1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Unfamiliar MBR

Discussion in 'Malware and Virus Removal Archive' started by DrLocke, 2010/10/07.

Thread Status:
Not open for further replies.
  1. 2010/10/07
    DrLocke

    DrLocke Inactive Thread Starter

    Joined:
    2010/10/02
    Messages:
    27
    Likes Received:
    0
    [Inactive] Unfamiliar MBR

    This is one another laptop running on Vista that using the same Internet connection as the other Windows 7 laptop. I ran a MBR Check on this one which showed a log as follows:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Ultimate Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: ASUSTeK Computer Inc.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: M51Sn
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 186):
    0x82000000 \SystemRoot\system32\ntkrnlpa.exe
    0x823B9000 \SystemRoot\system32\hal.dll
    0x80409000 \SystemRoot\system32\kdcom.dll
    0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80480000 \SystemRoot\system32\PSHED.dll
    0x80491000 \SystemRoot\system32\BOOTVID.dll
    0x80499000 \SystemRoot\system32\CLFS.SYS
    0x804DA000 \SystemRoot\system32\CI.dll
    0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8068A000 \SystemRoot\system32\drivers\acpi.sys
    0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E1000 \SystemRoot\system32\drivers\pci.sys
    0x80708000 \SystemRoot\System32\drivers\partmgr.sys
    0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x80724000 \SystemRoot\system32\drivers\volmgr.sys
    0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8077D000 \SystemRoot\system32\drivers\intelide.sys
    0x80784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80792000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82609000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x826D1000 \SystemRoot\system32\drivers\atapi.sys
    0x826D9000 \SystemRoot\system32\drivers\ataport.SYS
    0x826F7000 \SystemRoot\system32\drivers\msahci.sys
    0x82700000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82732000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82742000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8A20A000 \SystemRoot\system32\drivers\ndis.sys
    0x8A315000 \SystemRoot\system32\drivers\msrpc.sys
    0x8A340000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A404000 \SystemRoot\System32\drivers\tcpip.sys
    0x8A4EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8A607000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8A717000 \SystemRoot\system32\drivers\volsnap.sys
    0x8A750000 \SystemRoot\System32\Drivers\spldr.sys
    0x8A758000 \SystemRoot\System32\Drivers\mup.sys
    0x8A767000 \SystemRoot\System32\drivers\ecache.sys
    0x8A78E000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8A7B2000 \SystemRoot\system32\drivers\disk.sys
    0x8A7C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8A7E4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8A5E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8A5ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8A37B000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8E80F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8F006000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8F0A7000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F0B3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8F0BE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8F0FC000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F10B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F198000 \SystemRoot\system32\DRIVERS\l160x86.sys
    0x8F407000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x8F62F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8F63F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8F64D000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8F667000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8F676000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8F68A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8F6DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F6EE000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x8F6F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F6FB000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8F726000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F728000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F733000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F74B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8F751000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F755000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
    0x8F75D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F78C000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8F7CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F7D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F1A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8F1CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8F1D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8EFEA000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8FA03000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x8FA8C000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FA9C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FA9E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FAC8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FAD2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8FADF000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8FB14000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FC0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8FB25000 \SystemRoot\system32\drivers\portcls.sys
