devinjc

search redirect nothing detected

35 posts in this topic

Wits end, probably have done a lot of things I shouldn't have... was going to just reimage, but thought I'd try this as I'm really curious at this point. Nothing bad is showing up on any scans that I see. Thanks in advance.

DDS.txt

.

DDS (Ver_11-03-05.01) - FAT32x86

Run by james at 8:39:10.21 on Thu 03/31/2011

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2110 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

f:\UnHackMe\hackmon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\dvd43\DVD43_Tray.exe

F:\iTunes7\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Free Download Manager\fdm.exe

F:\MagicDisc\MagicDisc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\sppsvc.exe

C:\Users\james\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - f:\free download manager\iefdm2.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "f:\steam\Steam.exe" -silent

uRun: [Free Download Manager] f:\free download manager\fdm.exe -autorun

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "f:\itunes7\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "f:\malwarebytes\mbam.exe" /runcleanupscript

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - f:\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - f:\squeezebox\SqueezeTray.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://f:\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://f:\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://f:\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://f:\free download manager\dllink.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\wf24yb9q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: f:\free download manager\firefox\extension\components\vmsfdmff.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071705000014.dll

FF - plugin: f:\itunes7\mozilla plugins\npitunes.dll

FF - plugin: f:\picasa3\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\james\appdata\roaming\Move Networks

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2009-6-18 67608]

R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [2007-12-19 40984]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-28 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-28 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-28 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-28 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-28 42184]

R2 SqueezeMySQL;SqueezeMySQL;f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]

S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-3-27 35816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-3-27 24416]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sandra benchmark\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-8-1 93848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-03-28 05:29:09 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-03-28 05:29:07 2 --shatr- c:\windows\winstart.bat

2011-03-26 23:22:21 149504 --sha-r- c:\windows\system32\KBDBENEY.dll

2011-03-03 02:56:50 37943240 ----a-w- c:\windows\system32\MRT.exe

2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr

2011-02-23 14:04:17 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 05:34:32 716800 ----a-w- c:\windows\system32\jscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: STT_FTM6 rev.1571 -> Harddisk3\DR3 -> \Device\00000068

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys

c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce SATA Driver

1 ntkrnlpa!IofCallDriver[0x83476448] -> \Device\Harddisk3\DR3[0x873B9AC8]

3 CLASSPNP[0x8BE5E59E] -> ntkrnlpa!IofCallDriver[0x83476448] -> [0x85FE2B50]

5 ACPI[0x840CC3B2] -> ntkrnlpa!IofCallDriver[0x83476448] -> \Device\00000066[0x86DCB030]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

error: Read Insufficient system resources exist to complete the requested service.

.

============= FINISH: 8:40:02.36 ===============

Attach.zip

ark.zip

Share this post


Link to post
Share on other sites

Hello devinjc! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Let's start from somewhere.

Step 1

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->-Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 2

You have some leftovers from AVG. Use their uninstaller to clean them:

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1184.exe

Step 3

* Go to start > run... and type: wbemtest > hit enter

* There, click connect

* In the field on top, where it says "root\default", type root\SecurityCenter instead, then click the connect button.

* Below, click the "Query... " button

* In the query box, type: Select * From AntivirusProduct and hit apply.

* In there, select the entry with the guid {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} and hit delete below. Then close that window.

Finally, post a new fresh DDS log file.

Share this post


Link to post
Share on other sites

Hello Borislav, thank you very much for the help.

Step 1: No AskBarDis in programs to remove, however search for "ask" revealed Foxit toolbar with ask.com association, removed that.

Step 2: Done

Step 3: Opened webemtest, clicked connect, replaced "root\cimv2" with "root\SecurityCenter" clicked connect. Query, entered "Select * From AntivirusProduct" returned no entries to delete.

New DDS just in case.

.

DDS (Ver_11-03-05.01) - FAT32x86

Run by james at 11:32:57.48 on Thu 03/31/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2293 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

f:\UnHackMe\hackmon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\dvd43\DVD43_Tray.exe

F:\iTunes7\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\Free Download Manager\fdm.exe

F:\MagicDisc\MagicDisc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\james\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - f:\free download manager\iefdm2.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "f:\steam\Steam.exe" -silent

uRun: [Free Download Manager] f:\free download manager\fdm.exe -autorun

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "f:\itunes7\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "f:\malwarebytes\mbam.exe" /runcleanupscript

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - f:\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - f:\squeezebox\SqueezeTray.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://f:\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://f:\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://f:\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://f:\free download manager\dllink.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\wf24yb9q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: f:\free download manager\firefox\extension\components\vmsfdmff.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071705000014.dll

FF - plugin: f:\itunes7\mozilla plugins\npitunes.dll

FF - plugin: f:\picasa3\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\james\appdata\roaming\Move Networks

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2009-6-18 67608]

R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [2007-12-19 40984]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-28 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-28 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-28 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-28 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-28 42184]

R2 SqueezeMySQL;SqueezeMySQL;f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]

S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-3-27 35816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-3-27 24416]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sandra benchmark\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-8-1 93848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400]

.

=============== Created Last 30 ================

.

2011-03-30 07:23:10 -------- d-----w- c:\users\james\appdata\local\temp

2011-03-30 07:21:34 -------- d-sh--w- C:\$RECYCLE.BIN

2011-03-30 07:08:54 98816 ----a-w- c:\windows\sed.exe

2011-03-30 07:08:54 89088 ----a-w- c:\windows\MBR.exe

2011-03-30 07:08:54 256512 ----a-w- c:\windows\PEV.exe

2011-03-30 07:08:54 161792 ----a-w- c:\windows\SWREG.exe

2011-03-30 07:08:50 -------- d-----w- C:\23

2011-03-30 01:31:59 981504 ----a-w- c:\windows\system32\wininet.dll

2011-03-29 06:51:52 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-03-29 06:51:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-29 06:51:42 40648 ----a-w- c:\windows\avastSS.scr

2011-03-29 06:51:40 -------- d-----w- c:\program files\AVAST Software

2011-03-29 06:51:40 -------- d-----w- c:\progra~2\AVAST Software

2011-03-29 06:06:05 -------- d-----w- C:\TEMP

2011-03-29 05:19:20 -------- d-----w- c:\program files\CCleaner

2011-03-28 05:34:25 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2011-03-28 05:29:09 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-03-28 05:29:09 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-03-28 05:29:07 2 --shatr- c:\windows\winstart.bat

2011-03-28 05:29:05 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2011-03-27 22:04:32 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes

2011-03-27 22:04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-27 22:04:30 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-27 22:04:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-27 21:45:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-03-27 21:45:35 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-03-27 21:45:15 -------- d-----w- c:\progra~2\Hitman Pro

2011-03-26 23:36:16 0 ----a-w- c:\users\james\appdata\local\Esixuka.bin

2011-03-26 23:22:21 149504 --sha-r- c:\windows\system32\KBDBENEY.dll

2011-03-26 23:14:52 -------- d-----w- c:\users\james\appdata\roaming\GARMIN

2011-03-26 23:14:12 -------- d-----w- C:\WebUpdater

2011-03-26 23:13:51 -------- d-----w- C:\Garmin

2011-03-14 16:42:48 -------- d--h--w- c:\progra~2\Common Files

2011-03-09 17:01:21 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: STT_FTM6 rev.1571 -> Harddisk3\DR3 -> \Device\00000068

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys

c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce SATA Driver

1 ntkrnlpa!IofCallDriver[0x83478448] -> \Device\Harddisk3\DR3[0x873BDAC8]

3 CLASSPNP[0x8BE0F59E] -> ntkrnlpa!IofCallDriver[0x83478448] -> [0x86DC84F0]

5 ACPI[0x840493B2] -> ntkrnlpa!IofCallDriver[0x83478448] -> \Device\00000066[0x86DC8030]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

error: Read Insufficient system resources exist to complete the requested service.

