Firefox browser keeps getting hijacked.

58 posts in this topic

Please help!

My firefox browser appears to keep redirecting me to other sites I am not attempting to access and I don't know how to get it to stop?

I Have run Malware bytes, Spybot s+d, Ad aware and my AVG and nothing is helping? I also downloaded combo fix but read it was best to get some advice before using it as could damage my computer so am asking for your help please. I have included a copy of MBAM last file and DDS file, I also have the other zipped dds file if needed. but when i run GMER as requested it keeps crashing.

Many thanks In advance for all your help.

Malwarebytes' Anti-Malware 1.46

Database version: 4436

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

8/16/2010 6:18:24 PM

mbam-log-2010-08-16 (18-18-24).txt

Scan type: Quick scan

Objects scanned: 142166

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\XTF1BQO4MU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\INCG9WP8HQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Slim at 17:53:12.89 on Mon 08/16/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20


Share this post

Link to post
Share on other sites

Hello scubashadyw! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

What about Attach.txt ?

Share this post

Link to post
Share on other sites

Hi Borislav thank you for you response.

Not sure When you ask for the Attach txt are you asking me for the Zip file of my other DDS file? If so I have included it as an attachment with this post. If it is something else just ask and I will post it.

Many thanks for your help, even if you are a Man U fan! :)

Share this post

Link to post
Share on other sites

Step 1

lease, uninstall the following applications:

  1. Adobe Reader 9.3.1

You can read, how to do this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

Going over your logs I noticed that you have

Share this post

Link to post
Share on other sites

Am starting to do everything you have asked and will post the logs when I get a chance hopefully at some point this evening.

Please bear with me.

Thank's for all your help.

Share this post

Link to post
Share on other sites

Don't worry about that! I'm right here :(

Share this post

Link to post
Share on other sites

Hi Borislav,

I have completed all the tasks you asked and have included the Combo fix report but I cant find the JavaRa log anywhere? I looked in the file it said it was saved to and I can't find it? Really don't know where it has gone. Sorry about that.


Share this post

Link to post
Share on other sites

Not quite sure how you wanted the log and realised maybe an attachment was not the best idea so here it is again.

ComboFix 10-08-18.04 - Slim 08/19/2010 17:19:16.1.2 - x86


Share this post

Link to post
Share on other sites

I forgot to mention and don't know if it is of any help but an Internet explorer icon appeared on my desktop after I ran combo fix and it was not there before.

Share this post

Link to post
Share on other sites

Yes, ComboFix make a shortcut of Internet Explorer. You can manually delete it.

Please upload one by one these files in and post the resaults in your next reply:



Share this post

Link to post
Share on other sites

I have tried to upload the files you asked to, the first one seems to work fine results below.



File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 6bcaf46e2b7fa9ace92b4d39f3037c5c

Date first seen: 2007-02-24 16:04:15 (UTC)

Date last seen: 2010-08-19 05:13:19 (UTC)

Detection ratio: 0/42

What do you wish to do?

However when I try to submit the file c:\users\Slim\AppData\Roaming\hhctrlo.dll i get the message


You don't have permission to open this file

Contact the file owner or an administrator to obtain permission.

I am the administrator of this computer so don't quite know why I can't access the file?

Hope this is of help to you?

Thanks for all your help so far.

Share this post

Link to post
Share on other sites

I see, thank you! ;)

Open Notepad and copy and paste the text in the code box below into it:


Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.


This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Share this post

Link to post
Share on other sites

I ran the combo fix scan with the added file. It told me an update was available so I updated. Here is the log file

ComboFix 10-08-22.05 - Slim 08/23/2010 10:00:08.2.2 - x86


Share this post

Link to post
Share on other sites

Please wait! I need a answer from our virus researcher about this file.

Share this post

Link to post
Share on other sites

Firefox still seems to be playing up, I was looking up maps and got redirected to albion clearance services who I have never heard of? The thing I have noticed is where I am being redirected seems very random most times, one that keeps coming up frequently is something called the click check? I have also noticed it does not seem to redirect me every time I am browsing. I also tried to look at things with Internet explorer and this does the same?

Sorry to be a problem but I really don't know what to do?

Share this post

Link to post
Share on other sites

  1. Download mbr.exe to your Desktop.
  2. Doubleclick mbr.exe and follow prompts.
  3. When mbr.exe is ready, it will create a log.
  4. Copy and paste contents of that file to your next reply.

Share this post

Link to post
Share on other sites

Not sure if I am doing something wrong but after downloading the mbr.exe to my desktop and running it nothing appears to happen? I can't find a log anywhere to post?

Sorry about that?