    0x8FB52000 \SystemRoot\system32\drivers\drmk.sys
    0x8FE0C000 \SystemRoot\system32\DRIVERS\smserial.sys
    0x8FEFC000 \SystemRoot\system32\drivers\modem.sys
    0x8FF09000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0x8FF13000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FF1C000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FF23000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FF2A000 \SystemRoot\System32\drivers\vga.sys
    0x8FF36000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FF57000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FF5F000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FF67000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FF72000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FF80000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FF89000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FF9F000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x8FFB8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8FB77000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x8FBA5000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8FFEA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0x8FFF0000 \SystemRoot\System32\Drivers\SYMDNS.SYS
    0x8FFF2000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
    0x8FBCA000 \SystemRoot\System32\Drivers\SYMFW.SYS
    0x8FE00000 \SystemRoot\System32\Drivers\SYMIDS.SYS
    0x8FDE6000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8A38A000 \SystemRoot\system32\drivers\afd.sys
    0x8A3D2000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8FBEC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8F1ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8FC00000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x90400000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0x90607000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x907B8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x907C5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x90469000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x907CC000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x907D6000 \SystemRoot\System32\Drivers\ItSDisk.sys
    0x904A5000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20081009.001\IDSvix86.sys
    0x904EB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x907DA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x90549000 \SystemRoot\system32\drivers\csc.sys
    0x905A4000 \SystemRoot\System32\Drivers\dfsc.sys
    0x907F6000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0x807A2000 \SystemRoot\System32\Drivers\avgldx86.sys
    0x905BB000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x94802000 \SystemRoot\System32\Drivers\bthport.sys
    0x94882000 \SystemRoot\System32\Drivers\Ltn_hyd7700pc.sys
    0x948DE000 \SystemRoot\System32\Drivers\BdaSup.SYS
    0x948E1000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x9490A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x94914000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x9492E000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x94937000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x94947000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x9494E000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x94956000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
    0x94979000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8A509000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x94986000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x9E260000 \SystemRoot\System32\win32k.sys
    0x94997000 \SystemRoot\System32\drivers\Dxapi.sys
    0x949A1000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9E480000 \SystemRoot\System32\TSDDD.dll
    0x9E4A0000 \SystemRoot\System32\cdd.dll
    0x949B0000 \SystemRoot\system32\drivers\luafv.sys
    0x949CB000 \SystemRoot\system32\DRIVERS\lullaby.sys
    0xA4009000 \SystemRoot\system32\drivers\spsys.sys
    0xA40B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA40C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA40F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA40FD000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0xA4107000 \SystemRoot\system32\DRIVERS\purendis.sys
    0xA4111000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA4124000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
    0xA412B000 \SystemRoot\system32\drivers\HTTP.sys
    0xA4198000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA41B5000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA41CE000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x949DB000 \SystemRoot\system32\drivers\mrxdav.sys
    0x905C8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x827B3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA41E3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x805BA000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA6007000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA6055000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0xA6058000 \SystemRoot\system32\drivers\peauth.sys
    0xA6136000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA6140000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA6168000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA6174000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA618A000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xB1009000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080925.003\NAVEX15.SYS
    0xB10DD000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080925.003\NAVENG.SYS
    0xB10F3000 \SystemRoot\system32\drivers\MSPQM.sys
    0xB118A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x76DB0000 \Windows\System32\ntdll.dll

