:04:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 WDC_WD64 rev.01.0
Running: qwinwjwx.exe; Driver: C:\Users\Dan\AppData\Local\Temp\pwldapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x92E7AE02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x92E7C3AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x92E7AFEE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x9344BFC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x92E7A12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x9344CA56]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x92E7A00C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x92E7A7FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x92E7C03C]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwCreateThread [0x93484DB6]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwDeleteFile [0x93483E12]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x9345027C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x934502AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x92E7BA4C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x93450410]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x92E7A3F4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x9344CB2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x9344C104]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x92E7A698]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x9344C2F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x9344C428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x93450386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x934502F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x93450322]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x92E7B4E8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x93450354]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x92E7B79C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x9344BF66]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwSetInformationFile [0x93483E86]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x92E7BD44]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwSetValueKey [0x93484C92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x92E7A35E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x9344BF02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x92E7A584]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwTerminateProcess [0x93483D98]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x9344BE9E]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys ZwCreateThreadEx [0x93484E54]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dan at 0:28:16.11 on 14/05/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1520 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
D:\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\vVX1000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Dan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3200
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: VirtualCamera IEMenu Class: {0246a1a7-820a-469a-85a7-7b7f01eb808c} - c:\program files\virtualcamera\VirtualCameraMenu.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WebcamMaxAutoRun] "c:\program files\webcammax\WebcamMax.exe" -a
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Skytel] Skytel.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\dan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://acer.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\3x2d4t28.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kLU0QgDz&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\dan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kLU0QgDz&q=
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-8 53816]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-19 294608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-3 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 36568]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-8 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-8 158904]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-4-30 269448]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-19 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-19 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-12 148744]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;d:\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-8 870200]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-4-30 43552]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 350720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ada32547ff0c;Google Update Service (gupdate1c9ada32547ff0c);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-13 23:09:11 -------- d-----w- c:\users\dan\appdata\local\Apple Computer
2011-05-13 12:27:22 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f944085b-1d4c-492f-88eb-50372102f366}\mpengine.dll
2011-05-13 12:26:42 -------- d-----w- c:\users\dan\appdata\local\{A816051F-B99F-4AF6-926F-2C654B57A3D7}
2011-05-12 12:36:17 -------- d-----w- c:\users\dan\appdata\local\{88FE1C04-3201-406E-A8CA-E53433FFB850}
2011-05-11 16:01:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-11 15:55:43 -------- d-----w- c:\users\dan\appdata\local\{A03487A6-45C1-48F6-B824-09AA5C43C02F}
2011-05-10 14:18:27 -------- d-----w- c:\users\dan\appdata\local\{13D3AD46-0CA4-4AFF-A336-949539FA3B75}
2011-05-09 23:14:52 -------- d-----w- c:\users\dan\appdata\local\{74ACF287-4341-48F3-AEA1-DE1D1FDDABF7}
2011-05-08 17:28:10 -------- d-----w- c:\users\dan\appdata\local\{3FFA7187-242F-43C3-8AA9-19383EBD8261}
2011-05-07 13:26:56 -------- d-----w- c:\users\dan\appdata\local\{12C0FE08-5E79-446C-A6ED-AD57BF789E5A}
2011-05-06 11:14:05 -------- d-----w- c:\users\dan\appdata\local\{1FEB6720-AE24-445F-80AD-9E761291032B}
2011-05-05 21:05:57 -------- d-----w- c:\users\dan\appdata\local\{8D743B0F-018C-4560-8430-F9A5C6B00BC2}
2011-05-04 19:04:28 -------- d-----w- c:\users\dan\appdata\local\{BF7AB647-A154-4339-93C1-418FC9F04099}
2011-05-03 18:34:42 -------- d-----w- c:\users\dan\appdata\local\{8EE0DB84-A497-472D-A51B-C78A68866688}
2011-05-02 12:40:19 -------- d-----w- c:\users\dan\appdata\local\{D940CFCC-E889-4495-A9F2-A51C9731E54F}
2011-05-01 19:09:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-01 19:09:28 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-01 19:09:28 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-01 19:09:28 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-01 19:09:28 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-01 19:09:28 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-01 19:09:28 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-01 19:09:28 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-30 18:39:58 -------- d-----w- c:\users\dan\appdata\local\{4E24F242-5300-4361-9779-81AECF96564B}
2011-04-29 23:31:41 -------- d-----w- c:\users\dan\appdata\local\{71A261DC-E243-420E-8211-311489A371CA}
2011-04-28 22:25:57 -------- d-----w- c:\users\dan\appdata\local\{E43BD2EB-3B05-4E55-893D-E48B8A89A0D2}
2011-04-27 13:12:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 13:12:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 13:12:01 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 13:07:40 -------- d-----w- c:\users\dan\appdata\local\{28538C96-7FB9-4A6C-AF55-BCD118488476}
2011-04-26 15:25:16 -------- d-----w- c:\program files\iPod
2011-04-26 15:25:14 -------- d-----w- c:\program files\iTunes
2011

