60 replies to this topic

[MrCharlie]

Looks like you have 2 usb devices attached when you ran the scan:

Quote

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Please remove any usb or external drives from the computer before you run this scan and any other!

Post the results.

-------------------------------

Then......
Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

----------------------------

Please download MbrScan (by Eric_71) from here and save it to your Desktop.

http://security-x.fr...p?f=MbrScan.exe
http://eric71.geekst...ols/MbrScan.exe

Close all running programs and double-click on "MbrScan.exe" (for Vista/W7, right-click on it => "Run as administrator").
Please click the 'Scan' button and then the 'Report' button.
When it's completed successfully, a log file "MbrScan.log" will open and can be found in the same location as MbrScan.exe. Please copy and paste its contents in your next reply.
Close the report and the MbrScan window.

MrC

[headinhome]

ok, i don't get it. i don't have any drives plugged in. only 3 usb are currently in - mouse, keyboard and printer. i ran it again after i double checked just to make sure and it still shows those...

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Aug-11 [Admin rights]
Mode: Scan -- Date: 04/06/2012 17:23:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job @ : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 4664794ea9b3e1381cc1903ffa268820
[BSP] 4380b6c166e94d201c68450087fc3aec : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942339 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930117120 | Size: 11428 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 58e87bbccbddc74daba40b61bbf22a8a
[BSP] 774670e719613688107af143ed71084f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[13].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[1].txt ;
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;
RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

[MrCharlie]

Can you run the other scans. MrC

[headinhome]

will do... post back shortly.

thanks.

[headinhome]

ListParts by Farbar Version: 12-03-2012 03
Ran by Aug-11 (administrator) on 06-04-2012 at 21:05:31
Windows 7 (X64)
Running From: C:\Users\Aug-11\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 44%
Total physical RAM: 5887.29 MB
Available physical RAM: 3291.63 MB
Total Pagefile: 11772.76 MB
Available Pagefile: 7486.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:920.25 GB) (Free:720.81 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 920 GB 101 MB
Partition 3 Primary 11 GB 920 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

****** End Of Log ******

[headinhome]

MBRScan v1.1.1

OS			 : Windows 7 Service Pack 1 (64 bit)
PROCESSOR	  : AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
BOOT		   : Normal Boot
DATE		   : 2012/04/06 (ISO 8601) at 21:09:50
________________________________________________________________________________

DISK		   : Device\Harddisk0\DR0 __ST310005 28AS (HP40)
BUS_TYPE	   : (0x0B)  S-ATA
USE_PIO	    : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> 7 MBR Code... ==> PARTITION TABLE FAKED !!

MBR_MD5   : 58E87BBCCBDDC74DABA40B61BBF22A8A
MBR_SHA1  : C449B09F46442F05567C07895A61479C0039B25B

Device\Harddisk0\Partition1    100.0 Mo      0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2    920.3 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition3    11.16 Go      0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x031F4000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BD3000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00C29000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C4A000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CA8000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E52000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EF6000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F05000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F5C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F65000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F6F000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FA2000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FAF000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FC4000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D68000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FD9000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\amd_sata.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE    : 396.0 Ko

DRIVER  : C:\Windows\system32\drivers\amd_xata.sys => Invisible on the disk
ADDRESS : 0x010AF000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x010BC000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x010C7000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01113000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\mfehidk.sys => Invisible on the disk
ADDRESS : 0x01127000
SIZE    : 624.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01224000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01426000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01484000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0149F000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01511000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01522000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x0161B000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0170E000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x0176E000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01826000
SIZE    : 2.02 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A2A000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01A74000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01AC0000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01AC8000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B02000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B14000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B1D000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01B57000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B6D000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgrkx64.sys => Invisible on the disk
ADDRESS : 0x01B9D000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgidseha.sys => Invisible on the disk
ADDRESS : 0x01BA9000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\AtiPcie64.sys => Invisible on the disk
ADDRESS : 0x01BB3000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01799000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgmfx64.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x01810000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x01819000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x017C3000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x017D1000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x01610000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x017F6000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x0152C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x01535000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01540000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01551000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01573000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgtdia.sys => Invisible on the disk
ADDRESS : 0x01580000
SIZE    : 388.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x02E67000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x02EF0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02EFB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x02F04000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x02F2A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x02F39000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x02F54000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02F68000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02FB9000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02FC5000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x02FD0000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02FDF000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgldx64.sys => Invisible on the disk
ADDRESS : 0x02E11000
SIZE    : 300.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdppm.sys => Invisible on the disk
ADDRESS : 0x015E1000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x011C3000
SIZE    : 236.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x04A9C000
SIZE    : 6.79 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x040D6000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x04046000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x0406A000
SIZE    : 412.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x041CA000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x05167000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\drivers\usbfilter.sys => Invisible on the disk
ADDRESS : 0x041D5000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x041E2000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x041F3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x051BD000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x051CD000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04A24000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04A30000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04A5F000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x04A7A000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x051E3000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x013C7000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x013D6000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x041FC000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x04439000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x0447C000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x0448E000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x044E8000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x044FD000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x04559000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x04596000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x045B8000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x06675000
SIZE    : 2.44 Mo