    Processes (total 120):
    0 System Idle Process
    4 System
    528 C:\Windows\System32\smss.exe
    660 csrss.exe
    708 C:\Windows\System32\wininit.exe
    720 csrss.exe
    760 C:\Windows\System32\services.exe
    772 C:\Windows\System32\lsass.exe
    780 C:\Windows\System32\lsm.exe
    1020 C:\Windows\System32\winlogon.exe
    1108 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\svchost.exe
    1440 C:\Windows\System32\svchost.exe
    1464 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\svchost.exe
    1560 C:\Windows\System32\audiodg.exe
    1584 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\SLsvc.exe
    1652 C:\Windows\System32\svchost.exe
    1792 C:\Windows\System32\svchost.exe
    2000 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    2012 C:\Windows\System32\wlanext.exe
    616 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    952 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    968 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1344 C:\Windows\System32\spoolsv.exe
    1472 C:\Windows\System32\svchost.exe
    2476 C:\Windows\System32\taskeng.exe
    2688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2700 C:\Windows\System32\atashost.exe
    2712 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    2772 C:\Program Files\Bonjour\mDNSResponder.exe
    2784 C:\Windows\System32\svchost.exe
    2796 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    2844 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    2868 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
    2964 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3200 C:\Windows\System32\svchost.exe
    3340 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    3440 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3540 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    3588 C:\Windows\System32\svchost.exe
    3816 C:\Windows\System32\svchost.exe
    3872 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3908 C:\Windows\System32\SearchIndexer.exe
    2104 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    2560 C:\Windows\System32\taskeng.exe
    2608 C:\Windows\System32\taskeng.exe
    2820 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2648 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    3068 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
    1976 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    1220 C:\Windows\System32\dwm.exe
    3556 C:\Program Files\ATK Hotkey\HControl.exe
    868 C:\Windows\explorer.exe
    3732 C:\Program Files\ATKOSD2\ATKOSD2.exe
    2768 C:\Program Files\Wireless Console 2\wcourier.exe
    1048 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    2040 C:\Program Files\P4G\BatteryLife.exe
    3396 C:\Program Files\ASUS\Splendid\ACMON.exe
    4100 C:\Program Files\ATK Hotkey\ATKOSD.exe
    4120 ACEngSvr.exe
    4224 C:\Program Files\ATK Hotkey\KBFiltr.exe
    4704 WmiPrvSE.exe
    5784 C:\Program Files\Windows Defender\MSASCui.exe
    5840 C:\Windows\RtHDVCpl.exe
    5892 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    5936 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    4368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4412 C:\Program Files\ASUS\ATK Media\DMedia.exe
    3708 C:\Program Files\P4P\P4P.exe
    4716 C:\Windows\ASScrPro.exe
    4900 C:\Program Files\AVG\AVG8\avgtray.exe
    4940 C:\Windows\System32\rundll32.exe
    4456 C:\Windows\System32\rundll32.exe
    3988 C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
    5104 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    5196 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    1944 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1312 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    1980 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    4468 D:\Jordan\iTunesHelper.exe
    948 C:\Program Files\Windows Sidebar\sidebar.exe
    2548 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    2540 C:\Windows\ehome\ehtray.exe
    5272 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3904 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3932 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3584 D:\Jordan\LimeWire\LimeWire.exe
    5356 D:\Maggie Study\Office12\ONENOTEM.EXE
    4336 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5108 C:\Windows\ehome\ehmsas.exe
    5560 C:\Windows\ehome\ehsched.exe
    2752 C:\Windows\System32\conime.exe
    5960 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    176 C:\Windows\ehome\ehrecvr.exe
    4848 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
    5872 C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
    1996 C:\Program Files\iPod\bin\iPodService.exe
    7872 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    6672 C:\PROGRA~1\AVG\AVG8\avgemc.exe
    5132 C:\Program Files\AVG\AVG8\avgrsx.exe
    6484 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    3664 C:\Program Files\AVG\AVG8\avgcsrvx.exe
    7152 \Device\HarddiskVolume8\Funshion\funshion\Funshion.exe
    4876 \Device\HarddiskVolume8\Funshion\funshion\FunshionService.exe
    3308 C:\Windows\System32\conime.exe
    6244 C:\Program Files\ASUS\SmartLogon\smartlogon.exe
    5640 WmiPrvSE.exe
    3452 taskeng.exe
    2944 taskeng.exe
    8168 C:\Windows\System32\SearchProtocolHost.exe
    6556 C:\Windows\System32\SearchFilterHost.exe
    3240 C:\Windows\System32\dllhost.exe
    1708 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    4672 dllhost.exe
    7628 dllhost.exe
    944 F:\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`b6f00000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA
    PhysicalDrive2 Model Number: WDC WD3200AAJB-00TYA0, Rev: 0811