windows-virus

2 Contributors
9 Replies
381 Views
1 Week Discussion Span
Latest Post 13 Years Ago Latest Post by crunchie

crunchie 990 Most Valuable Poster

13 Years Ago

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

crunchie 990 Most Valuable Poster

13 Years Ago

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

crunchie 990 Most Valuable Poster

13 Years Ago

Try this one:

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Dan1989 0 Newbie Poster · Answer 1 · 2011-05-15T00:40:49+00:00

Thanks for the reply Crunchie. The scan did not find any files that were infected or suspicious, here is the log below:

2011/05/14 19:38:34.0954 4232 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/14 19:38:35.0250 4232 ================================================================================
2011/05/14 19:38:35.0250 4232 SystemInfo:
2011/05/14 19:38:35.0250 4232
2011/05/14 19:38:35.0250 4232 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/14 19:38:35.0250 4232 Product type: Workstation
2011/05/14 19:38:35.0250 4232 ComputerName: DAN-PC
2011/05/14 19:38:35.0251 4232 UserName: Dan
2011/05/14 19:38:35.0251 4232 Windows directory: C:\Windows
2011/05/14 19:38:35.0251 4232 System windows directory: C:\Windows
2011/05/14 19:38:35.0251 4232 Processor architecture: Intel x86
2011/05/14 19:38:35.0251 4232 Number of processors: 3
2011/05/14 19:38:35.0251 4232 Page size: 0x1000
2011/05/14 19:38:35.0251 4232 Boot type: Normal boot
2011/05/14 19:38:35.0251 4232 ================================================================================
2011/05/14 19:38:35.0771 4232 Initialize success
2011/05/14 19:38:40.0150 2592 ================================================================================
2011/05/14 19:38:40.0150 2592 Scan started
2011/05/14 19:38:40.0150 2592 Mode: Manual;
2011/05/14 19:38:40.0150 2592 ================================================================================
2011/05/14 19:38:40.0522 2592 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/14 19:38:40.0825 2592 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/14 19:38:40.0874 2592 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/14 19:38:40.0928 2592 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/14 19:38:40.0959 2592 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/14 19:38:41.0026 2592 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/14 19:38:41.0062 2592 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/14 19:38:41.0089 2592 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/14 19:38:41.0139 2592 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/14 19:38:41.0167 2592 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/14 19:38:41.0193 2592 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/14 19:38:41.0214 2592 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/14 19:38:41.0234 2592 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/14 19:38:41.0276 2592 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/14 19:38:41.0304 2592 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/14 19:38:41.0384 2592 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/14 19:38:41.0435 2592 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/14 19:38:41.0465 2592 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/05/14 19:38:41.0515 2592 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/05/14 19:38:41.0542 2592 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/05/14 19:38:41.0575 2592 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/14 19:38:41.0601 2592 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/14 19:38:41.0659 2592 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/14 19:38:41.0719 2592 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/14 19:38:41.0780 2592 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/14 19:38:41.0822 2592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/14 19:38:41.0848 2592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/14 19:38:41.0890 2592 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/14 19:38:41.0922 2592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/14 19:38:41.0957 2592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/14 19:38:41.0989 2592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/14 19:38:42.0024 2592 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/14 19:38:42.0086 2592 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/14 19:38:42.0130 2592 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/14 19:38:42.0178 2592 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/14 19:38:42.0215 2592 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/14 19:38:42.0302 2592 cmdGuard (ab491f59adb3a496a6a13636767c9317) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/05/14 19:38:42.0330 2592 cmdHlp (4eca66ad76e621b8d4cf8b861a5d2ff6) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/05/14 19:38:42.0357 2592 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/14 19:38:42.0373 2592 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/14 19:38:42.0405 2592 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/14 19:38:42.0429 2592 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/14 19:38:42.0478 2592 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/14 19:38:42.0536 2592 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/14 19:38:42.0587 2592 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/14 19:38:42.0633 2592 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/14 19:38:42.0674 2592 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/14 19:38:42.0730 2592 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/14 19:38:42.0798 2592 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/14 19:38:42.0838 2592 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/14 19:38:42.0934 2592 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/14 19:38:42.0977 2592 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/14 19:38:42.0996 2592 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/14 19:38:43.0041 2592 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/14 19:38:43.0063 2592 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/14 19:38:43.0084 2592 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/14 19:38:43.0108 2592 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/14 19:38:43.0176 2592 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/14 19:38:43.0198 2592 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/14 19:38:43.0244 2592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/14 19:38:43.0329 2592 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/14 19:38:43.0414 2592 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/14 19:38:43.0461 2592 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/14 19:38:43.0489 2592 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/14 19:38:43.0540 2592 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/14 19:38:43.0592 2592 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/14 19:38:43.0647 2592 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/14 19:38:43.0693 2592 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/14 19:38:43.0765 2592 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/14 19:38:43.0805 2592 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/14 19:38:43.0837 2592 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/14 19:38:43.0886 2592 inspect (f0b1f95f5864e7b52332f014ea9adc63) C:\Windows\system32\DRIVERS\inspect.sys
