Malwarebytes log and .DDS log

[Corey3245]

And one minor thing that I suppose it's like an effect of the virus, minor though, 9 of about 50 icons and shortcuts and folders on my desktop have become transparent. I'm not sure what they mean, my brother said they were hidden files? Anyways I didn't make them to that I believe it was the virus.

[Corey3245]

I know this is a lot of replies and it's just as I think of something more to tell you I try and post it to make sure you get it,

From my knowledge and I will let you know if this changes, I only get redirected from search engines. and it takes forever for them to load. 45+ seconds. I noticed this with Google and then checked it with yahoo to make sure that I got redirected from more then just Google. It doesn't seem that I get redirected from other websites but they defiantly do not always load correctly. and It helps if I double click the link from a search engine for it to not redirect me.

[LDTate]

Please download Dr.Web CureIt . Save it to your desktop:

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  
• This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, select Complete scan.
  
• Click the green arrow at the right, and the scan will start.
  
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  
• Please post the Dr.Web.txt report in your next reply
  
• Close Dr.Web Cureit.
  Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

[Corey3245]

I'm attempting to scan. I have it downloaded and it's scanning. It is running in enhanced protection mode I believe that's what you wanted. It's taking a while and for some reason the computer turned off before it finished I believe sometime in the night. I haven't stopped working with you on it just wanted to let you know.

[LDTate]

Run it again

[Corey3245]

I have. It's done with the quick scan so I have started the full scan and it takes a long time. Like 6+ hours.

[LDTate]

Did the quick scan find anything?

[Corey3245]

Here's the log.

It scanned for a long time in the enhanced safety mode.

The log is

Process in memory: C:\Program Files\Internet Explorer\iexplore.exe:2300;;BackDoor.Tdss.565;Eradicated.;

again it's a small one I'm not sure if it is correct but I followed the directions as requested exactly.

This seemed to be found in the quick scan but that's it.

They program said it didn't find any viruses.

Thanks again.

[LDTate]

You need to try and run TDSSKIller again.

[Corey3245]

I've tried. What is stopping it from running. I've tried running it as an admin and as not one. Tried from safe mode. What is stopping it from running?!

[LDTate]

BackDoor.Tdss.565

That's what is blocking it.

Run DrWeb again

[Corey3245]

I was doing some reading, this guy seemed to be having the same trouble as me. In the sense of Backdoor.Tdss.565 and TDSSKiller will not run.

Not sure if you wanted to take a look at it or not, but here it is anyways:

[Corey3245]

http://www.techspot.com/vb/topic164378.html

[LDTate]

Yes, I've seen a few google hits about it.

Any time I see a backdoor trojan I post this:

you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  
• Consider what other private information could possibly have been taken from your computer and take appropriate steps
  

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

[LDTate]

See if you can follow those instructions from that link.

[Corey3245]

Right I saw you had a different thread with this same problem backdoor.Tdss.#) and you posted that so I knew it was coming.

If I wanted to reformat I would need a disk?

And I would have to get that from Toshiba am I correct?

[LDTate]

You would need the Windows os and toshiba drivers CD/disk for your laptop.

Did it come with a restore CD?

[Corey3245]

I'm pretty sure it did. I don't know where it went though.

[LDTate]

Did you try the fix in that thread?

[LDTate]

Here's another one to try

Please try this through System Recovery Options at Boot for running System Restore as shown in this link http://www.sevenforums.com/tutorials/700-system-restore.html See Method #1

[Corey3245]

Here's the MBR Check log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: TOSHIBA

BIOS Manufacturer: INSYDE

System Manufacturer: TOSHIBA

System Product Name: Satellite L505

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 166):

0x82E1F000 \SystemRoot\system32\ntkrnlpa.exe

0x8322F000 \SystemRoot\system32\halmacpi.dll

0x80B9A000 \SystemRoot\system32\kdcom.dll

0x8382A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x838A2000 \SystemRoot\system32\PSHED.dll