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
    298 GB \\.\PhysicalDrive2 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:



    DDS Log:

    DDS (Ver_10-10-05.01) - NTFSx86
    Run by Maggie at 17:28:31.58 on Thu 07/10/2010
    Internet Explorer: 8.0.6001.18943
    Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6002.2.1252.61.1033.18.3070.1378 [GMT 11:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\System32\svchost.exe -k Cognizance
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ATKOSD2\ATKOSD2.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\ATK Hotkey\KBFiltr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Program Files\P4P\P4P.exe
    C:\Windows\ASScrPro.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\System32\rundll32.exe
    D:\Jordan\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    D:\Maggie Study\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehsched.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Jordan\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Maggie\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.gougou.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.asus.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: CE2061D2-AD20-BB75-D55D-660353CA0479 Class: {ce2061d2-ad20-bb75-d55d-660353ca0479} - f:\funshion\funshion\funshionaddr\funshionAddr.dll
    BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
    mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe "
    mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
    mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
    mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [UUSEE] "c:\program files\common files\uusee\UUSeeMediaCenter.exe "
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [Thunder] "c:\program files\thunder network\thunder\Thunder.exe" /s
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "d:\jordan\iTunesHelper.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - d:\jordan\limewire\LimeWire.exe
    StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\maggie study\office12\ONENOTEM.EXE
    StartupFolder: c:\users\maggie\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - d:\maggie~2\office12\EXCEL.EXE/3000
    IE: ʹÓÃUUSee¼Ã“ËÙ²¥·Ã… - c:\program files\uusee\geturltoplay.htm
    IE: ʹÓÃUUSeeÃÂÔØ - c:\program files\uusee\geturltodown.htm
    IE: ʹÓÃѸÀ×ÃÂÔØ - c:\program files\thunder network\thunder\program\GetUrl.htm
    IE: ʹÓÃѸÀ×ÃÂÔØÈ«²¿Ã´½Ã“ - c:\program files\thunder network\thunder\program\GetAllUrl.htm
    IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
    IE: {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel
    IE: {998A88A0-A355-809B-831C-B83A80000992} - c:\program files\uusee\UUSeePlayer.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\maggie~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\maggie~2\office11\REFIEBAR.DLL
    Trusted Zone: edu.au\wlan-pta.uws
    DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} - hxxps://wlan-pta.uws.edu.au/nortel_cacheable/TrustSite.cab
    DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} - hxxps://wlan-pta.uws.edu.au/nortel_cacheable/NetDirect.cab
    DPF: {88E07994-F8DD-4952-8DBF-0C4617F11117} - hxxp://download.cctv.com/euro2008/videoclient.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
    DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://wlan-pta.uws.edu.au/nortel_cacheable/punblock.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-au.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    AppInit_DLLs: APSHook.dll,avgrsstx.dll
    LSA: Notification Packages = scecli ASWLNPkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-21 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-21 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 108552]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20081009.001\IDSvix86.sys [2008-10-11 270384]
    R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-17 23232]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-7-25 21504]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-7-25 21504]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-10-1 20376]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-23 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-23 297752]
    R2 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-7-1 15416]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2008-7-1 46592]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-12 99376]
    R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2008-7-1 374144]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-10 38200]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-11 54632]
    S3 NetDirect;TAP-Win32 NetDirect Adapter;c:\windows\system32\drivers\NetDirect.sys [2009-9-26 31792]