2011/05/14 19:38:43.0929 2592 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
2011/05/14 19:38:44.0000 2592 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/14 19:38:44.0055 2592 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/14 19:38:44.0081 2592 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/14 19:38:44.0130 2592 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/14 19:38:44.0193 2592 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/14 19:38:44.0217 2592 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/14 19:38:44.0252 2592 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/14 19:38:44.0277 2592 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/14 19:38:44.0311 2592 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/14 19:38:44.0334 2592 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/14 19:38:44.0362 2592 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/14 19:38:44.0384 2592 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/14 19:38:44.0426 2592 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/14 19:38:44.0491 2592 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/14 19:38:44.0573 2592 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/14 19:38:44.0617 2592 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/14 19:38:44.0647 2592 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/14 19:38:44.0682 2592 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/14 19:38:44.0703 2592 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/14 19:38:44.0806 2592 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/14 19:38:44.0851 2592 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/14 19:38:44.0912 2592 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/14 19:38:44.0944 2592 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/14 19:38:44.0964 2592 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/14 19:38:44.0988 2592 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/05/14 19:38:45.0006 2592 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/14 19:38:45.0048 2592 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/14 19:38:45.0073 2592 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/14 19:38:45.0120 2592 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/14 19:38:45.0160 2592 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/14 19:38:45.0205 2592 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/14 19:38:45.0226 2592 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/14 19:38:45.0248 2592 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/14 19:38:45.0268 2592 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/14 19:38:45.0314 2592 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/14 19:38:45.0349 2592 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/14 19:38:45.0380 2592 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/14 19:38:45.0415 2592 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/14 19:38:45.0452 2592 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/14 19:38:45.0469 2592 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/14 19:38:45.0510 2592 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/14 19:38:45.0541 2592 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/14 19:38:45.0557 2592 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/14 19:38:45.0578 2592 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/14 19:38:45.0623 2592 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/14 19:38:45.0681 2592 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/14 19:38:45.0707 2592 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/14 19:38:45.0736 2592 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/14 19:38:45.0778 2592 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/14 19:38:45.0817 2592 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/14 19:38:45.0840 2592 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/14 19:38:45.0889 2592 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/14 19:38:45.0941 2592 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/14 19:38:45.0983 2592 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/14 19:38:46.0007 2592 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/14 19:38:46.0082 2592 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/14 19:38:46.0139 2592 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/14 19:38:46.0180 2592 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/14 19:38:46.0215 2592 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/14 19:38:46.0255 2592 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/14 19:38:46.0295 2592 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2011/05/14 19:38:46.0507 2592 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/14 19:38:46.0721 2592 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/14 19:38:46.0785 2592 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/14 19:38:46.0806 2592 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/14 19:38:46.0836 2592 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/14 19:38:46.0873 2592 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/14 19:38:46.0905 2592 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/14 19:38:47.0009 2592 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/14 19:38:47.0050 2592 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/14 19:38:47.0091 2592 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/14 19:38:47.0113 2592 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/14 19:38:47.0160 2592 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/14 19:38:47.0186 2592 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/14 19:38:47.0215 2592 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/14 19:38:47.0274 2592 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/14 19:38:47.0393 2592 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/14 19:38:47.0421 2592 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/05/14 19:38:47.0470 2592 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/14 19:38:47.0493 2592 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/14 19:38:47.0519 2592 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/05/14 19:38:47.0564 2592 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/05/14 19:38:47.0620 2592 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/14 19:38:47.0669 2592 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/14 19:38:47.0700 2592 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/14 19:38:47.0800 2592 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/14 19:38:47.0872 2592 RapportEI (dfd7ac211b7577409498713ed9d38384) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/14 19:38:47.0916 2592 RapportKELL (1e806164e5e47c8bc0e823755500fe26) C:\Windows\system32\Drivers\RapportKELL.sys