.

============= FINISH: 11:33:15.09 ===============

Attach1.zip

Share this post


Link to post
Share on other sites

I can switch to root\default but the first time I hit connect it shows "root\cimv2"

Share this post


Link to post
Share on other sites

Okay, what about with root/default?

Share this post


Link to post
Share on other sites

Not sure I understand what you are asking at this point.

Attempted all of the following:

Root\default > Query Select * From AntivirusProduct = invalid class error

Root/default > Query Select * From AntivirusProduct = invalid class error

Root/default > root/securitycenter > Query Select * From AntivirusProduct = 0 objects

Root\default > root\securitycenter > Quert Select * From AntivirusProduct = 0 objects

Share this post


Link to post
Share on other sites

Let me think. Meanwhile:

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Share this post


Link to post
Share on other sites

Fun stuff. MBRcheck locked up the machine (or so it appeared, unresponsive to everything including enter) after an hour I rebooted. Now I'm getting NTLDR missing. Will repair that tonight hopefully.

Thanks for all your help so far, it will probably be 10-12 hours before I get a chance to do anything else.

Share this post


Link to post
Share on other sites

Back in business, here's the MBRCHECK log that it generated earlier. I can run again if incomplete, but will wait for your direction.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: MSI

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: MSI

System Product Name: MS-7350

Logical Drives Mask: 0x00020dfc

Kernel Drivers (total 163):

0x8343C000 \SystemRoot\system32\ntkrnlpa.exe

0x83405000 \SystemRoot\system32\halmacpi.dll

0x80BAA000 \SystemRoot\system32\kdcom.dll

0x83A04000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x83A7C000 \SystemRoot\system32\PSHED.dll

0x83A8D000 \SystemRoot\system32\BOOTVID.dll

0x83A95000 \SystemRoot\system32\CLFS.SYS

0x83AD7000 \SystemRoot\system32\CI.dll

0x83B82000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8402A000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x84038000 \SystemRoot\system32\drivers\Partizan.sys

0x84040000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x84088000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x84091000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x84099000 \SystemRoot\system32\DRIVERS\pci.sys

0x840C3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x840CE000 \SystemRoot\System32\drivers\partmgr.sys

0x840DF000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x840EF000 \SystemRoot\System32\drivers\volmgrx.sys

0x8413A000 \SystemRoot\system32\DRIVERS\pciide.sys

0x84141000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x8414F000 \SystemRoot\System32\drivers\mountmgr.sys

0x84165000 \SystemRoot\system32\DRIVERS\atapi.sys

0x8416E000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x84191000 \SystemRoot\system32\DRIVERS\nvstor.sys

0x841B6000 \SystemRoot\system32\DRIVERS\storport.sys

0x84000000 \SystemRoot\system32\DRIVERS\SscRdBus.sys

0x8423E000 \SystemRoot\system32\DRIVERS\vsmraid.sys

0x84263000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x8426C000 \SystemRoot\system32\DRIVERS\SscRdCls.sys

0x84279000 \SystemRoot\system32\drivers\fltmgr.sys

0x842AD000 \SystemRoot\system32\drivers\fileinfo.sys

0x842BE000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x842C7000 \SystemRoot\System32\Drivers\Ntfs.sys

0x84200000 \SystemRoot\System32\Drivers\msrpc.sys

0x8422B000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BA1A000 \SystemRoot\System32\Drivers\cng.sys

0x8BA77000 \SystemRoot\System32\drivers\pcw.sys

0x8BA85000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BA8E000 \SystemRoot\system32\drivers\ndis.sys

0x8BB45000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BB83000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8BC30000 \SystemRoot\System32\drivers\tcpip.sys

0x8BD79000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8BDAA000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8BDB3000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8BDF2000 \SystemRoot\System32\Drivers\spldr.sys

0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys

0x8BBA8000 \SystemRoot\System32\Drivers\mup.sys

0x8BBB8000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BBC0000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8BA00000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BE0B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BE7D000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8BE9C000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x8BEFA000 \SystemRoot\System32\Drivers\Null.SYS

0x8BF01000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BF08000 \SystemRoot\System32\drivers\vga.sys

0x8BF14000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8BF35000 \SystemRoot\System32\drivers\watchdog.sys

0x8BF42000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8BF4A000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8BF52000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8BF5A000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8BF65000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8BF73000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8BF8A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8BF95000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x8BF9F000 \SystemRoot\System32\DRIVERS\netbt.sys

0x9123E000 \SystemRoot\system32\drivers\afd.sys

0x91298000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x9129D000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x912A4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x912C3000 \SystemRoot\system32\DRIVERS\netbios.sys

0x912D1000 \SystemRoot\system32\DRIVERS\serial.sys

0x912EB000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x912FE000 \SystemRoot\system32\DRIVERS\termdd.sys

0x9130E000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x9134F000 \SystemRoot\system32\drivers\nsiproxy.sys

0x91359000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x91363000 \SystemRoot\System32\drivers\discache.sys

0x9136F000 \SystemRoot\system32\drivers\csc.sys

0x913D3000 \SystemRoot\System32\Drivers\dfsc.sys

0x913EB000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x91625000 \SystemRoot\System32\Drivers\aswSP.SYS

0x9166D000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x9168E000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x91E3C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x916A0000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x927A2000 \SystemRoot\System32\drivers\dxgmms1.sys

0x927DB000 \SystemRoot\system32\DRIVERS\serenum.sys

0x927E5000 \SystemRoot\system32\DRIVERS\parport.sys

0x91E00000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x91E18000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x91E25000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x91E32000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x91757000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x917A2000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x917B1000 \SystemRoot\System32\DRIVERS\dvd43llh.sys

0x917B6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x917BC000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x91600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x92C2E000 \SystemRoot\system32\DRIVERS\nvm62x32.sys

0x92C83000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x92C90000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x92CA2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x92CBA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x92CC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x92CE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x92CFF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x92D16000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x92D2D000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x92D37000 \SystemRoot\system32\DRIVERS\mcdbus.sys

0x92D54000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x92D7A000 \SystemRoot\system32\DRIVERS\swenum.sys

0x92D7C000 \SystemRoot\system32\DRIVERS\ks.sys

0x92DB0000 \SystemRoot\system32\DRIVERS\umbus.sys

0x92E07000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x92E4B000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x93037000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x932C0000 \SystemRoot\system32\drivers\portcls.sys