    =============== Created Last 30 ================

    2010-10-02 10:53:28 -------- d-----w- c:\program files\iPod
    2010-10-01 12:03:08 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-10-01 12:02:50 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-01 12:02:26 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-10-01 12:02:23 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-10-01 12:02:02 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-10-01 11:55:26 -------- d-----w- c:\program files\Pure Networks
    2010-10-01 11:54:31 76184 ----a-w- c:\windows\system32\atsckernel.exe
    2010-10-01 11:54:27 20376 ----a-w- c:\windows\system32\atashost.exe
    2010-10-01 11:54:22 -------- d-----w- c:\progra~2\webex
    2010-10-01 11:54:01 8892928 ----a-w- c:\progra~2\atscie.msi
    2010-10-01 11:52:05 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
    2010-10-01 11:50:26 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
    2010-10-01 11:50:18 -------- d-----w- c:\program files\common files\Pure Networks Shared
    2010-10-01 11:49:34 -------- d-----w- c:\program files\Linksys
    2010-10-01 11:49:34 -------- d-----w- c:\progra~2\Pure Networks
    2010-09-25 04:19:58 -------- d-----w- C:\TDDOWNLOAD
    2010-09-25 04:13:03 -------- d-----w- c:\program files\common files\Thunder Network
    2010-09-25 04:13:03 -------- d-----w- c:\progra~2\Thunder Network
    2010-09-25 04:12:52 -------- d-----w- c:\program files\Thunder Network
    2010-09-19 12:22:20 6475096 ----a-w- c:\windows\system32\NEFcodec.dll
    2010-09-19 12:22:20 200704 ----a-r- c:\windows\system32\Strato7.dll
    2010-09-19 12:22:20 110592 ----a-r- c:\windows\system32\RCSigProc.dll
    2010-09-19 12:15:03 268 ---h--r- c:\users\maggie\appdata\roaming\NetServices
    2010-09-19 12:15:03 268 ---h--r- c:\progra~2\Overdrive
    2010-09-19 12:15:03 20 ---h--w- c:\progra~2\PKP_DLdw.DAT
    2010-09-19 12:15:03 12 ---h--r- c:\progra~2\Phaser
    2010-09-19 12:13:14 -------- d-----w- c:\program files\common files\muvee Technologies
    2010-09-19 12:13:10 -------- d-----w- c:\program files\common files\Nikon
    2010-09-19 12:08:47 268 ---h--r- c:\users\maggie\appdata\roaming\Nature
    2010-09-19 12:08:47 268 ---h--r- c:\progra~2\Organic
    2010-09-19 12:08:47 20 ---h--w- c:\progra~2\PKP_DLdu.DAT
    2010-09-19 12:08:47 12 ---h--r- c:\progra~2\Pedal Hard
    2010-09-18 13:14:30 -------- d-----w- c:\users\maggie\appdata\local\AskToolbar
    2010-09-18 13:04:37 -------- d-----w- c:\users\maggie\appdata\roaming\LimeWire
    2010-09-18 13:04:10 -------- d-----w- c:\program files\Ask.com
    2010-09-18 10:01:03 -------- d-----w- c:\users\maggie\appdata\local\Apple Computer
    2010-09-18 10:00:44 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-09-18 10:00:44 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-09-18 10:00:25 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-09-18 09:57:08 -------- d-----w- c:\users\maggie\appdata\local\Apple
    2010-09-18 09:54:25 -------- d-----w- c:\program files\Bonjour
    2010-09-18 09:41:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2010-09-09 08:00:45 -------- d-----w- c:\users\maggie\appdata\roaming\funshionAddr
    2010-09-08 01:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ==================== Find3M ====================

    2010-10-04 08:47:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2010-07-27 08:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 08:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-07-27 08:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-07-27 08:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ============= FINISH: 17:29:31.28 ===============



    I am currently in a hurry as I would have to leave this laptop in 54 hours, leaving someone relatively inexperienced with a laptop with what seems to be a serious problem with it. Being a Vista, I am unfamiliar and it provides a harder time to get a recovery disk. I currently have the appropriate ISO Image, but I cannot get it onto a disk and working. I have Nero 7 Esstentials and Nero 9.
     
    DrLocke,
    #1
  2. 2010/10/07
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/10/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's start with fixing your MBR issue.

    You can use very same CD, you created for your other computer...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
    broni,
    #3
  5. 2010/10/07
    DrLocke

    DrLocke Inactive Thread Starter

    Joined:
    2010/10/02
    Messages:
    27
    Likes Received:
    0
    I've tried that before already, but when I press 1 to choose the Standard MBR Code, nothing happens, and it goes back to a previous screen.
     