2011/05/14 19:38:47.0967 2592 RapportPG (f898cfc346f765460126a634d9523605) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/14 19:38:48.0000 2592 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/14 19:38:48.0038 2592 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/14 19:38:48.0078 2592 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/14 19:38:48.0111 2592 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/14 19:38:48.0151 2592 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/14 19:38:48.0183 2592 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/14 19:38:48.0226 2592 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/14 19:38:48.0254 2592 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/14 19:38:48.0311 2592 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/14 19:38:48.0365 2592 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/14 19:38:48.0403 2592 RTL8187B (661af6a63dff9f23b1dc3fb7b3e7a917) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/05/14 19:38:48.0434 2592 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/14 19:38:48.0475 2592 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
2011/05/14 19:38:48.0515 2592 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
2011/05/14 19:38:48.0545 2592 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
2011/05/14 19:38:48.0591 2592 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
2011/05/14 19:38:48.0635 2592 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
2011/05/14 19:38:48.0664 2592 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/14 19:38:48.0744 2592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/14 19:38:48.0783 2592 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/14 19:38:48.0805 2592 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/14 19:38:48.0829 2592 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/14 19:38:48.0879 2592 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/14 19:38:48.0903 2592 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/14 19:38:48.0925 2592 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/14 19:38:48.0944 2592 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/14 19:38:48.0987 2592 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/14 19:38:49.0014 2592 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/14 19:38:49.0038 2592 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/14 19:38:49.0090 2592 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/14 19:38:49.0129 2592 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/14 19:38:49.0194 2592 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/14 19:38:49.0225 2592 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/14 19:38:49.0250 2592 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/14 19:38:49.0331 2592 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/14 19:38:49.0368 2592 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/14 19:38:49.0395 2592 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/14 19:38:49.0423 2592 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/14 19:38:49.0495 2592 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/14 19:38:49.0541 2592 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/14 19:38:49.0585 2592 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/14 19:38:49.0619 2592 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/14 19:38:49.0641 2592 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/14 19:38:49.0685 2592 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/14 19:38:49.0736 2592 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/14 19:38:49.0802 2592 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/14 19:38:49.0825 2592 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/14 19:38:49.0876 2592 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/14 19:38:49.0899 2592 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/14 19:38:49.0940 2592 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/14 19:38:49.0981 2592 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/14 19:38:50.0036 2592 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/14 19:38:50.0064 2592 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/14 19:38:50.0094 2592 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/14 19:38:50.0118 2592 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/14 19:38:50.0144 2592 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/14 19:38:50.0202 2592 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/14 19:38:50.0251 2592 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/14 19:38:50.0283 2592 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/14 19:38:50.0318 2592 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/14 19:38:50.0375 2592 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/14 19:38:50.0423 2592 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/14 19:38:50.0462 2592 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/14 19:38:50.0505 2592 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/14 19:38:50.0534 2592 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/14 19:38:50.0562 2592 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/14 19:38:50.0605 2592 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/14 19:38:50.0635 2592 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/14 19:38:50.0662 2592 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/14 19:38:50.0683 2592 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/14 19:38:50.0715 2592 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/14 19:38:50.0783 2592 VirtualCam (b6ef92c628d993c5f777807ed76a7568) C:\Windows\system32\DRIVERS\VirtualCam.sys
2011/05/14 19:38:50.0827 2592 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/14 19:38:50.0881 2592 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/14 19:38:50.0908 2592 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/14 19:38:50.0956 2592 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/14 19:38:51.0043 2592 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\Windows\system32\DRIVERS\VX1000.sys
2011/05/14 19:38:51.0111 2592 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/14 19:38:51.0141 2592 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/14 19:38:51.0156 2592 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/14 19:38:51.0197 2592 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/14 19:38:51.0235 2592 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/14 19:38:51.0416 2592 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/14 19:38:51.0515 2592 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/14 19:38:51.0555 2592 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/14 19:38:51.0645 2592 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/14 19:38:51.0779 2592 ================================================================================
2011/05/14 19:38:51.0779 2592 Scan finished
2011/05/14 19:38:51.0779 2592 ================================================================================