0x932EF000 \SystemRoot\system32\drivers\drmk.sys

0x93308000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x9331F000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x93321000 \SystemRoot\System32\Drivers\fastfat.SYS

0x96830000 \SystemRoot\System32\win32k.sys

0x9334B000 \SystemRoot\System32\drivers\Dxapi.sys

0x93355000 \SystemRoot\System32\Drivers\crashdmp.sys

0x93362000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x9336C000 \SystemRoot\System32\Drivers\dump_nvstor.sys

0x93391000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x933A2000 \SystemRoot\system32\DRIVERS\monitor.sys

0x96A90000 \SystemRoot\System32\TSDDD.dll

0x96AC0000 \SystemRoot\System32\cdd.dll

0x933AD000 \SystemRoot\system32\drivers\luafv.sys

0x933C8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x93000000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x93003000 \SystemRoot\system32\drivers\WudfPf.sys

0x9301D000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x92E5C000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x92E6F000 \SystemRoot\system32\drivers\HTTP.sys

0x92EF4000 \SystemRoot\system32\DRIVERS\bowser.sys

0x92F0D000 \SystemRoot\System32\drivers\mpsdrv.sys

0x92F1F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x92F42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x92F7D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x9302D000 \SystemRoot\system32\DRIVERS\parvdm.sys

0x9E40C000 \SystemRoot\system32\drivers\peauth.sys

0x9E4A3000 \SystemRoot\System32\Drivers\secdrv.SYS

0x9E4AD000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9E4CE000 \SystemRoot\System32\drivers\tcpipreg.sys

0x9E4DB000 \SystemRoot\System32\DRIVERS\srv2.sys

0x9E52A000 \SystemRoot\System32\DRIVERS\srv.sys

0x9E57B000 \SystemRoot\System32\drivers\rdpdr.sys

0x9E5A0000 \SystemRoot\system32\drivers\tdtcp.sys

0x9E5AA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x9E5B7000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x92F98000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA54A1000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xA54AA000 \??\R:\Temp\mbr.sys

0x77130000 \Windows\System32\ntdll.dll

0x48310000 \Windows\System32\smss.exe

0x77370000 \Windows\System32\apisetschema.dll

Processes (total 64):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

464 csrss.exe

512 C:\Windows\System32\wininit.exe

520 csrss.exe

572 C:\Windows\System32\services.exe

580 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

616 C:\Windows\System32\winlogon.exe

744 C:\Windows\System32\svchost.exe

856 C:\Windows\System32\svchost.exe

936 C:\Windows\System32\svchost.exe

988 C:\Windows\System32\svchost.exe

1020 C:\Windows\System32\svchost.exe

1200 C:\Windows\System32\svchost.exe

1408 C:\Windows\System32\svchost.exe

1488 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

1788 C:\Windows\System32\taskeng.exe

1796 C:\Windows\System32\spoolsv.exe

1832 C:\Windows\System32\svchost.exe

1880 C:\Windows\System32\rundll32.exe

1960 C:\Windows\System32\svchost.exe

1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2044 C:\Program Files\Bonjour\mDNSResponder.exe

388 C:\Windows\System32\svchost.exe

412 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

1120 C:\Windows\System32\PnkBstrA.exe

1304 C:\Windows\System32\PnkBstrB.exe

1340 F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

2056 C:\Windows\System32\svchost.exe

2092 C:\Windows\System32\SearchIndexer.exe

2860 WUDFHost.exe

2980 C:\Windows\System32\svchost.exe

3868 C:\Windows\System32\taskeng.exe

2100 C:\Windows\System32\dwm.exe

4044 C:\Windows\System32\taskhost.exe

3832 C:\Windows\explorer.exe

3980 F:\UnHackMe\hackmon.exe

4072 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

2792 C:\Program Files\dvd43\DVD43_Tray.exe

2656 F:\iTunes7\iTunesHelper.exe

3972 C:\Program Files\AVAST Software\Avast\AvastUI.exe

3012 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2380 F:\Free Download Manager\fdm.exe

2572 F:\MagicDisc\MagicDisc.exe

1144 C:\Program Files\iPod\bin\iPodService.exe

3128 C:\Program Files\Windows Media Player\wmpnetwk.exe

6100 C:\Windows\System32\ctfmon.exe

1680 C:\Windows\System32\notepad.exe

1276 F:\Squeezebox\SqueezeTray.exe

1676 F:\SQUEEZ~1\server\SQUEEZ~3.EXE

5932 C:\Program Files\Internet Explorer\iexplore.exe

4604 C:\Program Files\Internet Explorer\iexplore.exe

3032 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

5828 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe

4680 WmiPrvSE.exe

772 C:\Program Files\Internet Explorer\iexplore.exe

3988 C:\Windows\System32\SearchProtocolHost.exe

3448 C:\Windows\System32\SearchFilterHost.exe

5688 C:\Windows\System32\audiodg.exe

4256 C:\Users\james\Desktop\MBRCheck.exe

5924 C:\Windows\System32\conhost.exe

4328 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00103e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

\\.\G: --> \\.\PhysicalDrive5 at offset 0x0000000c`0cbf3000 (NTFS)

\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000 (NTFS)

\\.\L: --> \\.\PhysicalDrive4 at offset 0x00000000`08100000 (NTFS)

PhysicalDrive3 Model Number: STT_FTM64GX25H, Rev: 1571

PhysicalDrive0 Model Number: ST3400633A, Rev: 3.AAH

PhysicalDrive5 Model Number: WDC WD16, Rev: 10.0

PhysicalDrive1 Model Number: WDC WD5000AAKS-65YGA, Rev: 12.0

PhysicalDrive2 Model Number: WDC WD10EALS-00Z8A0, Rev: 05.0

PhysicalDrive4 Model Number: WDC WD20EARS-00MVWB0, Rev: 50.0

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive3

Share this post


Link to post
Share on other sites

Ran MBRcheck again, this time the window indicated it was finished, hit enter to close. Hit enter, it flashed not responding, then blue screened. At least this time the bios still recognizes the ssd boot drive. Here is the log, I had deleted the previous one. This one looks similar. I do have a ramdrive set up (drive letter R), I wonder if that is an issue with this?

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: MSI

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: MSI

System Product Name: MS-7350

Logical Drives Mask: 0x00020cfc

Kernel Drivers (total 162):

0x83401000 \SystemRoot\system32\ntkrnlpa.exe

0x83811000 \SystemRoot\system32\halmacpi.dll

0x80BD4000 \SystemRoot\system32\kdcom.dll

0x83A38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x83AB0000 \SystemRoot\system32\PSHED.dll

0x83AC1000 \SystemRoot\system32\BOOTVID.dll

0x83AC9000 \SystemRoot\system32\CLFS.SYS

0x83B0B000 \SystemRoot\system32\CI.dll

0x84021000 \SystemRoot\system32\drivers\Wdf01000.sys

0x84092000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x840A0000 \SystemRoot\system32\drivers\Partizan.sys

0x840A8000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x840F0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x840F9000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x84101000 \SystemRoot\system32\DRIVERS\pci.sys

0x8412B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x84136000 \SystemRoot\System32\drivers\partmgr.sys

0x84147000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x84157000 \SystemRoot\System32\drivers\volmgrx.sys