    DrLocke,
    #4
  6. 2010/10/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools ":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec ")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
    broni,
    #5
  7. 2010/10/07
    DrLocke

    DrLocke Inactive Thread Starter

    Joined:
    2010/10/02
    Messages:
    27
    Likes Received:
    0
    I am having trouble burning the ISO image, can you help with that?
     
    DrLocke,
    #6
  8. 2010/10/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #7
  9. 2010/10/07
    DrLocke

    DrLocke Inactive Thread Starter

    Joined:
    2010/10/02
    Messages:
    27
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Ultimate Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: ASUSTeK Computer Inc.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: M51Sn
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 187):
    0x8203E000 \SystemRoot\system32\ntkrnlpa.exe
    0x8200B000 \SystemRoot\system32\hal.dll
    0x80600000 \SystemRoot\system32\kdcom.dll
    0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80677000 \SystemRoot\system32\PSHED.dll
    0x80688000 \SystemRoot\system32\BOOTVID.dll
    0x80690000 \SystemRoot\system32\CLFS.SYS
    0x806D1000 \SystemRoot\system32\CI.dll
    0x82601000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8267D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8268A000 \SystemRoot\system32\drivers\acpi.sys
    0x826D0000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x826D9000 \SystemRoot\system32\drivers\msisadrv.sys
    0x826E1000 \SystemRoot\system32\drivers\pci.sys
    0x82708000 \SystemRoot\System32\drivers\partmgr.sys
    0x82717000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8271A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82724000 \SystemRoot\system32\drivers\volmgr.sys
    0x82733000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8277D000 \SystemRoot\system32\drivers\intelide.sys
    0x82784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82792000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8A203000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8A2CB000 \SystemRoot\system32\drivers\atapi.sys
    0x8A2D3000 \SystemRoot\system32\drivers\ataport.SYS
    0x8A2F1000 \SystemRoot\system32\drivers\msahci.sys
    0x8A2FA000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8A32C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8A33C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8A406000 \SystemRoot\system32\drivers\ndis.sys
    0x8A511000 \SystemRoot\system32\drivers\msrpc.sys
    0x8A53C000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A60D000 \SystemRoot\System32\drivers\tcpip.sys
    0x8A6F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8A801000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8A911000 \SystemRoot\system32\drivers\volsnap.sys
    0x8A94A000 \SystemRoot\System32\Drivers\spldr.sys
    0x8A952000 \SystemRoot\System32\Drivers\mup.sys
    0x8A961000 \SystemRoot\System32\drivers\ecache.sys
    0x8A988000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8A9AC000 \SystemRoot\system32\drivers\disk.sys
    0x8A9BD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8A9DE000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8A9F4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8A7EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8A577000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8E404000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8EE05000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8EEA6000 \SystemRoot\System32\drivers\watchdog.sys
    0x8EEB2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8EEBD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8EEFB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8EF0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8EF97000 \SystemRoot\system32\DRIVERS\l160x86.sys
    0x8F005000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x8F22D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8F23D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8F24B000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8F265000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8F274000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8F288000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8F2D9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F2EC000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x8F2EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F2F9000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8F324000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F326000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F331000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F349000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8F34F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F353000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
    0x8F35B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F38A000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8F3CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F3D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F3ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8EFA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8EFC9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8EFD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8EBDF000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8F60A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x8F693000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8F6A3000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F6A5000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F6CF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8F6D9000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F6E6000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F71B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8F803000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8F72C000 \SystemRoot\system32\drivers\portcls.sys