Dan1989 0 Newbie Poster · Answer 2 · 2011-05-16T01:54:14+00:00

It says this:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...

Dan1989 0 Newbie Poster · Answer 3 · 2011-05-16T04:01:28+00:00

I am a little worried that the MBRCheck says 'MBR code is faked', is that something to worry about?

I realised I did not choose 'run as administrator' when I used Bootkit Remover previously, I have tried that option now & it comes up with a window saying 'WARNING ATA_PASS_THROUGH_DIRECT is not supported by your disk controller. SCSI_PASS_THROUGH_DIRECT will be use for disk I/O'. With the following log below:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`60100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire X3200
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 156):
0x84236000 \SystemRoot\system32\ntkrnlpa.exe
0x84203000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80605000 \SystemRoot\system32\drivers\acpi.sys
0x8064B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80654000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065C000 \SystemRoot\system32\drivers\pci.sys
0x80683000 \SystemRoot\System32\drivers\partmgr.sys
0x80692000 \SystemRoot\system32\drivers\volmgr.sys
0x806A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EB000 \SystemRoot\system32\drivers\pciide.sys
0x806F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80700000 \SystemRoot\System32\drivers\mountmgr.sys
0x80710000 \SystemRoot\System32\Drivers\UBHelper.sys
0x80718000 \SystemRoot\system32\drivers\atapi.sys
0x80720000 \SystemRoot\system32\drivers\ataport.SYS
0x8073E000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80762000 \SystemRoot\system32\DRIVERS\storport.sys
0x807A3000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E5000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8B602000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B673000 \SystemRoot\system32\drivers\ndis.sys
0x8B77E000 \SystemRoot\system32\drivers\msrpc.sys
0x8B7A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B80D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BA09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB19000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB52000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB5A000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8BB66000 \SystemRoot\System32\Drivers\mup.sys
0x8BB75000 \SystemRoot\System32\drivers\ecache.sys
0x8BB9C000 \SystemRoot\system32\drivers\disk.sys
0x8BBAD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBCE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BBEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B936000 \SystemRoot\system32\DRIVERS\processr.sys
0x8B945000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B94E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B961000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B96C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B977000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B97F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B989000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B9C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F809000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F896000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F8AE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F8B6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F8BC000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x90E05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91883000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91885000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91925000 \SystemRoot\System32\drivers\watchdog.sys
0x91931000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91941000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9194F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9197E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91989000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x919A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x919AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x919CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x919DD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F902000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F917000 \SystemRoot\system32\DRIVERS\termdd.sys
0x919F1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F927000 \SystemRoot\system32\DRIVERS\ks.sys
0x919F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F951000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F95E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F993000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92C0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x92E0C000 \SystemRoot\system32\drivers\portcls.sys
0x92E39000 \SystemRoot\system32\drivers\drmk.sys
0x92E5E000 \SystemRoot\system32\drivers\nvhda32v.sys
0x92E6C000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x92EAA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x92EB3000 \SystemRoot\System32\Drivers\Null.SYS
0x92EBA000 \SystemRoot\System32\Drivers\Beep.SYS
0x92ECA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92ED1000 \SystemRoot\System32\drivers\vga.sys
0x92EDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92EFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92F06000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92F0E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92F19000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92F27000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92F30000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92F46000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x92F50000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x92F5B000 \SystemRoot\system32\DRIVERS\smb.sys
0x92F6F000 \SystemRoot\system32\drivers\afd.sys
0x92FB7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x92FBC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92FEE000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F9A4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9BA000 \SystemRoot\system32\DRIVERS\inspect.sys
0x8F9D0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9300D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93049000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x9306F000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
0x9307E000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
0x9308B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93095000 \SystemRoot\System32\Drivers\dfsc.sys
0x930AC000 \SystemRoot\System32\Drivers\aswSP.SYS