DRIVER  : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk
ADDRESS : 0x068E6000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x06903000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x06920000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x06949000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x0696D000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk
ADDRESS : 0x06988000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk
ADDRESS : 0x06994000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x069A5000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
ADDRESS : 0x069B3000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_amd_sata.sys => Invisible on the disk
ADDRESS : 0x069BD000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x069D3000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00030000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x069E6000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x069F2000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00510000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x007C0000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x06600000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftvollh.sys => Invisible on the disk
ADDRESS : 0x06623000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x0662E000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0664F000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03C68000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x03CBB000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03CCE000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03CE6000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03DAF000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03DCD000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05631000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0567F000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgidsfiltera.sys => Invisible on the disk
ADDRESS : 0x056A3000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x056AE000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05754000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftfslh.sys => Invisible on the disk
ADDRESS : 0x0828B000
SIZE    : 772.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftplaylh.sys => Invisible on the disk
ADDRESS : 0x0834C000
SIZE    : 308.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x08399000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x083CA000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avgidsdrivera.sys => Invisible on the disk
ADDRESS : 0x08200000
SIZE    : 176.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0575F000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x09226000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Sftredirlh.sys => Invisible on the disk
ADDRESS : 0x092BE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x092C9000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x0936B000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x09379000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x09392000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x093A0000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47820000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..Ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².Ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2Ä.V.Í.]Ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°ñÆd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßÆ`è|.°.Ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.Ë..¶.Ë..µ.2Ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....Ь<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ËòôËý+ÉÄdË.$.ÀØ
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 26 59 A2 C2 00 00 80 FE   em...c{.&Y¢â...þ
0x000001C0   FF FF 07 FE FF FF 00 68 FD 0C 00 60 09 00 00 00   ...þ...hý..`....
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00   3À.м.|û.À.Ø.ô¿.
0x00000010   06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00   .¹..üó¤ê`.......
0x00000020   52 65 63 6F 76 65 72 79 4D 67 72 20 00 40 0B 73   RecoveryMgr .@.s
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A   ................
0x00000050   00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF   ....W...........
0x00000060   86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75   .L½¾0.¬´.3ûÍ..Àu
0x00000070   F5 E3 0B FE 06 13 06 53 53 E8 70 00 EB 39 B4 11   õÃ.þ...SSèp.Ë9´.
0x00000080   CD 16 74 2D B4 10 CD 16 80 FC 85 75 F1 3C 00 75   Í.t-´.Í..ü.uñ<.u
0x00000090   ED EB 24 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1   ÍË$..l.úf¡..¿T.±
0x000000A0   03 F2 66 AF FB 3D 00 00 6C 04 2B C2 83 F8 24 76   .òf¯û=..l.+â.Ø$v
0x000000B0   E6 B0 01 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E   Æ°..Àu.»Æ}f.7f.>
0x000000C0   2C 06 66 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28   ,.f;÷t..Ã.sîË.»(
0x000000D0   06 EB 10 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73   .Ë.»â}..ü.x..Ã.s
0x000000E0   F5 EB FE 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00   õËþf.w.è...Äè...
0x000000F0   B4 08 B2 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6   ´.².Í..Á$?þÆ.ØöÆ
0x00000100   C0 E9 06 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B   ÀÉ..ÍA.÷Á9V..V..
0x00000110   46 04 73 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02   F.s.÷ñ..öó.ÍÀÁ..
0x00000120   CC 41 8A F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14   ÌA.и..».|.&..Ë.
0x00000130   83 C4 10 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B   .Ä...RP.h.|j.j..
0x00000140   F4 B8 00 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E   ô¸.B².Í.Éâ...PS.
0x00000150   1F BB 1B 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0   .».....$..G.Ä`<À
0x00000160   74 1A 3C 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38   t.<.t.<*t.<6t.<8
0x00000170   74 04 84 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F   t..Ày.f.'.Ë.þ...
0x00000180   88 07 5B 58 1F EA 00 00 00 00 00 00 00 00 00 00   ..[X.ê..........
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 0D 59 A2 C2 00 00 80 20   .........Y¢â...
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 18 08 73 00 FE   ...þ...(.....s.þ
0x000001E0   FF FF 07 FE FF FF 00 40 0B 73 00 20 65 01 00 00   ...þ...@.s. e...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[MrCharlie]

OK, I have to get this looked at, be back asap. MrC

[MrCharlie]

I'm having some of MBR experts look over the scans.

How's the computer running? Any problems? MrC

[headinhome]

seems to be ok.

[MrCharlie]

OK Good, like I said I'm having the MBR experts look over the logs and figure out what's up if anything.
MrC

[headinhome]

thank! just let me know if there's anything else.

scott

[MrCharlie]

Please find this folder C:\TDSSKiller_Quarantine and rename it to C:\quarantine

Please download TDSSKiller to your desktop.

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

"%userprofile%\desktop\TDSSKiller.exe" -qmbr

Hit OK or Enter to start TDSSKiller running.

It's only going to run about 5 seconds to copy some info into the TDSSKiller_Quarantine folder which is located in C:\TDSSKiller_Quarantine.
Please zip the folder up and attach it to your next post.

Thanks......MrC

[headinhome]

hope this is what you were needing.

thanks.

Attached Files

•  MyZip.zip   821.44K   155 downloads

[MrCharlie]

Yes that's it, there looking at it.

I'll let you know, MrC

[headinhome]

ok, good. thanks!

[MrCharlie]

Good News!

We got it sorted with the help of B-boy/StyLe/ and farbar.
Turns out......

Mbr is not infected, it is forged by legal software (some recovery software).

So you're OK

-----------------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-----------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.


--------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:


Java™ 6 Update 22

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[headinhome]

ok, great... one more issue. my excel and word starter 2010 are not working now. they say "microsoft excel starter 2010 cannot be opened. try again or repair product in control panel" when you click to open them. any ideas... probably been a week or more since i used them and they worked fine then.

thanks,
scott

[MrCharlie]

http://support.micro....com/kb/2465140

See if this works, MrC

[headinhome]

worked indeed... you are the man. thanks so, so much for all your help!

[MrCharlie]

Glad we could help MrC