Share this post

Link to post
Share on other sites

I have noticed that Java 6 update 3 has appeared on my computer and after deleting all the java products before don't recall adding it? If that is of any help to you?

Share this post

Link to post
Share on other sites

It's very strange.

Run MBRCheck.exe

  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.

Share this post

Link to post
Share on other sites

Ok found it I think

MBRCheck, version 1.2.3

© 2010, AD


Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: ASUSTeK Computer Inc.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: ASUSTeK Computer Inc.

System Product Name: N51Vf

Logical Drives Mask: 0x0000009c

Kernel Drivers (total 181):

0x82401000 \SystemRoot\system32\ntkrnlpa.exe

0x827BA000 \SystemRoot\system32\hal.dll

0x80405000 \SystemRoot\system32\kdcom.dll

0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x8047C000 \SystemRoot\system32\PSHED.dll

0x8048D000 \SystemRoot\system32\BOOTVID.dll

0x80495000 \SystemRoot\system32\CLFS.SYS

0x804D6000 \SystemRoot\system32\CI.dll

0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8067A000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x80688000 \SystemRoot\system32\drivers\acpi.sys

0x806CE000 \SystemRoot\system32\drivers\WMILIB.SYS

0x806D7000 \SystemRoot\system32\drivers\msisadrv.sys

0x806DF000 \SystemRoot\system32\drivers\pci.sys

0x80706000 \SystemRoot\System32\drivers\partmgr.sys

0x80715000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x80718000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x80722000 \SystemRoot\system32\drivers\volmgr.sys

0x80731000 \SystemRoot\System32\drivers\volmgrx.sys

0x8077B000 \SystemRoot\System32\drivers\mountmgr.sys

0x8078B000 \SystemRoot\system32\drivers\pciide.sys

0x80792000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x82A0B000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x82AE4000 \SystemRoot\system32\drivers\atapi.sys

0x82AEC000 \SystemRoot\system32\drivers\ataport.SYS

0x82B0A000 \SystemRoot\system32\drivers\msahci.sys

0x82B14000 \SystemRoot\system32\drivers\fltmgr.sys

0x82B46000 \SystemRoot\system32\drivers\fileinfo.sys

0x82B56000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x82B65000 \SystemRoot\system32\DRIVERS\lullaby.sys

0x82B6D000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x82B77000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8A609000 \SystemRoot\system32\drivers\ndis.sys

0x8A714000 \SystemRoot\system32\drivers\msrpc.sys

0x8A73F000 \SystemRoot\system32\drivers\NETIO.SYS

0x8A80D000 \SystemRoot\System32\drivers\tcpip.sys

0x8A8F7000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8AA0F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8AB1F000 \SystemRoot\system32\drivers\volsnap.sys

0x8AB58000 \SystemRoot\System32\Drivers\spldr.sys

0x8AB60000 \SystemRoot\System32\Drivers\mup.sys

0x8AB6F000 \SystemRoot\System32\drivers\ecache.sys

0x8AB96000 \SystemRoot\system32\drivers\disk.sys

0x8ABA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x8ABC8000 \SystemRoot\system32\drivers\crcdisk.sys

0x8ABDE000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8ABE9000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8AA00000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x8EC03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x8F559000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x8F55B000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8ABF2000 \SystemRoot\System32\drivers\watchdog.sys

0x8A9EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x8A77A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8A7B8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8E600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8F609000 \SystemRoot\system32\DRIVERS\NETw5v32.sys

0x8F992000 \SystemRoot\system32\DRIVERS\Rtlh86.sys

0x8F9CD000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x8F9DD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x8E68D000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x8F9EB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0x8E6A7000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0x8E6BB000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0x8E70D000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x8F600000 \SystemRoot\system32\DRIVERS\kbfiltr.sys

0x8E720000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8E72B000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x8F9FC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8E75B000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8E766000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8E77E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x8E784000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x8E788000 \SystemRoot\system32\DRIVERS\ATKACPI.sys

0x8E790000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8E7BF000 \SystemRoot\system32\DRIVERS\storport.sys

0x8A800000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8A7C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8A7DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x807A0000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8A7E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x82BE8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x807C3000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x807D8000 \SystemRoot\System32\Drivers\pcouffin.sys

0x807E4000 \SystemRoot\system32\DRIVERS\termdd.sys

0x82A00000 \SystemRoot\system32\DRIVERS\VClone.sys

0x805B6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x8F9FE000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8FC03000 \SystemRoot\system32\DRIVERS\ks.sys

0x8FC2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8FC37000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8FC44000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8FC79000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x90604000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x90827000 \SystemRoot\system32\drivers\portcls.sys