    0x8F759000 \SystemRoot\system32\drivers\drmk.sys
    0x8FA08000 \SystemRoot\system32\DRIVERS\smserial.sys
    0x8FAF8000 \SystemRoot\system32\drivers\modem.sys
    0x8FB05000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0x8FB0F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FB18000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FB1F000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FB26000 \SystemRoot\System32\drivers\vga.sys
    0x8FB32000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FB53000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FB5B000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FB63000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FB6E000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FB7C000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FB85000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FB9B000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x8FBB4000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8F77E000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x8F7AC000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8FBE6000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0x8FBEC000 \SystemRoot\System32\Drivers\SYMDNS.SYS
    0x8FBEE000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
    0x8F9DE000 \SystemRoot\System32\Drivers\SYMFW.SYS
    0x8F7D1000 \SystemRoot\System32\Drivers\SYMIDS.SYS
    0x8F7DA000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8A586000 \SystemRoot\system32\drivers\afd.sys
    0x8A5CE000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8F7EE000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8EFEC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8F600000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x8A3AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8EBF4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8FBF9000 \SystemRoot\System32\Drivers\ItSDisk.sys
    0x827A2000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20081009.001\IDSvix86.sys
    0x90602000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x907B3000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x907C0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x90C00000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x90C5E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x90C7A000 \SystemRoot\system32\drivers\csc.sys
    0x90CD5000 \SystemRoot\System32\Drivers\dfsc.sys
    0x90CEC000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0x90CF2000 \SystemRoot\System32\Drivers\avgldx86.sys
    0x90D43000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x90D4C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x90D5C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x90D63000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x90D6B000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x90D78000 \SystemRoot\System32\Drivers\bthport.sys
    0x94800000 \SystemRoot\System32\Drivers\Ltn_hyd7700pc.sys
    0x9485C000 \SystemRoot\System32\Drivers\BdaSup.SYS
    0x9485F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x94888000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x94892000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x948AC000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
    0x948CF000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x9490A000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x94917000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x949DF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x81490000 \SystemRoot\System32\win32k.sys
    0x949F0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x907C7000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x816B0000 \SystemRoot\System32\TSDDD.dll
    0x816D0000 \SystemRoot\System32\cdd.dll
    0x907D6000 \SystemRoot\system32\drivers\luafv.sys
    0x90DF8000 \SystemRoot\system32\DRIVERS\lullaby.sys
    0x8A712000 \SystemRoot\system32\drivers\spsys.sys
    0x8A7C2000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x807B1000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8A9E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8A7D2000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x8A7DC000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x8A5E4000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x907F9000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
    0xA5E02000 \SystemRoot\system32\drivers\HTTP.sys
    0xA5E6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA5E8C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA5EA5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA5EBA000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA5EDB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA5EFA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA5F33000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA5F4B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA5F72000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA5FC0000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA5FD6000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0xAE206000 \SystemRoot\system32\drivers\peauth.sys
    0xAE2E4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAE2EE000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xAE316000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAE322000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xAE38B000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xB3802000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080925.003\NAVEX15.SYS
    0xB38D6000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080925.003\NAVENG.SYS
    0xB38EC000 \SystemRoot\system32\drivers\MSPQM.sys
    0xB38EE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x779E0000 \Windows\System32\ntdll.dll