0x841A2000 \SystemRoot\system32\DRIVERS\pciide.sys

0x841A9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x841B7000 \SystemRoot\System32\drivers\mountmgr.sys

0x841CD000 \SystemRoot\system32\DRIVERS\atapi.sys

0x841D6000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x83BB6000 \SystemRoot\system32\DRIVERS\nvstor.sys

0x8420A000 \SystemRoot\system32\DRIVERS\storport.sys

0x84251000 \SystemRoot\system32\DRIVERS\SscRdBus.sys

0x84264000 \SystemRoot\system32\DRIVERS\vsmraid.sys

0x84289000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x84292000 \SystemRoot\system32\DRIVERS\SscRdCls.sys

0x8429F000 \SystemRoot\system32\drivers\fltmgr.sys

0x842D3000 \SystemRoot\system32\drivers\fileinfo.sys

0x842E4000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8BC3A000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BD69000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BD94000 \SystemRoot\System32\Drivers\ksecdd.sys

0x842ED000 \SystemRoot\System32\Drivers\cng.sys

0x8BDA7000 \SystemRoot\System32\drivers\pcw.sys

0x8BDB5000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BE03000 \SystemRoot\system32\drivers\ndis.sys

0x8BEBA000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BEF8000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8C033000 \SystemRoot\System32\drivers\tcpip.sys

0x8C17C000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C1AD000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8C1B6000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8C1F5000 \SystemRoot\System32\Drivers\spldr.sys

0x8C000000 \SystemRoot\System32\drivers\rdyboost.sys

0x8BF1D000 \SystemRoot\System32\Drivers\mup.sys

0x8BF2D000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BF35000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8BF67000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BF78000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BDBE000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8434A000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x8BFEA000 \SystemRoot\System32\Drivers\Null.SYS

0x8BFF1000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BDDD000 \SystemRoot\System32\drivers\vga.sys

0x8BC00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8BC21000 \SystemRoot\System32\drivers\watchdog.sys

0x8BFF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8BC2E000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8BDE9000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8BDF1000 \SystemRoot\System32\Drivers\Msfs.SYS

0x843A8000 \SystemRoot\System32\Drivers\Npfs.SYS

0x843B6000 \SystemRoot\system32\DRIVERS\tdx.sys

0x843CD000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x843D8000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x83A00000 \SystemRoot\System32\DRIVERS\netbt.sys

0x91A2D000 \SystemRoot\system32\drivers\afd.sys

0x91A87000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x91A8C000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x91A93000 \SystemRoot\system32\DRIVERS\pacer.sys

0x91AB2000 \SystemRoot\system32\DRIVERS\netbios.sys

0x91AC0000 \SystemRoot\system32\DRIVERS\serial.sys

0x91ADA000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x91AED000 \SystemRoot\system32\DRIVERS\termdd.sys

0x91AFD000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x91B3E000 \SystemRoot\system32\drivers\nsiproxy.sys

0x91B48000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x91B52000 \SystemRoot\System32\drivers\discache.sys

0x91B5E000 \SystemRoot\system32\drivers\csc.sys

0x91BC2000 \SystemRoot\System32\Drivers\dfsc.sys

0x91BDA000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x91C3D000 \SystemRoot\System32\Drivers\aswSP.SYS

0x91C85000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x91CA6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x92E23000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x91CB8000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x93789000 \SystemRoot\System32\drivers\dxgmms1.sys

0x937C2000 \SystemRoot\system32\DRIVERS\serenum.sys

0x937CC000 \SystemRoot\system32\DRIVERS\parport.sys

0x937E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x92E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x92E0D000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x91D6F000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x91D79000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x91DC4000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x92E1A000 \SystemRoot\System32\DRIVERS\dvd43llh.sys

0x91DD3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x91C00000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x91DD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x9248F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x9249C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x924AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x924C6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x924D1000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x924F3000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x9250B000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x92522000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x92539000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x92543000 \SystemRoot\system32\DRIVERS\mcdbus.sys

0x92560000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x92586000 \SystemRoot\system32\DRIVERS\swenum.sys

0x92588000 \SystemRoot\system32\DRIVERS\ks.sys

0x925BC000 \SystemRoot\system32\DRIVERS\umbus.sys

0x92803000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x92847000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x93C1C000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x93EA5000 \SystemRoot\system32\drivers\portcls.sys

0x93ED4000 \SystemRoot\system32\drivers\drmk.sys

0x93EED000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x93F03000 \SystemRoot\System32\Drivers\crashdmp.sys

0x93F10000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x93F1A000 \SystemRoot\System32\Drivers\dump_nvstor.sys

0x93F3F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x98100000 \SystemRoot\System32\win32k.sys

0x93F50000 \SystemRoot\System32\drivers\Dxapi.sys

0x93F5A000 \SystemRoot\system32\DRIVERS\monitor.sys

0x98360000 \SystemRoot\System32\TSDDD.dll

0x98390000 \SystemRoot\System32\cdd.dll

0x93F65000 \SystemRoot\system32\drivers\luafv.sys

0x93F80000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x93FB8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x93FBB000 \SystemRoot\system32\drivers\WudfPf.sys

0x93FD5000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x93FE5000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x92858000 \SystemRoot\system32\drivers\HTTP.sys

0x93C00000 \SystemRoot\system32\DRIVERS\bowser.sys

0x928DD000 \SystemRoot\System32\drivers\mpsdrv.sys

0x928EF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x92912000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9294D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x93FF8000 \SystemRoot\system32\DRIVERS\parvdm.sys

0x92968000 \SystemRoot\system32\drivers\peauth.sys

0x925CA000 \SystemRoot\System32\Drivers\secdrv.SYS

0x925D4000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x92400000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA0629000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA0678000 \SystemRoot\System32\DRIVERS\srv.sys

0xA06C9000 \SystemRoot\System32\drivers\rdpdr.sys

0xA06EE000 \SystemRoot\system32\drivers\tdtcp.sys

0xA06F8000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0xA0705000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xA0736000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA07C1000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x9240D000 \SystemRoot\system32\DRIVERS\nvm62x32.sys

0xA07CA000 \SystemRoot\System32\Drivers\fastfat.SYS

0xA0757000 \SystemRoot\system32\DRIVERS\udfs.sys

0x76FA0000 \Windows\System32\ntdll.dll

0x484E0000 \Windows\System32\smss.exe

0x771E0000 \Windows\System32\apisetschema.dll

Processes (total 61):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

456 csrss.exe

504 C:\Windows\System32\wininit.exe

512 csrss.exe

564 C:\Windows\System32\services.exe

572 C:\Windows\System32\lsass.exe

580 C:\Windows\System32\lsm.exe

604 C:\Windows\System32\winlogon.exe

724 C:\Windows\System32\svchost.exe

836 C:\Windows\System32\svchost.exe

920 C:\Windows\System32\svchost.exe

976 C:\Windows\System32\svchost.exe

1008 C:\Windows\System32\svchost.exe

1176 C:\Windows\System32\svchost.exe

1344 C:\Windows\System32\svchost.exe

1448 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

1760 C:\Windows\System32\spoolsv.exe

1772 C:\Windows\System32\taskeng.exe

1812 C:\Windows\System32\svchost.exe

1856 C:\Windows\System32\rundll32.exe

1944 C:\Windows\System32\svchost.exe

1964 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2012 C:\Program Files\Bonjour\mDNSResponder.exe