0x838B3000 \SystemRoot\system32\BOOTVID.dll

0x838BB000 \SystemRoot\system32\CLFS.SYS

0x838FD000 \SystemRoot\system32\CI.dll

0x83A18000 \SystemRoot\system32\drivers\Wdf01000.sys

0x83A89000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x83A97000 \SystemRoot\System32\Drivers\spgl.sys

0x83B8A000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x83B93000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x839A8000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x83BB9000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x83BC1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x83BCC000 \SystemRoot\system32\DRIVERS\pci.sys

0x83A00000 \SystemRoot\System32\drivers\partmgr.sys

0x83BF6000 \SystemRoot\system32\DRIVERS\sshrmd.sys

0x839F0000 \SystemRoot\system32\DRIVERS\ssfs0bbc.sys

0x8B032000 \SystemRoot\system32\DRIVERS\ssidrv.sys

0x8B060000 \SystemRoot\system32\DRIVERS\msrpc.sys

0x8B08B000 \SystemRoot\system32\DRIVERS\NETIO.SYS

0x8B0C9000 \SystemRoot\system32\DRIVERS\NDIS.SYS

0x8B180000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8B18B000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8B193000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8B19E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8B1AE000 \SystemRoot\System32\drivers\volmgrx.sys

0x8B000000 \SystemRoot\System32\drivers\mountmgr.sys

0x8B016000 \SystemRoot\system32\DRIVERS\pciide.sys

0x8B01D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x8B20B000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x8B2E5000 \SystemRoot\system32\DRIVERS\atapi.sys

0x8B2EE000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x8B311000 \SystemRoot\system32\DRIVERS\msahci.sys

0x8B31B000 \SystemRoot\system32\drivers\amdxata.sys

0x8B324000 \SystemRoot\system32\drivers\fltmgr.sys

0x8B358000 \SystemRoot\system32\drivers\fileinfo.sys

0x8B42C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8B55B000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8B56E000 \SystemRoot\System32\Drivers\cng.sys

0x8B5CB000 \SystemRoot\System32\drivers\pcw.sys

0x8B5D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8B400000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8B611000 \SystemRoot\System32\drivers\tcpip.sys

0x8B75A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8B78B000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8B7CA000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS

0x8B369000 \SystemRoot\system32\DRIVERS\tos_sps32.sys

0x8B7CF000 \SystemRoot\System32\Drivers\spldr.sys

0x8B3B0000 \SystemRoot\System32\drivers\rdyboost.sys

0x8B7D7000 \SystemRoot\System32\Drivers\mup.sys

0x8B7E7000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8B800000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8B832000 \SystemRoot\system32\DRIVERS\disk.sys

0x8B843000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8B960000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8B97F000 \SystemRoot\system32\DRIVERS\savonaccess.sys

0x8B9A5000 \SystemRoot\System32\Drivers\Null.SYS

0x8B9AC000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B9B3000 \SystemRoot\System32\drivers\vga.sys

0x8B9BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8B9E0000 \SystemRoot\System32\drivers\watchdog.sys

0x8B9ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8B9F5000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8B7EF000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8B600000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8B5E2000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8B3DD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x90632000 \SystemRoot\System32\DRIVERS\netbt.sys

0x90664000 \SystemRoot\system32\drivers\afd.sys

0x906BE000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x906C7000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x906CE000 \SystemRoot\system32\DRIVERS\pacer.sys

0x906ED000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x906FE000 \SystemRoot\system32\DRIVERS\netbios.sys

0x9070C000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x9071F000 \SystemRoot\system32\DRIVERS\termdd.sys

0x9072F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0x90751000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0x90757000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x90798000 \SystemRoot\system32\drivers\nsiproxy.sys

0x907A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x907AC000 \SystemRoot\System32\drivers\discache.sys

0x907B8000 \SystemRoot\System32\Drivers\dfsc.sys

0x907D0000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x907DE000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x90600000 \SystemRoot\system32\DRIVERS\TVALZFL.sys

0x90607000 \SystemRoot\system32\DRIVERS\FwLnk.sys

0x9060F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x90621000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x90E27000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x9144E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x91505000 \SystemRoot\System32\drivers\dxgmms1.sys