0x90854000 \SystemRoot\system32\drivers\drmk.sys

0x90879000 \SystemRoot\system32\drivers\nvhda32v.sys

0x90887000 \SystemRoot\System32\Drivers\BTHUSB.sys

0x90894000 \SystemRoot\System32\Drivers\bthport.sys

0x90914000 \SystemRoot\System32\Drivers\tcusb.sys

0x9091F000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x90C04000 \SystemRoot\system32\DRIVERS\snp2uvc.sys

0x90DB0000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x90DBD000 \SystemRoot\system32\DRIVERS\sncduvc.SYS

0x90DC4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x90DCD000 \SystemRoot\System32\Drivers\Null.SYS

0x90DD4000 \SystemRoot\System32\Drivers\Beep.SYS

0x90DDB000 \SystemRoot\System32\drivers\vga.sys

0x90936000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x90DE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x90DEF000 \SystemRoot\system32\drivers\rdpencdd.sys

0x90957000 \SystemRoot\System32\Drivers\Msfs.SYS

0x90962000 \SystemRoot\System32\Drivers\Npfs.SYS

0x90DF7000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x90970000 \SystemRoot\system32\DRIVERS\tdx.sys

0x90986000 \SystemRoot\System32\Drivers\avgtdix.sys

0x909C0000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8FC8A000 \SystemRoot\system32\DRIVERS\smb.sys

0x8FC9E000 \SystemRoot\system32\DRIVERS\rfcomm.sys

0x94607000 \SystemRoot\system32\DRIVERS\kl1.sys

0x94B27000 \SystemRoot\system32\DRIVERS\BthEnum.sys

0x94B31000 \SystemRoot\system32\drivers\afd.sys

0x94B79000 \SystemRoot\system32\DRIVERS\bthpan.sys

0x94B93000 \SystemRoot\system32\DRIVERS\pacer.sys

0x94BA9000 \SystemRoot\system32\DRIVERS\bthmodem.sys

0x94BB8000 \SystemRoot\system32\DRIVERS\klim6.sys

0x94BBF000 \SystemRoot\system32\drivers\modem.sys

0x94BCC000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8FCC7000 \SystemRoot\system32\drivers\btwavdt.sys

0x94BDA000 \SystemRoot\System32\Drivers\StarOpen.SYS

0x8FD38000 \SystemRoot\system32\drivers\btwaudio.sys

0x94BE0000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x94BF3000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

0x8FDB8000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x94BFD000 \SystemRoot\system32\DRIVERS\btwrchid.sys

0x805DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x94600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x909F2000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8FDF4000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0x94E07000 \SystemRoot\System32\Drivers\dfsc.sys

0x94E1E000 \SystemRoot\System32\Drivers\avgmfx86.sys

0x94E24000 \SystemRoot\System32\Drivers\avgldx86.sys

0x94E58000 \SystemRoot\System32\Drivers\crashdmp.sys

0x94E65000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x9E280000 \SystemRoot\System32\win32k.sys

0x94F3E000 \SystemRoot\System32\drivers\Dxapi.sys

0x94F48000 \SystemRoot\system32\DRIVERS\monitor.sys

0x9E4A0000 \SystemRoot\System32\TSDDD.dll

0x9E4C0000 \SystemRoot\System32\ATMFD.DLL

0x9E510000 \SystemRoot\System32\cdd.dll

0x94F57000 \SystemRoot\system32\drivers\luafv.sys

0x94F72000 \SystemRoot\system32\drivers\WudfPf.sys

0x8A912000 \SystemRoot\system32\drivers\spsys.sys

0x94F8C000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x94F9C000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x94FC6000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x94FD0000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x94FE3000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys

0xA5208000 \SystemRoot\system32\drivers\HTTP.sys

0xA5275000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xA5292000 \SystemRoot\system32\DRIVERS\bowser.sys

0xA52AB000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA52C0000 \SystemRoot\system32\drivers\mrxdav.sys

0xA52E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA5300000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA5339000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA5351000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA5378000 \SystemRoot\System32\DRIVERS\srv.sys

0xA53C6000 \SystemRoot\System32\Drivers\adfs.SYS

0xA53D7000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys

0x8A9C2000 \SystemRoot\System32\Drivers\fastfat.SYS

0xA740C000 \SystemRoot\system32\drivers\peauth.sys

0xA74EA000 \SystemRoot\System32\Drivers\secdrv.SYS

0xA74F4000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA7504000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA752A000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xA7540000 \SystemRoot\System32\Drivers\AsDsm.SYS

0xA754A000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xA7553000 \SystemRoot\system32\DRIVERS\NuidFltr.sys

0xA755A000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x77130000 \Windows\System32\ntdll.dll

Processes (total 90):