0x930F3000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x93107000 \SystemRoot\system32\drivers\USBD.SYS
0x93109000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x93167000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93174000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9317E000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x9E2A0000 \SystemRoot\System32\win32k.sys
0x931A2000 \SystemRoot\System32\drivers\Dxapi.sys
0x931AC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9E4C0000 \SystemRoot\System32\TSDDD.dll
0x9E4E0000 \SystemRoot\System32\cdd.dll
0x931BB000 \SystemRoot\system32\drivers\luafv.sys
0x80E0F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x80E46000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x80E49000 \SystemRoot\system32\drivers\spsys.sys
0x80EF9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80F09000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80F33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80F3D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80F50000 \SystemRoot\system32\drivers\HTTP.sys
0x80FBD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80FDA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x931D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8B9D6000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B912000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9609000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9642000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA965A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9682000 \SystemRoot\System32\DRIVERS\srv.sys
0xA96D1000 \??\C:\Windows\system32\drivers\int15.sys
0xA96D9000 \SystemRoot\system32\drivers\peauth.sys
0xA97B7000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA97C0000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA97D2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA97DC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA97E8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA9600000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x80E00000 \SystemRoot\System32\Drivers\usbaapl.sys
0x931EB000 \SystemRoot\system32\DRIVERS\wpdusb.sys
0x8BBD7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x8B7E4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77770000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
1536 C:\Windows\System32\smss.exe
1156 csrss.exe
1016 C:\Windows\System32\wininit.exe
1092 csrss.exe
1144 C:\Windows\System32\services.exe
1232 C:\Windows\System32\lsass.exe
1336 C:\Windows\System32\lsm.exe
1460 C:\Windows\System32\winlogon.exe
204 C:\Windows\System32\svchost.exe
684 C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
1708 C:\Windows\System32\nvvsvc.exe
872 C:\Windows\System32\svchost.exe
1568 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1512 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\svchost.exe
444 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1368 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
632 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\audiodg.exe
836 C:\Windows\System32\svchost.exe
320 C:\Windows\System32\SLsvc.exe
1984 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\rundll32.exe
1020 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
932 C:\Windows\System32\dwm.exe
508 C:\Windows\explorer.exe
2088 C:\Windows\System32\spoolsv.exe
2116 C:\Windows\System32\taskeng.exe
2136 C:\Windows\System32\svchost.exe
2176 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
2204 C:\Windows\System32\taskeng.exe
2916 C:\Program Files\Windows Defender\MSASCui.exe
2936 C:\Windows\RtHDVCpl.exe
2944 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
2952 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
2960 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3144 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3172 C:\Program Files\Mozilla Firefox\firefox.exe
3180 C:\Program Files\O2\bin\sprtcmd.exe
3376 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
3400 C:\Windows\System32\svchost.exe
3432 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3456 C:\Program Files\Bonjour\mDNSResponder.exe
3484 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
3528 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
3640 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
3772 D:\AiO\Center\EKAiOHostService.exe
4068 C:\Windows\vVX1000.exe
4076 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2332 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2324 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
408 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2444 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2716 C:\Program Files\iTunes\iTunesHelper.exe
2692 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1080 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
740 C:\Windows\ehome\ehtray.exe
1740 C:\Windows\ehome\ehmsas.exe
3936 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3928 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
3256 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
4040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1296 C:\Windows\System32\svchost.exe
2216 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2584 C:\Program Files\O2\bin\sprtsvc.exe
2084 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\svchost.exe
3952 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3880 C:\Windows\System32\SearchIndexer.exe
4132 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4192 C:\Program Files\bin32\nSvcAppFlt.exe
4264 C:\Program Files\bin32\nSvcIp.exe
4448 C:\Windows\System32\svchost.exe
4540 C:\Program Files\iPod\bin\iPodService.exe
5188 C:\Program Files\iTunes\iTunes.exe
5732 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
5828 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
5892 C:\Program Files\Mozilla Firefox\plugin-container.exe
4288 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4180 C:\Program Files\Mozilla Firefox\plugin-container.exe
8080 C:\Program Files\Mozilla Firefox\plugin-container.exe
6676 C:\Windows\System32\mspaint.exe
8188 WUDFHost.exe
7292 C:\Windows\System32\mobsync.exe
7236 C:\Windows\System32\SearchProtocolHost.exe
7824 C:\Windows\System32\SearchFilterHost.exe
7028 D:\AiO\Center\AiOHostDirector.exe
5604 dllhost.exe
7564 dllhost.exe
3896 C:\Users\Dan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`60100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004c`25205600 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: D668348080F48C0B8285A3EE42767FC5A5F0E989