0x9153E000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x91549000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x91594000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x915A3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x90C16000 \SystemRoot\system32\DRIVERS\Rt86win7.sys

0x90C70000 \SystemRoot\system32\DRIVERS\rtl8192se.sys

0x90D84000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x90D8E000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x90DA6000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x90DB3000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x90DE6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x90DE8000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x90DF5000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys

0x90C00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x915C2000 \SystemRoot\System32\Drivers\alnb0n35.SYS

0x90E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x90E0D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x83800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x90C0A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x91C10000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x91C32000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x91C4A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x91C61000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x91C78000 \SystemRoot\system32\drivers\SaiBus.sys

0x91C82000 \SystemRoot\system32\DRIVERS\swenum.sys

0x91C84000 \SystemRoot\system32\DRIVERS\ks.sys

0x91CB8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x91CC6000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x91D0A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x91D1B000 \SystemRoot\system32\DRIVERS\SaiMini.sys

0x91D1F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x91D32000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x91E1E000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x920BA000 \SystemRoot\system32\drivers\portcls.sys

0x920E9000 \SystemRoot\system32\drivers\drmk.sys

0x92102000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x9210E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x92119000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x92130000 \SystemRoot\System32\Drivers\usbvideo.sys

0x92154000 \SystemRoot\system32\DRIVERS\pgeffect.sys

0x9215A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8B868000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x92167000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x9A350000 \SystemRoot\System32\win32k.sys

0x92178000 \SystemRoot\System32\drivers\Dxapi.sys

0x92182000 \SystemRoot\system32\DRIVERS\monitor.sys

0x9A5B0000 \SystemRoot\System32\TSDDD.dll

0x9A5E0000 \SystemRoot\System32\cdd.dll

0x9218D000 \SystemRoot\system32\drivers\luafv.sys

0x921A8000 \SystemRoot\system32\drivers\WudfPf.sys

0x921C2000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x91D39000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x921D2000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x921E2000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9C401000 \SystemRoot\system32\drivers\HTTP.sys

0x9C486000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x9C48F000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9C4A8000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9C4BA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9C4DD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9C518000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x9C54B000 \SystemRoot\system32\drivers\peauth.sys

0x9C5E2000 \SystemRoot\System32\Drivers\secdrv.SYS

0x91D7F000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9C5EC000 \SystemRoot\System32\drivers\tcpipreg.sys

0x91DA0000 \SystemRoot\System32\DRIVERS\srv2.sys

0xB403F000 \SystemRoot\System32\DRIVERS\srv.sys

0x77200000 \Windows\System32\ntdll.dll

0x47E20000 \Windows\System32\smss.exe

0x77440000 \Windows\System32\apisetschema.dll

0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 70):

0 System Idle Process

4 System

340 C:\Windows\System32\smss.exe

516 csrss.exe

556 C:\Windows\System32\wininit.exe

568 csrss.exe

616 C:\Windows\System32\services.exe

632 C:\Windows\System32\lsass.exe

640 C:\Windows\System32\lsm.exe

748 C:\Windows\System32\svchost.exe

820 C:\Windows\System32\winlogon.exe

864 C:\Windows\System32\svchost.exe

924 C:\Windows\System32\svchost.exe

1032 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\svchost.exe

1212 C:\Windows\System32\svchost.exe

1268 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

1548 C:\Windows\System32\svchost.exe

1688 C:\Windows\System32\spoolsv.exe

1732 C:\Windows\System32\svchost.exe

1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1880 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

1964 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

2008 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

512 C:\Windows\System32\svchost.exe

956 C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

1580 C:\Windows\System32\TODDSrv.exe

444 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

2072 C:\Program Files\TOSHIBA\TECO\TecoService.exe

2572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

2604 C:\Windows\System32\SearchIndexer.exe

2660 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

2808 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

3572 C:\Windows\System32\svchost.exe

3136 C:\Windows\System32\taskhost.exe

3224 C:\Windows\System32\dwm.exe

3652 C:\Windows\explorer.exe

2376 C:\Windows\System32\svchost.exe

3988 C:\Windows\System32\hkcmd.exe

3896 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2516 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