0 System Idle Process

4 System

652 C:\Windows\System32\smss.exe

728 csrss.exe

780 C:\Windows\System32\wininit.exe

792 csrss.exe

824 C:\Windows\System32\services.exe

836 C:\Windows\System32\lsass.exe

844 C:\Windows\System32\lsm.exe

992 C:\Windows\System32\svchost.exe

1036 C:\Windows\System32\svchost.exe

1064 C:\Windows\System32\nvvsvc.exe

1092 C:\Windows\System32\svchost.exe

1192 C:\Windows\System32\svchost.exe

1220 C:\Windows\System32\svchost.exe

1232 C:\Windows\System32\svchost.exe

1308 C:\Windows\System32\audiodg.exe

1328 C:\Windows\System32\svchost.exe

1344 C:\Windows\System32\SLsvc.exe

1372 C:\Windows\System32\svchost.exe

1488 C:\Windows\System32\winlogon.exe

1628 C:\Windows\System32\svchost.exe

1692 C:\Windows\System32\nvvsvc.exe

1900 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

1912 C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe

1928 C:\Program Files\ATKGFNEX\GFNEXSrv.exe

1948 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

2040 C:\Windows\System32\spoolsv.exe

124 C:\Windows\System32\taskeng.exe

440 C:\Windows\System32\svchost.exe

2084 C:\Windows\System32\svchost.exe

2096 C:\Program Files\Common Files\SPBA\upeksvr.exe

2128 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2160 C:\Program Files\AVG\AVG9\avgwdsvc.exe

2184 C:\Program Files\Bonjour\mDNSResponder.exe

2216 C:\Windows\System32\svchost.exe

2244 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

2544 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

2624 C:\Program Files\CDBurnerXP\NMSAccessU.exe

2716 C:\Windows\System32\svchost.exe

2744 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

2784 C:\Windows\System32\svchost.exe

2832 C:\Windows\System32\svchost.exe

2860 C:\Windows\System32\SearchIndexer.exe

3016 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

3120 C:\Program Files\AVG\AVG9\avgnsx.exe

3376 C:\Program Files\AVG\AVG9\avgemc.exe

3532 C:\Program Files\AVG\AVG9\avgcsrvx.exe

3860 unsecapp.exe

3868 C:\Windows\servicing\TrustedInstaller.exe

3952 C:\Windows\System32\alg.exe

3968 C:\Program Files\AVG\AVG9\avgchsvx.exe

4012 C:\Program Files\AVG\AVG9\avgrsx.exe

4052 WmiPrvSE.exe

2428 C:\Program Files\AVG\AVG9\avgcsrvx.exe

2508 C:\Windows\System32\taskeng.exe

1752 C:\Windows\System32\dwm.exe

3716 C:\Program Files\P4G\BatteryLife.exe

3220 C:\Windows\System32\taskeng.exe

3156 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

1132 C:\Windows\explorer.exe

2052 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

4204 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe

4420 C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe

4428 C:\Program Files\ASUS\ATK Hotkey\HControl.exe

4444 C:\Program Files\Wireless Console 2\wcourier.exe

4468 C:\Program Files\ASUS\Splendid\ACMON.exe

4508 C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

4552 C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

4560 C:\Program Files\ASUS\ATK Hotkey\WDC.exe

4580 ACEngSvr.exe

4756 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

4792 C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

4800 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

4936 C:\Program Files\AVG\AVG9\avgtray.exe

4960 C:\Program Files\iTunes\iTunesHelper.exe

4976 C:\Windows\System32\rundll32.exe

5024 C:\Program Files\Windows Media Player\wmpnscfg.exe

5200 C:\Windows\System32\wbem\unsecapp.exe

5364 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

5740 C:\Program Files\iPod\bin\iPodService.exe

5904 C:\Program Files\Mozilla Firefox\firefox.exe

2260 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

968 C:\Windows\System32\SearchProtocolHost.exe

4648 C:\Windows\System32\SearchFilterHost.exe

5472 WmiPrvSE.exe

5536 C:\Program Files\AVG\AVG9\avgupd.exe

4044 dllhost.exe

5348 dllhost.exe

4604 C:\Users\Slim\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000028`30b37200 (NTFS)

PhysicalDrive0 Model Number: ST9320421AS, Rev: SD14

Size Device Name MBR Status


298 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows Vista)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 1

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.


Share this post

Link to post
Share on other sites

Ok followed the link and completed the bootrec.exe/fixmbr instruction, have initially tested out my browser by looking up random things on cats and dogs (first thing that came into my head). I then restarted my computer a few times and did the same. All appears to be working fine now. Do you need me to run anymore checks and post any more logs?

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.