180 C:\Windows\System32\svchost.exe

412 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

1276 C:\Windows\System32\PnkBstrA.exe

1044 C:\Windows\System32\taskhost.exe

2104 C:\Windows\System32\taskeng.exe

2120 C:\Windows\System32\dwm.exe

2208 C:\Windows\explorer.exe

2288 F:\UnHackMe\hackmon.exe

2420 C:\Windows\System32\PnkBstrB.exe

2448 F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

2484 C:\Windows\System32\svchost.exe

2524 C:\Windows\System32\svchost.exe

2576 C:\Windows\System32\SearchIndexer.exe

3340 WUDFHost.exe

3460 C:\Windows\System32\svchost.exe

2892 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

3204 C:\Program Files\dvd43\DVD43_Tray.exe

3480 F:\iTunes7\iTunesHelper.exe

516 C:\Program Files\AVAST Software\Avast\AvastUI.exe

752 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

3748 F:\Free Download Manager\fdm.exe

3132 F:\MagicDisc\MagicDisc.exe

3892 C:\Program Files\iPod\bin\iPodService.exe

3900 C:\Program Files\Windows Media Player\wmpnetwk.exe

4280 C:\Windows\System32\svchost.exe

5700 F:\Squeezebox\SqueezeTray.exe

4404 F:\SQUEEZ~1\server\SQUEEZ~3.EXE

4664 C:\Windows\System32\svchost.exe

4272 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

4852 C:\Windows\System32\SearchProtocolHost.exe

3504 C:\Windows\System32\SearchFilterHost.exe

4020 C:\Windows\System32\audiodg.exe

3468 C:\Windows\System32\ctfmon.exe

4836 C:\Users\james\Desktop\MBRCheck.exe

5468 C:\Windows\System32\conhost.exe

1768 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00103e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

\\.\G: --> \\.\PhysicalDrive5 at offset 0x0000000c`0cbf3000 (NTFS)

\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000 (NTFS)

\\.\L: --> \\.\PhysicalDrive4 at offset 0x00000000`08100000 (NTFS)

PhysicalDrive3 Model Number: STT_FTM64GX25H, Rev: 1571

PhysicalDrive0 Model Number: ST3400633A, Rev: 3.AAH

PhysicalDrive5 Model Number: WDC WD16, Rev: 10.0

PhysicalDrive1 Model Number: WDC WD5000AAKS-65YGA, Rev: 12.0

PhysicalDrive2 Model Number: WDC WD10EALS-00Z8A0, Rev: 05.0

PhysicalDrive4 Model Number: WDC WD20EARS-00MVWB0, Rev: 50.0

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive3

Share this post


Link to post
Share on other sites

Are you sure that you copy the entire log file? Please attach it this time.

Share this post


Link to post
Share on other sites

Hmm.... I really don't understand.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------



  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Share this post


Link to post
Share on other sites

Glad to change tactics. :) Even tried MBRcheck in safe mode, instant crash, 4 power cycles to get the bios to see the boot drive again.

DLed combofix as combo-fix to desktop. Ran. Combofix popup: Avg running please disable. Cannot find any trace of AVG to disable, continued. Combofix does it's thing, here is the log:

ComboFix 11-04-02.05 - james 04/03/2011 9:17:42.4.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2130 [GMT -7:00]

Running from: C:\Users\james\Desktop\Combo-Fix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

R:\Temp\catchme.dll

R:\temp\F2C6.tmp

R:\Temp\pdk-james-5248\20252d6e001ae3774b425e81ba09b666\Fcntl.dll

R:\temp\pdk-james-5248\2076671ee5d0a5323570c92c74abac6f\Process.dll

R:\Temp\pdk-james-5248\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll

R:\Temp\pdk-james-5248\23fe5d76b9491fa255db2281ac7687d5\Service.dll

R:\temp\pdk-james-5248\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll

R:\temp\pdk-james-5248\6a834a555edd63cb8706466e7c1666f2\Hostname.dll

R:\temp\pdk-james-5248\7020d50af327e3fc94b98242c307fc81\Cwd.dll

R:\Temp\pdk-james-5248\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll

R:\temp\pdk-james-5248\855297e7b4b860331fdbdd53426f5e15\Dumper.dll

R:\Temp\pdk-james-5248\86351894c58e4804ca004825fea78bbb\Encode.dll

R:\Temp\pdk-james-5248\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll

R:\Temp\pdk-james-5248\b7b4505cb0a127c242f14d779e410e03\POSIX.dll

R:\Temp\pdk-james-5248\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll

R:\Temp\pdk-james-5248\f48694173221cfa9bad4275e2389b498\Win32.dll

R:\temp\pdk-james-5248\perl510.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_WMPNetworkSvc

((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))

2011-04-03 16:21:38 . 2011-04-03 16:21:38 -------- d-----w- C:\Users\Karen\AppData\Local\temp

2011-04-03 16:21:38 . 2011-04-03 16:21:38 -------- d-----w- C:\Users\james\AppData\Local\temp

2011-04-03 16:21:38 . 2011-04-03 16:21:38 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-03-30 07:08:50 . 2011-03-30 07:23:21 -------- d-----w- C:\23

2011-03-30 01:31:59 . 2010-12-21 05:38:24 73728 ----a-w- C:\Windows\system32\wscsvc.dll

2011-03-29 06:51:52 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys

2011-03-29 06:51:52 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys

2011-03-29 06:51:52 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys

2011-03-29 06:51:52 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys

2011-03-29 06:51:52 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys

2011-03-29 06:51:52 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys

2011-03-29 06:51:42 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr

2011-03-29 06:51:42 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe

2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\ProgramData\AVAST Software

2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\Program Files\AVAST Software

2011-03-29 06:06:05 . 2011-04-03 16:05:35 -------- d-----w- C:\TEMP

2011-03-29 05:25:19 . 2011-03-29 05:25:19 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes

2011-03-29 05:25:17 . 2011-03-29 05:25:17 -------- d-----w- C:\Users\Karen\AppData\Local\Apple Computer

2011-03-29 05:19:20 . 2011-03-29 05:19:20 -------- d-----w- C:\Program Files\CCleaner

2011-03-28 05:34:25 . 2011-03-30 15:22:59 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys

2011-03-28 05:29:09 . 2011-03-28 05:29:09 39192 ----a-w- C:\Windows\system32\Partizan.exe

2011-03-28 05:29:09 . 2011-03-28 05:29:09 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys

2011-03-28 05:29:07 . 2011-03-28 05:29:07 2 --shatr- C:\Windows\winstart.bat

2011-03-28 05:29:05 . 2011-03-16 21:50:18 12808 ----a-w- C:\Windows\system32\drivers\UnHackMeDrv.sys

2011-03-27 22:04:32 . 2011-03-27 22:04:32 -------- d-----w- C:\Users\james\AppData\Roaming\Malwarebytes

