1 edit | [Rootkit] Rootkit computer 1 Hello, I spoke with LH earlier and she told me to tell you that I ran TDSS. I ran that yesterday because I was having an issue running mbam and it found "Backdoor.Win32.Sinowal.knf. I ran the cure and rebooted and ran it again and it showed nothing...it produced no log file (sorry). So, today I ran gmer to see if it found anything else and it found this: type: disk, name: device\harddisk0\DR0 and value: malicious win32:MBRoot code @ sector 156296388.
I tried about 3 times to run OTL on this computer and it would hang and crash so I don't have the log for that. I get "Application has failed to start because framedyn.dll was not found" - after I hit ok it starts anyway...I run the scan and when it gets to the part scanning firefox settings...it stops responding
Also, security check ran but did not produce a log but I have the rest. Sorry for being a pain and not getting all the logs...I tried
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.30.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: TWEETY [administrator]
12/30/2011 5:33:19 PM
mbam-log-2011-12-30 (17-33-19).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215947
Time elapsed: 1 hour(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end) |
|
|
|
| ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=56039a2039ffbd4d8406f7e0b8fb98d2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 12:33:13
# local_time=2011-12-30 07:33:13 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 106113305 106113305 0 0
# compatibility_mode=1797 16775145 100 93 0 60882665 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=50234
# found=0
# cleaned=0
# scan_time=2279 |
|
|
QuickScan 32-bit v0.9.9.101
---------------------------
Scan date: Fri Dec 30 19:44:31 2011
Machine ID: 48BE7D72
No infection found.
-------------------
Processes
---------
(verified) AntiVir Desktop 240 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(verified) AntiVir Desktop 476 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(verified) AntiVir Desktop 1764 C:\Program Files\Avira\AntiVir Desktop\sched.exe
(verified) Intel(R) Common User Interface 2160 C:\WINDOWS\system32\hkcmd.exe
(verified) MarkVision for Windows (32 bit) 1584 C:\WINDOWS\system32\LEXBCES.EXE
(verified) MarkVision for Windows (32 bit) 3840 C:\WINDOWS\system32\LEXPPS.EXE
(verified) Microsoft IntelliPoint 204 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(verified) Microsoft® Windows® Operating System 2164 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1492 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 660 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 648 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 524 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1640 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 192 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 380 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 836 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1044 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1516 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 604 C:\WINDOWS\system32\winlogon.exe
(verified) User Profile Hive Cleanup Service 468 C:\Program Files\UPHClean\uphclean.exe
(verified) Windows® Internet Explorer 3020 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4012 C:\Program Files\Internet Explorer\iexplore.exe
Network activity
----------------
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 74.125.226.223
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 74.125.113.106
Process iexplore.exe (4012) connected on port 443 (HTTP over SSL) --> 184.73.191.201
Process iexplore.exe (4012) connected on port 443 (HTTP over SSL) --> 205.251.253.37
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 69.47.66.186
Process iexplore.exe (4012) connected on port 443 (HTTP over SSL) --> 72.21.211.130
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 72.21.211.171
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 74.125.226.229
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 72.14.204.95
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 69.171.224.13
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 69.47.66.185
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 74.125.226.234
Process iexplore.exe (4012) connected on port 443 (HTTP over SSL) --> 205.251.253.37
Process iexplore.exe (4012) connected on port 80 (HTTP) --> 66.235.143.121
Process iexplore.exe (4012) connected on port 443 (HTTP over SSL) --> 72.14.204.95
Process svchost.exe (936) listens on ports: 135 (RPC)
Process LEXPPS.EXE (3840) listens on ports: 3797
Autoruns and critical files
---------------------------
(verified) Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
(verified) Intel(R) Common User Interface C:\WINDOWS\System32\igfxtray.exe