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2011-05-16T15:46:13+00:00

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

Dan1989 0 Newbie Poster · Answer 5 · 2011-05-20T22:06:35+00:00

After I enter 0 and press the Enter key it does not show me the Available MBR codes, it just finishes the check.

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire X3200
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 156):
0x84218000 \SystemRoot\system32\ntkrnlpa.exe
0x845D2000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\PSHED.dll
0x8041D000 \SystemRoot\system32\BOOTVID.dll
0x80425000 \SystemRoot\system32\CLFS.SYS
0x80466000 \SystemRoot\system32\CI.dll
0x80546000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\System32\drivers\partmgr.sys
0x80690000 \SystemRoot\system32\drivers\volmgr.sys
0x8069F000 \SystemRoot\System32\drivers\volmgrx.sys
0x806E9000 \SystemRoot\system32\drivers\pciide.sys
0x806F0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x806FE000 \SystemRoot\System32\drivers\mountmgr.sys
0x8070E000 \SystemRoot\System32\Drivers\UBHelper.sys
0x80716000 \SystemRoot\system32\drivers\atapi.sys
0x8071E000 \SystemRoot\system32\drivers\ataport.SYS
0x8073C000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80760000 \SystemRoot\system32\DRIVERS\storport.sys
0x807A1000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D3000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E3000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8B60A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B67B000 \SystemRoot\system32\drivers\ndis.sys
0x8B786000 \SystemRoot\system32\drivers\msrpc.sys
0x8B7B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B801000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BA05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB15000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB4E000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB56000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8BB62000 \SystemRoot\System32\Drivers\mup.sys
0x8BB71000 \SystemRoot\System32\drivers\ecache.sys
0x8BB98000 \SystemRoot\system32\drivers\disk.sys
0x8BBA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBCA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BBEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B92A000 \SystemRoot\system32\DRIVERS\processr.sys
0x8B939000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B942000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B955000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B960000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B96B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B973000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B97D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B9BB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F88D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F8A5000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F8AD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F8B3000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8FC03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90681000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90683000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90723000 \SystemRoot\System32\drivers\watchdog.sys
0x9072F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9073F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9074D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9077C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90787000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9079E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x907A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x907CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x907DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F8F9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x907EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F90E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F938000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F942000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F94F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F984000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9280E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x92A0F000 \SystemRoot\system32\drivers\portcls.sys
0x92A3C000 \SystemRoot\system32\drivers\drmk.sys
0x92A61000 \SystemRoot\system32\drivers\nvhda32v.sys
0x92A6F000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x92AAD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x92AB6000 \SystemRoot\System32\Drivers\Null.SYS
0x92ABD000 \SystemRoot\System32\Drivers\Beep.SYS
0x92ACD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92AD4000 \SystemRoot\System32\drivers\vga.sys
0x92AE0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92B01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92B09000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92B11000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92B1C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92B2A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92B33000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92B49000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x92B53000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x92B5E000 \SystemRoot\system32\DRIVERS\smb.sys
0x92B72000 \SystemRoot\system32\drivers\afd.sys
0x92BBA000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x92BBF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92BF1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F995000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9AB000 \SystemRoot\system32\DRIVERS\inspect.sys
0x92800000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9C1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92E01000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92E3D000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x92E63000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x92E77000 \SystemRoot\system32\drivers\USBD.SYS
0x92E79000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
0x92E88000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x92EE6000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