2011-03-27 22:04:30 . 2011-03-27 22:04:30 -------- d-----w- C:\ProgramData\Malwarebytes

2011-03-27 22:04:30 . 2010-12-21 01:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys

2011-03-27 22:04:27 . 2010-12-21 01:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-03-27 21:45:37 . 2011-03-29 05:16:48 16968 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys

2011-03-27 21:45:35 . 2011-03-27 21:45:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-03-27 21:45:15 . 2011-03-27 21:49:15 -------- d-----w- C:\ProgramData\Hitman Pro

2011-03-26 23:36:16 . 2011-03-27 18:40:22 0 ----a-w- C:\Users\james\AppData\Local\Esixuka.bin

2011-03-26 23:22:21 . 2011-03-26 23:22:21 149504 --sha-r- C:\Windows\system32\KBDBENEY.dll

2011-03-26 23:14:52 . 2011-03-26 23:14:52 -------- d-----w- C:\Users\james\AppData\Roaming\GARMIN

2011-03-26 23:14:12 . 2011-03-28 02:45:20 -------- d-----w- C:\WebUpdater

2011-03-26 23:13:51 . 2011-03-26 23:14:18 -------- d-----w- C:\Garmin

2011-03-14 16:42:48 . 2011-03-14 16:42:48 -------- d--h--w- C:\ProgramData\Common Files

2011-03-09 17:01:21 . 2011-03-09 17:01:21 -------- d-----w- C:\Program Files\Bonjour

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-19 00:36:58 . 2011-02-19 00:36:58 41984 ----a-w- C:\Windows\system32\drivers\usbaapl.sys

2011-02-19 00:36:58 . 2011-02-19 00:36:58 4184352 ----a-w- C:\Windows\system32\usbaaplrc.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-14 16:35:34 39408]

"Steam"="F:\Steam\Steam.exe" [2010-12-27 00:20:08 1242448]

"Free Download Manager"="F:\Free Download Manager\fdm.exe" [2009-01-31 10:45:14 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-14 16:35:33 122880]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 03:21:50 7625248]

"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-11-18 01:50:14 827904]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 01:17:16 47904]

"iTunesHelper"="F:\iTunes7\iTunesHelper.exe" [2011-03-07 23:33:40 421160]

"Malwarebytes' Anti-Malware (reboot)"="F:\Malwarebytes\mbam.exe" [2010-12-21 01:08:46 963976]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496]

C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - F:\MagicDisc\MagicDisc.exe [2011-1-28 576000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-18 67128]

Squeezebox Server Tray Tool.lnk - F:\Squeezebox\SqueezeTray.exe [2009-11-12 2351191]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384]

R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:24 136176]

R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-03-30 15:22:59 24416]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;F:\Sandra Benchmark\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 20:34:40 93848]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 11:00:13 1343400]

S0 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-03-28 05:29:09 35816]

S0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 16:24:00 67608]

S0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdCls.sys [2007-12-20 02:22:16 40984]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592]

S2 SqueezeMySQL;SqueezeMySQL;F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 21:18:02 4149248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

Contents of the 'Scheduled Tasks' folder

2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24]

2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\wf24yb9q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\james\AppData\Roaming\Move Networks

FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

f:\UnHackMe\hackmon.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

**************************************************************************

Completion time: 2011-04-03 09:24:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-03 16:24:46

ComboFix2.txt 2011-03-30 07:22:51

Pre-Run: 38,492,540,928 bytes free

Post-Run: 38,224,654,336 bytes free

- - End Of File - - 64743F67FD966A2DBE5436FEC4163ED3

Share this post


Link to post
Share on other sites

Please visit www.virustotal.com and upload the following file:

C:\Windows\system32\KBDBENEY.dll

Please post the result in your next reply.

Share this post


Link to post
Share on other sites

I can't see that dll to upload it. Closest visable is KBDBENE.dll in the system32 folder. I have show hidden turned on. A search of C:\ for KBDB does not show it either.

Share this post


Link to post
Share on other sites

Thanks!

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=80038

SecCenter::
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

Collect::[8]
C:\Windows\system32\KBDBENEY.dll

File::
C:\Users\james\AppData\Local\Esixuka.bin

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Share this post


Link to post
Share on other sites

it hung the first time on reboot, so I repeated the process as described

ComboFix 11-04-03.01 - james 04/03/2011 13:23:40.6.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2272 [GMT -7:00]

Running from: C:\Users\james\Desktop\Combo-Fix.exe

Command switches used :: C:\Users\james\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

FILE ::

"C:\Users\james\AppData\Local\Esixuka.bin"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

R:\Temp\catchme.dll

R:\Temp\CFB.tmp

---- Previous Run -------

C:\Users\james\AppData\Local\Esixuka.bin

C:\Windows\system32\KBDBENEY.dll

R:\Temp\catchme.dll

((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))

2011-04-03 20:27:33 . 2011-04-03 20:27:33 -------- d-----w- C:\Users\Karen\AppData\Local\temp

2011-04-03 20:27:33 . 2011-04-03 20:27:33 -------- d-----w- C:\Users\james\AppData\Local\temp

2011-04-03 20:27:33 . 2011-04-03 20:27:33 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-04-03 19:35:59 . 2011-04-03 20:22:25 -------- d-----w- C:\Combo-Fix

2011-03-30 07:08:50 . 2011-03-30 07:23:21 -------- d-----w- C:\23

2011-03-30 01:31:59 . 2010-12-21 05:38:24 73728 ----a-w- C:\Windows\system32\wscsvc.dll

2011-03-29 06:51:52 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys

2011-03-29 06:51:52 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys

2011-03-29 06:51:52 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys

2011-03-29 06:51:52 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys

2011-03-29 06:51:52 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys

2011-03-29 06:51:52 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys

2011-03-29 06:51:42 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr

2011-03-29 06:51:42 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe

2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\ProgramData\AVAST Software

2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\Program Files\AVAST Software

2011-03-29 06:06:05 . 2011-04-03 20:29:27 -------- d-----w- C:\TEMP

2011-03-29 05:25:19 . 2011-03-29 05:25:19 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes

2011-03-29 05:25:17 . 2011-03-29 05:25:17 -------- d-----w- C:\Users\Karen\AppData\Local\Apple Computer

2011-03-29 05:19:20 . 2011-03-29 05:19:20 -------- d-----w- C:\Program Files\CCleaner

2011-03-28 05:34:25 . 2011-03-30 15:22:59 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys

2011-03-28 05:29:09 . 2011-03-28 05:29:09 39192 ----a-w- C:\Windows\system32\Partizan.exe

2011-03-28 05:29:09 . 2011-03-28 05:29:09 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys

2011-03-28 05:29:07 . 2011-03-28 05:29:07 2 --shatr- C:\Windows\winstart.bat

2011-03-28 05:29:05 . 2011-03-16 21:50:18 12808 ----a-w- C:\Windows\system32\drivers\UnHackMeDrv.sys

2011-03-27 22:04:32 . 2011-03-27 22:04:32 -------- d-----w- C:\Users\james\AppData\Roaming\Malwarebytes

2011-03-27 22:04:30 . 2011-03-27 22:04:30 -------- d-----w- C:\ProgramData\Malwarebytes