    Processes (total 114):
    0 System Idle Process
    4 System
    592 C:\Windows\System32\smss.exe
    660 csrss.exe
    708 C:\Windows\System32\wininit.exe
    720 csrss.exe
    760 C:\Windows\System32\services.exe
    772 C:\Windows\System32\lsass.exe
    780 C:\Windows\System32\lsm.exe
    928 C:\Windows\System32\winlogon.exe
    1000 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\svchost.exe
    1380 C:\Windows\System32\audiodg.exe
    1408 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\SLsvc.exe
    1488 C:\Windows\System32\svchost.exe
    1712 C:\Windows\System32\svchost.exe
    1848 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    1892 C:\Windows\System32\wlanext.exe
    1996 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    468 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    516 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1504 C:\Windows\System32\spoolsv.exe
    1704 C:\Windows\System32\svchost.exe
    2564 C:\Windows\System32\taskeng.exe
    2600 C:\Windows\System32\dwm.exe
    2612 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
    2676 C:\Windows\explorer.exe
    2700 C:\Windows\System32\taskeng.exe
    2828 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    2860 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    2976 C:\Windows\System32\taskeng.exe
    3104 C:\Program Files\ATK Hotkey\HControl.exe
    3112 C:\Program Files\ATKOSD2\ATKOSD2.exe
    3120 C:\Program Files\Windows Defender\MSASCui.exe
    3136 C:\Program Files\Wireless Console 2\wcourier.exe
    3156 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    3164 C:\Program Files\P4G\BatteryLife.exe
    3184 C:\Program Files\ASUS\Splendid\ACMON.exe
    3220 C:\Windows\RtHDVCpl.exe
    3380 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
    3424 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    3612 ACEngSvr.exe
    3760 C:\Program Files\ATK Hotkey\ATKOSD.exe
    3976 C:\Program Files\ATK Hotkey\KBFiltr.exe
    2848 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2920 C:\Windows\System32\atashost.exe
    2504 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    952 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    2932 C:\Program Files\Bonjour\mDNSResponder.exe
    3128 C:\Windows\System32\svchost.exe
    2432 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    3296 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    3464 C:\Program Files\AVG\AVG8\avgrsx.exe
    3476 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    3536 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
    3416 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3960 C:\Windows\System32\svchost.exe
    2268 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    1564 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2516 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    1532 C:\Windows\System32\svchost.exe
    2548 C:\Windows\System32\svchost.exe
    2392 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3280 C:\Windows\System32\SearchIndexer.exe
    4088 C:\PROGRA~1\AVG\AVG8\avgemc.exe
    2584 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    4204 C:\Program Files\AVG\AVG8\avgcsrvx.exe
    4332 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    5184 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    5192 C:\Program Files\ASUS\ATK Media\DMedia.exe
    5200 C:\Program Files\P4P\P4P.exe
    5220 C:\Windows\ASScrPro.exe
    5268 C:\Program Files\AVG\AVG8\avgtray.exe
    5332 C:\Windows\System32\rundll32.exe
    5356 C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
    5364 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    5396 C:\Windows\System32\rundll32.exe
    5424 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    5448 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    5472 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    5484 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    5508 WmiPrvSE.exe
    5556 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    5648 C:\Program Files\Windows Sidebar\sidebar.exe
    5656 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    5684 C:\Windows\ehome\ehtray.exe
    5708 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    5760 C:\Program Files\Windows Media Player\wmpnscfg.exe
    5768 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    5776 D:\Jordan\LimeWire\LimeWire.exe
    5784 D:\Maggie Study\Office12\ONENOTEM.EXE
    4412 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    4544 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5076 C:\Windows\ehome\ehmsas.exe
    3796 C:\Windows\ehome\ehsched.exe
    5252 C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
    5128 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
    4992 C:\Windows\ehome\ehrecvr.exe
    4064 WmiPrvSE.exe
    6356 C:\Windows\System32\wbem\WMIADAP.exe
    7800 drvinst.exe
    7880 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    8080 C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    8144 dllhost.exe
    8184 F:\MBRCheck.exe
    5236 C:\Windows\System32\conime.exe
    5412 C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    4292 C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`b6f00000 (NTFS)

    PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!




    Can you tell me what other problems I have? You said "start" with MBR, which leaves me to think I have problems elsewhere also.
     
    DrLocke,
    #8
  10. 2010/10/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, we'll have to keep checking...

    MBRCheck log looks good now.

    You're running two AV programs, AVG and Norton.
    One of them has to go.
    If AVG, use AVG Remover: http://www.avg.com/us-en/download-tools
    If Norton, use Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    =============================================================

    Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================================================

    Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.
     
    broni,
    #9
  11. 2010/10/07
    DrLocke

    DrLocke Inactive Thread Starter

    Joined:
    2010/10/02
    Messages:
    27
    Likes Received:
    0
    Just quickly, what does having a non-standard/unknown MBR code meam? Is it always a trojan/rootkit of some kind?
     
    DrLocke,
    #10
  12. 2010/10/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Most likely.
    It may be also corrupted, but in any case, it has to be corrected.
     
    broni,
    #11
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...