0x92EF3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92EFD000 \SystemRoot\System32\Drivers\dfsc.sys
0x92F14000 \SystemRoot\System32\Drivers\aswSP.SYS
0x92F5B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92F68000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x92F72000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0xA0E50000 \SystemRoot\System32\win32k.sys
0x92F96000 \SystemRoot\System32\drivers\Dxapi.sys
0x92FA0000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA1070000 \SystemRoot\System32\TSDDD.dll
0xA1090000 \SystemRoot\System32\cdd.dll
0x92FAF000 \SystemRoot\system32\drivers\luafv.sys
0x80C02000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x80C39000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x80C3C000 \SystemRoot\system32\drivers\spsys.sys
0x80CEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80CFC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80D26000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80D30000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80D43000 \SystemRoot\system32\drivers\HTTP.sys
0x80DB0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80DCD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80DE6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x92FCA000 \SystemRoot\system32\drivers\mrxdav.sys
0x8F9D4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB20F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB248000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB260000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB288000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB2D7000 \??\C:\Windows\system32\drivers\int15.sys
0xAB2DF000 \SystemRoot\system32\drivers\peauth.sys
0xAB3BD000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xAB3C6000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xAB3D8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB3E2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8BBD3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAB200000 \SystemRoot\System32\Drivers\usbaapl.sys
0xAB3EE000 \SystemRoot\system32\DRIVERS\wpdusb.sys
0x92FEB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x8B906000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x8B9CA000 \??\C:\Users\Dan\AppData\Local\Temp\pwldapow.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
1420 C:\Windows\System32\smss.exe
1600 csrss.exe
1476 C:\Windows\System32\wininit.exe
1488 csrss.exe
1560 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
1164 C:\Windows\System32\lsm.exe
1656 C:\Windows\System32\winlogon.exe
1184 C:\Windows\System32\svchost.exe
404 C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
1364 C:\Windows\System32\nvvsvc.exe
596 C:\Windows\System32\svchost.exe
1340 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1556 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\svchost.exe
1412 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1892 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\audiodg.exe
2036 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\SLsvc.exe
284 C:\Windows\System32\rundll32.exe
352 C:\Windows\System32\svchost.exe
900 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
448 C:\Windows\System32\spoolsv.exe
616 C:\Windows\System32\svchost.exe
2264 C:\Windows\System32\taskeng.exe
2300 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2340 C:\Windows\System32\dwm.exe
2420 C:\Windows\System32\taskeng.exe
2436 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2444 C:\Windows\explorer.exe
2592 C:\Program Files\Bonjour\mDNSResponder.exe
2648 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
2796 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2932 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
3096 D:\AiO\Center\EKAiOHostService.exe
3140 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3316 C:\Program Files\Windows Defender\MSASCui.exe
3336 C:\Windows\RtHDVCpl.exe
3364 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
3424 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
3544 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3572 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3624 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
3708 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
3788 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3812 C:\Program Files\O2\bin\sprtcmd.exe
3924 C:\Windows\vVX1000.exe
3964 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2288 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2812 C:\Windows\System32\svchost.exe
2708 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2828 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2600 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2984 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2748 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3056 C:\Program Files\iTunes\iTunesHelper.exe
2964 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3064 C:\Windows\ehome\ehtray.exe
908 C:\Program Files\O2\bin\sprtsvc.exe
3564 C:\Windows\System32\svchost.exe
3664 C:\Windows\ehome\ehmsas.exe
972 C:\Windows\System32\svchost.exe
3204 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
740 C:\Windows\System32\SearchIndexer.exe
3228 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
540 C:\Program Files\bin32\nSvcAppFlt.exe
4140 C:\Program Files\bin32\nSvcIp.exe
4352 C:\Windows\System32\svchost.exe
4416 C:\Program Files\iPod\bin\iPodService.exe
5344 C:\Program Files\Mozilla Firefox\firefox.exe
5440 C:\Windows\System32\svchost.exe
492 C:\Program Files\Mozilla Firefox\plugin-container.exe
4260 WUDFHost.exe
4072 C:\Windows\System32\SearchProtocolHost.exe
5808 C:\Windows\System32\SearchFilterHost.exe
3044 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
5560 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
2872 dllhost.exe
3360 dllhost.exe
4212 C:\Users\Dan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`60100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004c`25205600 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: D668348080F48C0B8285A3EE42767FC5A5F0E989

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2011-05-21T02:34:12+00:00

Try it this way;

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see (HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.