2011-03-27 22:04:30 . 2010-12-21 01:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys

2011-03-27 22:04:27 . 2010-12-21 01:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-03-27 21:45:37 . 2011-03-29 05:16:48 16968 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys

2011-03-27 21:45:35 . 2011-03-27 21:45:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-03-27 21:45:15 . 2011-03-27 21:49:15 -------- d-----w- C:\ProgramData\Hitman Pro

2011-03-26 23:14:52 . 2011-03-26 23:14:52 -------- d-----w- C:\Users\james\AppData\Roaming\GARMIN

2011-03-26 23:14:12 . 2011-03-28 02:45:20 -------- d-----w- C:\WebUpdater

2011-03-26 23:13:51 . 2011-03-26 23:14:18 -------- d-----w- C:\Garmin

2011-03-14 16:42:48 . 2011-03-14 16:42:48 -------- d--h--w- C:\ProgramData\Common Files

2011-03-09 17:01:21 . 2011-03-09 17:01:21 -------- d-----w- C:\Program Files\Bonjour

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-19 00:36:58 . 2011-02-19 00:36:58 41984 ----a-w- C:\Windows\system32\drivers\usbaapl.sys

2011-02-19 00:36:58 . 2011-02-19 00:36:58 4184352 ----a-w- C:\Windows\system32\usbaaplrc.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-14 16:35:34 39408]

"Steam"="F:\Steam\Steam.exe" [2010-12-27 00:20:08 1242448]

"Free Download Manager"="F:\Free Download Manager\fdm.exe" [2009-01-31 10:45:14 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-14 16:35:33 122880]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 03:21:50 7625248]

"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-11-18 01:50:14 827904]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 01:17:16 47904]

"iTunesHelper"="F:\iTunes7\iTunesHelper.exe" [2011-03-07 23:33:40 421160]

"Malwarebytes' Anti-Malware (reboot)"="F:\Malwarebytes\mbam.exe" [2010-12-21 01:08:46 963976]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496]

C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - F:\MagicDisc\MagicDisc.exe [2011-1-28 576000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-18 67128]

Squeezebox Server Tray Tool.lnk - F:\Squeezebox\SqueezeTray.exe [2009-11-12 2351191]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384]

R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:24 136176]

R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-03-30 15:22:59 24416]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;F:\Sandra Benchmark\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 20:34:40 93848]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 11:00:13 1343400]

S0 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-03-28 05:29:09 35816]

S0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 16:24:00 67608]

S0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdCls.sys [2007-12-20 02:22:16 40984]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592]

S2 SqueezeMySQL;SqueezeMySQL;F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 21:18:02 4149248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

Contents of the 'Scheduled Tasks' folder

2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24]

2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\wf24yb9q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\james\AppData\Roaming\Move Networks

FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

f:\UnHackMe\hackmon.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\DllHost.exe

**************************************************************************

Completion time: 2011-04-03 13:32:21 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-03 20:32:14

ComboFix2.txt 2011-04-03 16:24:51

ComboFix3.txt 2011-03-30 07:22:51

Pre-Run: 38,368,309,248 bytes free

Post-Run: 38,216,839,168 bytes free

- - End Of File - - C413F35C359854AE423669E26AC106ED

Share this post


Link to post
Share on other sites

Please re-run MBRCheck and post the log file.

Share this post


Link to post
Share on other sites

Freezes when it gets to "59 GB \\.\PhysicalDrive3." At least the bios didn't lose track of the boot drive on reboot this time. :)

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: MSI

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: MSI

System Product Name: MS-7350

Logical Drives Mask: 0x00020cfc

Kernel Drivers (total 160):

0x83403000 \SystemRoot\system32\ntkrnlpa.exe

0x83813000 \SystemRoot\system32\halmacpi.dll

0x80BA2000 \SystemRoot\system32\kdcom.dll

0x83A33000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x83AAB000 \SystemRoot\system32\PSHED.dll

0x83ABC000 \SystemRoot\system32\BOOTVID.dll

0x83AC4000 \SystemRoot\system32\CLFS.SYS

0x83B06000 \SystemRoot\system32\CI.dll

0x84009000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8407A000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x84088000 \SystemRoot\system32\drivers\Partizan.sys

0x84090000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x840D8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x840E1000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x840E9000 \SystemRoot\system32\DRIVERS\pci.sys

0x84113000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8411E000 \SystemRoot\System32\drivers\partmgr.sys

0x8412F000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8413F000 \SystemRoot\System32\drivers\volmgrx.sys

0x8418A000 \SystemRoot\system32\DRIVERS\pciide.sys

0x84191000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x8419F000 \SystemRoot\System32\drivers\mountmgr.sys

0x841B5000 \SystemRoot\system32\DRIVERS\atapi.sys

0x841BE000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x83BB1000 \SystemRoot\system32\DRIVERS\nvstor.sys

0x84214000 \SystemRoot\system32\DRIVERS\storport.sys

0x8425B000 \SystemRoot\system32\DRIVERS\SscRdBus.sys

0x8426E000 \SystemRoot\system32\DRIVERS\vsmraid.sys

0x84293000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x8429C000 \SystemRoot\system32\DRIVERS\SscRdCls.sys

0x842A9000 \SystemRoot\system32\drivers\fltmgr.sys

0x842DD000 \SystemRoot\system32\drivers\fileinfo.sys

0x842EE000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8BA00000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BB2F000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BB5A000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BB6D000 \SystemRoot\System32\Drivers\cng.sys

0x8BBCA000 \SystemRoot\System32\drivers\pcw.sys

0x8BBD8000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x842F7000 \SystemRoot\system32\drivers\ndis.sys

0x843AE000 \SystemRoot\system32\drivers\NETIO.SYS

0x83BD6000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8BC0C000 \SystemRoot\System32\drivers\tcpip.sys

0x8BD55000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8BD86000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8BD8F000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8BDCE000 \SystemRoot\System32\Drivers\spldr.sys

0x83A00000 \SystemRoot\System32\drivers\rdyboost.sys

0x8BDD6000 \SystemRoot\System32\Drivers\mup.sys

0x8BDE6000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BE17000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8BE49000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BE5A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BECC000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8BEEB000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x8BF49000 \SystemRoot\System32\Drivers\Null.SYS

0x8BF50000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BF57000 \SystemRoot\System32\drivers\vga.sys

0x8BF63000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8BF84000 \SystemRoot\System32\drivers\watchdog.sys

0x8BF91000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8BF99000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8BFA1000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8BFA9000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8BFB4000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8BFC2000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8BFD9000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8BFE4000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x91810000 \SystemRoot\System32\DRIVERS\netbt.sys

0x91842000 \SystemRoot\system32\drivers\afd.sys

0x9189C000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x918A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x918A8000 \SystemRoot\system32\DRIVERS\pacer.sys

0x918C7000 \SystemRoot\system32\DRIVERS\netbios.sys

0x918D5000 \SystemRoot\system32\DRIVERS\serial.sys

0x918EF000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x91902000 \SystemRoot\system32\DRIVERS\termdd.sys

0x91912000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x91953000 \SystemRoot\system32\drivers\nsiproxy.sys