2404 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

2288 C:\Program Files\TOSHIBA\TECO\TEco.exe

2348 C:\Program Files\Sophos\AutoUpdate\ALMon.exe

3648 C:\Program Files\iTunes\iTunesHelper.exe

1120 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

4468 C:\Program Files\iPod\bin\iPodService.exe

4900 C:\Windows\System32\taskeng.exe

4956 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

5216 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

5580 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

5824 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

5876 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

4136 C:\Program Files\Windows Media Player\wmpnetwk.exe

1100 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

4756 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

4828 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

1096 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

3840 C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe

1132 C:\Program Files\Internet Explorer\iexplore.exe

5320 C:\Program Files\Internet Explorer\iexplore.exe

4068 C:\Program Files\Mozilla Firefox\firefox.exe

6072 C:\Windows\System32\SearchProtocolHost.exe

3548 C:\Windows\System32\SearchFilterHost.exe

4036 C:\Windows\explorer.exe

5632 C:\Windows\System32\audiodg.exe

2612 dllhost.exe

1156 dllhost.exe

4760 C:\Users\Owner\Desktop\MBRCheck.exe

5112 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3263GSX, Rev: FG020M

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

[LDTate]

That part looks ok.

Download Bootkit remover to your desktop

This is a rar file if you do not have a programme to open it then download and install Peazip

Extract Remover.exe to your desktop

Right click Remover.exe and select Run as Administrator

It will show a Black screen with some data on it

Right click on the screen and select > Select All

Press Control+C

Open a notepad and press Control+V

Post the resuls log here please

[Corey3245]

Here is the MBRCheck Log.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: TOSHIBA

BIOS Manufacturer: INSYDE

System Manufacturer: TOSHIBA

System Product Name: Satellite L505

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 166):

0x82E1F000 \SystemRoot\system32\ntkrnlpa.exe

0x8322F000 \SystemRoot\system32\halmacpi.dll

0x80B9A000 \SystemRoot\system32\kdcom.dll

0x8382A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x838A2000 \SystemRoot\system32\PSHED.dll

0x838B3000 \SystemRoot\system32\BOOTVID.dll

0x838BB000 \SystemRoot\system32\CLFS.SYS

0x838FD000 \SystemRoot\system32\CI.dll

0x83A18000 \SystemRoot\system32\drivers\Wdf01000.sys

0x83A89000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x83A97000 \SystemRoot\System32\Drivers\spgl.sys

0x83B8A000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x83B93000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x839A8000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x83BB9000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x83BC1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x83BCC000 \SystemRoot\system32\DRIVERS\pci.sys

0x83A00000 \SystemRoot\System32\drivers\partmgr.sys

0x83BF6000 \SystemRoot\system32\DRIVERS\sshrmd.sys

0x839F0000 \SystemRoot\system32\DRIVERS\ssfs0bbc.sys

0x8B032000 \SystemRoot\system32\DRIVERS\ssidrv.sys

0x8B060000 \SystemRoot\system32\DRIVERS\msrpc.sys

0x8B08B000 \SystemRoot\system32\DRIVERS\NETIO.SYS

0x8B0C9000 \SystemRoot\system32\DRIVERS\NDIS.SYS

0x8B180000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8B18B000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8B193000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8B19E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8B1AE000 \SystemRoot\System32\drivers\volmgrx.sys

0x8B000000 \SystemRoot\System32\drivers\mountmgr.sys

0x8B016000 \SystemRoot\system32\DRIVERS\pciide.sys

0x8B01D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x8B20B000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x8B2E5000 \SystemRoot\system32\DRIVERS\atapi.sys

0x8B2EE000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x8B311000 \SystemRoot\system32\DRIVERS\msahci.sys

0x8B31B000 \SystemRoot\system32\drivers\amdxata.sys

0x8B324000 \SystemRoot\system32\drivers\fltmgr.sys

0x8B358000 \SystemRoot\system32\drivers\fileinfo.sys

0x8B42C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8B55B000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8B56E000 \SystemRoot\System32\Drivers\cng.sys