(verified) Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
Browser plugins
---------------
(unsigned) IEAWSDC.DLL C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
(unsigned) Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
(unsigned) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) bdoscandel.exe C:\WINDOWS\bdoscandel.exe
(verified) bdscanonline C:\WINDOWS\Downloaded Program Files\oscan82.ocx
(verified) BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
(verified) BrowserPlus (from Yahoo!) v2.7.1 C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
(verified) CouponNetwork Coupon Activator Netscape C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
(verified) Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
(verified) Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
(verified) ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
(verified) Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\ssv.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
(verified) Nexon Game Controller C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) RealNetworks Rhapsody Player Engine C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
(verified) TODO: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mvp5i4ly.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
(verified) unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn1\ytsingleinstance.dll
(verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn1\yt.dll
Missing files
-------------
File not found: Explorer.exe
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"
File not found: WlNotify.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\"DllName"
File not found: cmd.exe
--> HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell"
File not found: crypt32.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\"DllName"
File not found: cryptnet.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\"DllName"
File not found: cscdll.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\"DllName"
File not found: igfxsrvc.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\"DllName"
File not found: logonui.exe
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"UIHost"
File not found: sclgntfy.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\"DllName"
File not found: shell32.dll
--> HKLM\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32\"(default)"
File not found: wlnotify.dll
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\"DllName"
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\"DllName"
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\"DllName"
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\"DllName"
Scan
----
MD5: 907789e632daf1919036afe148ef5fb9 C:\Program Files\Avira\AntiVir Desktop\aecore.dll
MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
MD5: 6e223c05eb9cef734ade883ef795fae5 C:\Program Files\Avira\AntiVir Desktop\aegen.dll
MD5: 771fdb76b1315ba85b0f1adf4b4d3482 C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
MD5: dc79c6ffbd1d9e72df12a3edd84c8abf C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
MD5: 9dbf58f006745faf5abd6e016a86d494 C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
MD5: a2f5c1416cca9867c56b066525e87703 C:\Program Files\Avira\AntiVir Desktop\aepack.dll
MD5: cf28139a8aecbf3bec26ca1a16fd69cf C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
MD5: 08e94c438c6f57f724a1f9e2697249c9 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files\Avira\AntiVir Desktop\aescn.dll
MD5: 889b356a767f72693ee4a92d7a93e90d C:\Program Files\Avira\AntiVir Desktop\aescript.dll
MD5: ae3896f436841be390b23cec79499f93 C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
MD5: 4c3eed40c3f2a9fc9956b0511d431304 C:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll
MD5: 5ee5c132d47ba6f331099bff1d1db539 C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL
MD5: 5252bb49a0b35e1127d3771e21c7af6d C:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL
MD5: efdbe3573513f4107f48079088a09b26 C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 01cabe32bd90137b6d861aad78a917a8 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
MD5: 0016403dfc940f6df21445414b26c044 C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
MD5: 855b79451ecf62602f20eb4d5c71f99b C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll
No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.20 KB recvd
Scanned 530 files and modules - 21 seconds
==============================================================================
|
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
 ·Comcast
1 edit | reply to DarthSaruman
On this computer you are probably looking at a reformat and re-install. But first, there are some things we can try.
First, I want to check the MBR.