0x9195D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x91967000 \SystemRoot\System32\drivers\discache.sys

0x91973000 \SystemRoot\system32\drivers\csc.sys

0x919D7000 \SystemRoot\System32\Drivers\dfsc.sys

0x919EF000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x91A11000 \SystemRoot\System32\Drivers\aswSP.SYS

0x91A59000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x91A7A000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x92C2A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x91A8C000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x93590000 \SystemRoot\System32\drivers\dxgmms1.sys

0x935C9000 \SystemRoot\system32\DRIVERS\serenum.sys

0x935D3000 \SystemRoot\system32\DRIVERS\parport.sys

0x92C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x92C18000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x935EB000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x91B43000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x91B4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x91B98000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x935F8000 \SystemRoot\System32\DRIVERS\dvd43llh.sys

0x91BA7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x91BAD000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x91BD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x92427000 \SystemRoot\system32\DRIVERS\nvm62x32.sys

0x9247C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x92489000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x9249B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x924B3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x924BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x924E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x924F8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x9250F000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x92526000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x92530000 \SystemRoot\system32\DRIVERS\mcdbus.sys

0x9254D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x92573000 \SystemRoot\system32\DRIVERS\swenum.sys

0x92575000 \SystemRoot\system32\DRIVERS\ks.sys

0x925A9000 \SystemRoot\system32\DRIVERS\umbus.sys

0x925B7000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x92400000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x92619000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x928A2000 \SystemRoot\system32\drivers\portcls.sys

0x928D1000 \SystemRoot\system32\drivers\drmk.sys

0x928EA000 \SystemRoot\System32\Drivers\crashdmp.sys

0x928F7000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x92901000 \SystemRoot\System32\Drivers\dump_nvstor.sys

0x92926000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x978C0000 \SystemRoot\System32\win32k.sys

0x92937000 \SystemRoot\System32\drivers\Dxapi.sys

0x92941000 \SystemRoot\system32\DRIVERS\monitor.sys

0x97B20000 \SystemRoot\System32\TSDDD.dll

0x97B50000 \SystemRoot\System32\cdd.dll

0x9294C000 \SystemRoot\system32\drivers\luafv.sys

0x92967000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x9299F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x929A2000 \SystemRoot\system32\drivers\WudfPf.sys

0x929BC000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x929CC000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9DC12000 \SystemRoot\system32\drivers\HTTP.sys

0x9DC97000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9DCB0000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9DCC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9DCE5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x9DD20000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x9DD3B000 \SystemRoot\system32\DRIVERS\parvdm.sys

0x9DD42000 \SystemRoot\system32\drivers\peauth.sys

0x9DDD9000 \SystemRoot\System32\Drivers\secdrv.SYS

0x929DF000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9DDE3000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA080A000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA0859000 \SystemRoot\System32\DRIVERS\srv.sys

0xA08AA000 \SystemRoot\System32\drivers\rdpdr.sys

0xA08CF000 \SystemRoot\system32\drivers\tdtcp.sys

0xA08D9000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0xA08E6000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xA0917000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA09A2000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xA09AB000 \SystemRoot\System32\Drivers\fastfat.SYS

0x774B0000 \Windows\System32\ntdll.dll

0x47F20000 \Windows\System32\smss.exe

0x776F0000 \Windows\System32\apisetschema.dll

Processes (total 65):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

456 csrss.exe

508 C:\Windows\System32\wininit.exe

516 csrss.exe

568 C:\Windows\System32\services.exe

576 C:\Windows\System32\lsass.exe

592 C:\Windows\System32\lsm.exe

608 C:\Windows\System32\winlogon.exe

724 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\svchost.exe

916 C:\Windows\System32\svchost.exe

988 C:\Windows\System32\svchost.exe

1024 C:\Windows\System32\svchost.exe

1184 C:\Windows\System32\svchost.exe

1348 C:\Windows\System32\svchost.exe

1456 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

1764 C:\Windows\System32\spoolsv.exe

1776 C:\Windows\System32\taskeng.exe

1812 C:\Windows\System32\svchost.exe

1872 C:\Windows\System32\rundll32.exe

1960 C:\Windows\System32\svchost.exe

1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2044 C:\Program Files\Bonjour\mDNSResponder.exe

388 C:\Windows\System32\svchost.exe

432 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

1280 C:\Windows\System32\PnkBstrA.exe

1268 C:\Windows\System32\PnkBstrB.exe

1396 F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

1924 C:\Windows\System32\svchost.exe

2064 C:\Windows\System32\svchost.exe

2104 C:\Windows\System32\SearchIndexer.exe

2984 C:\Windows\System32\svchost.exe

3072 WUDFHost.exe

2600 C:\Windows\System32\dwm.exe

2728 C:\Windows\System32\taskeng.exe

3176 C:\Windows\explorer.exe

1020 C:\Windows\System32\taskhost.exe

2720 F:\UnHackMe\hackmon.exe

3508 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

532 C:\Program Files\dvd43\DVD43_Tray.exe

3576 F:\iTunes7\iTunesHelper.exe

3584 C:\Program Files\AVAST Software\Avast\AvastUI.exe

1856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

3312 F:\Free Download Manager\fdm.exe

3652 F:\MagicDisc\MagicDisc.exe

3852 C:\Program Files\iPod\bin\iPodService.exe

2736 C:\Program Files\Windows Media Player\wmpnetwk.exe

1436 C:\Windows\System32\svchost.exe

5096 F:\Squeezebox\SqueezeTray.exe

3048 F:\SQUEEZ~1\server\SQUEEZ~3.EXE

4672 C:\Program Files\Internet Explorer\iexplore.exe

5204 C:\Program Files\Internet Explorer\iexplore.exe

232 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

5076 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe

6108 C:\Windows\System32\audiodg.exe

5804 C:\Windows\System32\SearchProtocolHost.exe

4352 C:\Windows\System32\SearchFilterHost.exe

3900 C:\Windows\System32\ctfmon.exe

3064 dllhost.exe

4744 dllhost.exe

6080 C:\Users\james\Desktop\MBRCheck.exe

5356 C:\Windows\System32\conhost.exe

3808 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00103e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

\\.\G: --> \\.\PhysicalDrive5 at offset 0x0000000c`0cbf3000 (NTFS)

\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000 (NTFS)

\\.\L: --> \\.\PhysicalDrive4 at offset 0x00000000`08100000 (NTFS)

PhysicalDrive3 Model Number: STT_FTM64GX25H, Rev: 1571

PhysicalDrive0 Model Number: ST3400633A, Rev: 3.AAH

PhysicalDrive5 Model Number: WDC WD16, Rev: 10.0

PhysicalDrive1 Model Number: WDC WD5000AAKS-65YGA, Rev: 12.0

PhysicalDrive2 Model Number: WDC WD10EALS-00Z8A0, Rev: 05.0

PhysicalDrive4 Model Number: WDC WD20EARS-00MVWB0, Rev: 50.0

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive3

Share this post


Link to post
Share on other sites

  1. Download mbr.exe to your Desktop.
  2. Doubleclick mbr.exe and follow prompts.
  3. When mbr.exe is ready, it will create a log.
  4. Copy and paste contents of that file to your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.