0x8B5CB000 \SystemRoot\System32\drivers\pcw.sys

0x8B5D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8B400000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8B611000 \SystemRoot\System32\drivers\tcpip.sys

0x8B75A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8B78B000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8B7CA000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS

0x8B369000 \SystemRoot\system32\DRIVERS\tos_sps32.sys

0x8B7CF000 \SystemRoot\System32\Drivers\spldr.sys

0x8B3B0000 \SystemRoot\System32\drivers\rdyboost.sys

0x8B7D7000 \SystemRoot\System32\Drivers\mup.sys

0x8B7E7000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8B800000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8B832000 \SystemRoot\system32\DRIVERS\disk.sys

0x8B843000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8B960000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8B97F000 \SystemRoot\system32\DRIVERS\savonaccess.sys

0x8B9A5000 \SystemRoot\System32\Drivers\Null.SYS

0x8B9AC000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B9B3000 \SystemRoot\System32\drivers\vga.sys

0x8B9BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8B9E0000 \SystemRoot\System32\drivers\watchdog.sys

0x8B9ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8B9F5000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8B7EF000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8B600000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8B5E2000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8B3DD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x90632000 \SystemRoot\System32\DRIVERS\netbt.sys

0x90664000 \SystemRoot\system32\drivers\afd.sys

0x906BE000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x906C7000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x906CE000 \SystemRoot\system32\DRIVERS\pacer.sys

0x906ED000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x906FE000 \SystemRoot\system32\DRIVERS\netbios.sys

0x9070C000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x9071F000 \SystemRoot\system32\DRIVERS\termdd.sys

0x9072F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0x90751000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0x90757000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x90798000 \SystemRoot\system32\drivers\nsiproxy.sys

0x907A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x907AC000 \SystemRoot\System32\drivers\discache.sys

0x907B8000 \SystemRoot\System32\Drivers\dfsc.sys

0x907D0000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x907DE000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x90600000 \SystemRoot\system32\DRIVERS\TVALZFL.sys

0x90607000 \SystemRoot\system32\DRIVERS\FwLnk.sys

0x9060F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x90621000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x90E27000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x9144E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x91505000 \SystemRoot\System32\drivers\dxgmms1.sys

0x9153E000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x91549000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x91594000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x915A3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x90C16000 \SystemRoot\system32\DRIVERS\Rt86win7.sys

0x90C70000 \SystemRoot\system32\DRIVERS\rtl8192se.sys

0x90D84000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x90D8E000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x90DA6000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x90DB3000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x90DE6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x90DE8000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x90DF5000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys

0x90C00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x915C2000 \SystemRoot\System32\Drivers\alnb0n35.SYS

0x90E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x90E0D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x83800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x90C0A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x91C10000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x91C32000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x91C4A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x91C61000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x91C78000 \SystemRoot\system32\drivers\SaiBus.sys

0x91C82000 \SystemRoot\system32\DRIVERS\swenum.sys

0x91C84000 \SystemRoot\system32\DRIVERS\ks.sys

0x91CB8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x91CC6000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x91D0A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x91D1B000 \SystemRoot\system32\DRIVERS\SaiMini.sys

0x91D1F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x91D32000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x91E1E000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x920BA000 \SystemRoot\system32\drivers\portcls.sys

0x920E9000 \SystemRoot\system32\drivers\drmk.sys

0x92102000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x9210E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x92119000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x92130000 \SystemRoot\System32\Drivers\usbvideo.sys

0x92154000 \SystemRoot\system32\DRIVERS\pgeffect.sys

0x9215A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8B868000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x92167000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x9A350000 \SystemRoot\System32\win32k.sys

0x92178000 \SystemRoot\System32\drivers\Dxapi.sys

0x92182000 \SystemRoot\system32\DRIVERS\monitor.sys

0x9A5B0000 \SystemRoot\System32\TSDDD.dll

0x9A5E0000 \SystemRoot\System32\cdd.dll

0x9218D000 \SystemRoot\system32\drivers\luafv.sys

0x921A8000 \SystemRoot\system32\drivers\WudfPf.sys

0x921C2000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x91D39000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x921D2000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x921E2000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9C401000 \SystemRoot\system32\drivers\HTTP.sys