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
- Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
- It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
- When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
- A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
- Copy and paste the contents of that log in your next reply.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum |
|
| MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltmgr.sys
0xF7489000 KSecDD.sys
0xF7476000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7449000 NDIS.sys
0xF742F000 Mup.sys
0xF74F7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9E4E000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xB9E3A000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77AF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9E16000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77B7000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB9D41000 \SystemRoot\System32\DRIVERS\BCMDM.sys
0xB9D1E000 \SystemRoot\System32\DRIVERS\ks.sys
0xF77BF000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA53E000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
0xF77C7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA52E000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA51E000 \SystemRoot\SYSTEM32\drivers\samfilt.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\point32.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA50E000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7947000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB9D0A000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA4FE000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA4EE000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA4DE000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB9C84000 \SystemRoot\system32\drivers\smwdm.sys
0xB9C60000 \SystemRoot\system32\drivers\portcls.sys
0xBA4CE000 \SystemRoot\system32\drivers\drmk.sys
0xF79A9000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7A7E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA4BE000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA7F4000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9C49000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA4AE000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB9C38000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7657000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77EF000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77F7000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7667000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79AD000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9B3A000 \SystemRoot\System32\DRIVERS\update.sys
0xBA7E8000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7677000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xF7687000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB9ABF000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7697000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB1A1A000 \SystemRoot\system32\drivers\ialmkchw.sys
0xB19FE000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA7B7000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7807000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF79BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A67000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7817000 \SystemRoot\System32\drivers\vga.sys
0xF79BF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF781F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7727000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7A3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB192F000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB18D6000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB18AE000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB9E89000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB188C000 \SystemRoot\System32\drivers\afd.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF772F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB17C1000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB9E75000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB1751000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7577000 \SystemRoot\System32\Drivers\Fips.SYS
0xB172B000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7567000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7737000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB16DC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB9E65000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF7747000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF790F000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF7547000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF774F000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF79C9000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB9BA8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB1546000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79DD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB19CE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF780F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A89000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xB148F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB135F000 \SystemRoot\System32\DRIVERS\nbf.sys
0xB112A000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF798F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7991000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xB1122000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xB0F92000 \SystemRoot\System32\DRIVERS\srv.sys
0xB0E15000 \SystemRoot\system32\drivers\wdmaud.sys
0xB119F000 \SystemRoot\system32\drivers\sysaudio.sys
0xB0B26000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0648000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 27):
0 System Idle Process
4 System
532 C:\WINDOWS\system32\smss.exe
580 csrss.exe
604 C:\WINDOWS\system32\winlogon.exe
648 C:\WINDOWS\system32\services.exe
660 C:\WINDOWS\system32\lsass.exe
832 C:\WINDOWS\system32\svchost.exe
900 svchost.exe
996 C:\WINDOWS\system32\svchost.exe
1032 C:\WINDOWS\system32\svchost.exe
1168 svchost.exe
1296 svchost.exe
1436 C:\WINDOWS\system32\LEXBCES.EXE
1476 C:\WINDOWS\system32\spoolsv.exe
1488 C:\WINDOWS\system32\LEXPPS.EXE
1712 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1888 svchost.exe
216 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
352 C:\WINDOWS\system32\svchost.exe
400 C:\Program Files\UPHClean\uphclean.exe
1248 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1648 alg.exe
416 C:\WINDOWS\explorer.exe
1176 C:\WINDOWS\system32\hkcmd.exe
652 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3540 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done! |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to DarthSaruman
This is a puzzler. One program says bad, the other says ok? The bitDefender scan indicated missing files, or at least missing files in registry entries but nothing else.
MBRcheck, which I consider definitive, says MBR is fine?
Time to clean with KAV and see where we stand. I am still leaning to reformat. Too many inconsistancies. But, let's try.
The Kaspersky Rescue Disk is a bootable CD or USB based version of Kaspersky Antivirus.
You will find full instructions for download and use at the following links:
CD based: »support.kaspersky.com/faq/?qid=208282484
USB Based: »support.kaspersky.com/faq/?qid=208282163
Note: Please post the log (krd-log.txt) in your next reply
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum |
|
| well I tried both ways to run this program and none would work...it wouldn't boot from the cd (I followed all instructions on making the cd boot first). I couldn't get the usb thing to install correctly. If I have to reformat would it eliminate this issue?... |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to DarthSaruman
If you have a Windows CD or DVD, see if you can boot from that. I'm just trying to check whether you can even boot from a CD or DVD.
Normally your BIOS will determine the order for bootable devices. Normally it's CD/DVD, USB, then HDD. Some BIOS may not have the USB option. |
|
| I tried the winOS and it wouldn't boot...I have a cd rom and a cdrw in my computer...the cdrom is broken and it won't boot from the cdrw...I disconnected the cable from the broken one and put it on the cdrw so it reads that one...and still nothing...ugh...might have to buy a new HD...don't know...thanks |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to DarthSaruman
I would not be surprised if you problems with this computer extend past software into hardware.
There is nothing more we can do trying software so go ahead and reformat and re-install. I assume the computer has a recovery partition that will allow you to return the computer to factory release. |
|
| thanks again...you have been a big help!!!...
DS
Have a good new year |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to DarthSaruman
You too! |
|