0x9C486000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x9C48F000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9C4A8000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9C4BA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9C4DD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9C518000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x9C54B000 \SystemRoot\system32\drivers\peauth.sys

0x9C5E2000 \SystemRoot\System32\Drivers\secdrv.SYS

0x91D7F000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9C5EC000 \SystemRoot\System32\drivers\tcpipreg.sys

0x91DA0000 \SystemRoot\System32\DRIVERS\srv2.sys

0xB403F000 \SystemRoot\System32\DRIVERS\srv.sys

0x77200000 \Windows\System32\ntdll.dll

0x47E20000 \Windows\System32\smss.exe

0x77440000 \Windows\System32\apisetschema.dll

0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 70):

0 System Idle Process

4 System

340 C:\Windows\System32\smss.exe

516 csrss.exe

556 C:\Windows\System32\wininit.exe

568 csrss.exe

616 C:\Windows\System32\services.exe

632 C:\Windows\System32\lsass.exe

640 C:\Windows\System32\lsm.exe

748 C:\Windows\System32\svchost.exe

820 C:\Windows\System32\winlogon.exe

864 C:\Windows\System32\svchost.exe

924 C:\Windows\System32\svchost.exe

1032 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\svchost.exe

1212 C:\Windows\System32\svchost.exe

1268 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

1548 C:\Windows\System32\svchost.exe

1688 C:\Windows\System32\spoolsv.exe

1732 C:\Windows\System32\svchost.exe

1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1880 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

1964 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

2008 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

512 C:\Windows\System32\svchost.exe

956 C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

1580 C:\Windows\System32\TODDSrv.exe

444 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

2072 C:\Program Files\TOSHIBA\TECO\TecoService.exe

2572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

2604 C:\Windows\System32\SearchIndexer.exe

2660 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

2808 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

3572 C:\Windows\System32\svchost.exe

3136 C:\Windows\System32\taskhost.exe

3224 C:\Windows\System32\dwm.exe

3652 C:\Windows\explorer.exe

2376 C:\Windows\System32\svchost.exe

3988 C:\Windows\System32\hkcmd.exe

3896 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2516 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

2404 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

2288 C:\Program Files\TOSHIBA\TECO\TEco.exe

2348 C:\Program Files\Sophos\AutoUpdate\ALMon.exe

3648 C:\Program Files\iTunes\iTunesHelper.exe

1120 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

4468 C:\Program Files\iPod\bin\iPodService.exe

4900 C:\Windows\System32\taskeng.exe

4956 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

5216 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

5580 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

5824 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

5876 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

4136 C:\Program Files\Windows Media Player\wmpnetwk.exe

1100 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

4756 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

4828 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

1096 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

3840 C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe

1132 C:\Program Files\Internet Explorer\iexplore.exe

5320 C:\Program Files\Internet Explorer\iexplore.exe

4068 C:\Program Files\Mozilla Firefox\firefox.exe

6072 C:\Windows\System32\SearchProtocolHost.exe

3548 C:\Windows\System32\SearchFilterHost.exe

4036 C:\Windows\explorer.exe

5632 C:\Windows\System32\audiodg.exe

2612 dllhost.exe

1156 dllhost.exe

4760 C:\Users\Owner\Desktop\MBRCheck.exe

5112 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3263GSX, Rev: FG020M

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

[LDTate]

That part looks ok.

Download Bootkit remover to your desktop

This is a rar file if you do not have a programme to open it then download and install Peazip

Extract Remover.exe to your desktop

Right click Remover.exe and select Run as Administrator

It will show a Black screen with some data on it

Right click on the screen and select > Select All

Press Control+C

Open a notepad and press Control+V

Post the resuls log here please

[Corey3245]

Right. My bad. I followed the instructions and it popped up, but had everything it was supposed to do load but instantly I got System Volume is\\.C:

main<>: createFile<> ERROR 5

ERROR: Can't open volume device \\.\C: