TechSpot

Iexplorer running twice and very very slowly!

By The OP
Dec 1, 2010
  1. Hi I am new to this site and already wanting to pick your brains! Internet explorer has started to run vey very slowly on my laptop under XP and seems to be listed twice in the processes tab of taskmanager. I have looked around here for some answers but so far without success.

    Any help greatfully received
    Matt...
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. The OP

    The OP TS Rookie Topic Starter

    Hi Broni Thanks for your assistance! The first log from Malwarebytes:

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    02/12/2010 11:36:44
    mbam-log-2010-12-02 (11-36-43).txt

    Scan type: Quick scan
    Objects scanned: 124797
    Time elapsed: 2 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. The OP

    The OP TS Rookie Topic Starter

    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-02 11:50:02
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AT_PL rev.000000A0
    Running: quc75fp4.exe; Driver: C:\DOCUME~1\Matthew\LOCALS~1\Temp\pwdorkow.sys


    ---- Devices - GMER 1.0.15 ----

    Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  5. The OP

    The OP TS Rookie Topic Starter

    I have downloaded the DDS software but when I try to run it it just opens notepad straight away with a whole page of script and does nothing else! any help gretafully received.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  7. The OP

    The OP TS Rookie Topic Starter

    Hi Broni,

    This is the TDSS report:-

    2010/12/03 18:30:32.0312 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
    2010/12/03 18:30:32.0312 ================================================================================
    2010/12/03 18:30:32.0312 SystemInfo:
    2010/12/03 18:30:32.0312
    2010/12/03 18:30:32.0312 OS Version: 5.1.2600 ServicePack: 2.0
    2010/12/03 18:30:32.0312 Product type: Workstation
    2010/12/03 18:30:32.0312 ComputerName: MATTLAPTOP
    2010/12/03 18:30:32.0312 UserName: Matthew
    2010/12/03 18:30:32.0312 Windows directory: C:\WINDOWS
    2010/12/03 18:30:32.0312 System windows directory: C:\WINDOWS
    2010/12/03 18:30:32.0312 Processor architecture: Intel x86
    2010/12/03 18:30:32.0312 Number of processors: 1
    2010/12/03 18:30:32.0312 Page size: 0x1000
    2010/12/03 18:30:32.0312 Boot type: Normal boot
    2010/12/03 18:30:32.0312 ================================================================================
    2010/12/03 18:30:32.0937 Initialize success
    2010/12/03 18:30:45.0515 ================================================================================
    2010/12/03 18:30:45.0515 Scan started
    2010/12/03 18:30:45.0515 Mode: Manual;
    2010/12/03 18:30:45.0515 ================================================================================
    2010/12/03 18:30:46.0578 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/03 18:30:46.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/12/03 18:30:47.0171 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/03 18:30:47.0406 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/03 18:30:48.0250 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2010/12/03 18:30:48.0718 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2010/12/03 18:30:49.0046 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/12/03 18:30:50.0718 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
    2010/12/03 18:30:50.0875 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/03 18:30:50.0968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/03 18:30:51.0265 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/03 18:30:51.0406 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/03 18:30:51.0640 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2010/12/03 18:30:51.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/03 18:30:52.0000 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    2010/12/03 18:30:52.0281 Cam5603C (75b5d1fbd7c6b3a107624ca6e34c30b5) C:\WINDOWS\system32\Drivers\Bs350u2.sys
    2010/12/03 18:30:52.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/03 18:30:52.0578 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/12/03 18:30:52.0781 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
    2010/12/03 18:30:53.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/03 18:30:53.0171 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/03 18:30:53.0375 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/03 18:30:53.0734 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/12/03 18:30:54.0109 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/12/03 18:30:54.0781 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/03 18:30:54.0937 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/03 18:30:55.0093 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/03 18:30:55.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/03 18:30:55.0328 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/03 18:30:55.0687 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/03 18:30:55.0859 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/03 18:30:55.0968 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/12/03 18:30:56.0156 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/03 18:30:56.0296 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/12/03 18:30:56.0359 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/03 18:30:56.0468 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/12/03 18:30:56.0609 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/12/03 18:30:56.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/03 18:30:56.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/03 18:30:56.0875 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    2010/12/03 18:30:57.0171 ghaio (108a784ff664a83329549e5883c84cfd) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    2010/12/03 18:30:57.0328 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/03 18:30:57.0562 GtTdiFltr (76360ae27cc97e462ff4e52b91d59e11) C:\WINDOWS\system32\drivers\GtTdiFltr.sys
    2010/12/03 18:30:57.0796 GTUHSBUS (3517b3e8bb7d27802ecd633e31aadf7b) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
    2010/12/03 18:30:58.0015 GTUHSNDISIPXP (770245ed20d62faeb34de4f1f4018708) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
    2010/12/03 18:30:58.0203 GTUHSOMS (e3d4f72f92dd9d4f6e93a3c005d6dcbf) C:\WINDOWS\system32\DRIVERS\gtuhsoms.sys
    2010/12/03 18:30:58.0375 GTUHSSER (25a80ada6ce5466aeb4a144cc8256990) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
    2010/12/03 18:30:58.0765 HSFHWSIS (084c5ea9445cb4b2f934ddf417d64b9e) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
    2010/12/03 18:30:59.0000 HSF_DP (7a7fbe994d1018be8cfd1ba7a028dbd3) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2010/12/03 18:30:59.0250 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/03 18:30:59.0750 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/03 18:31:00.0062 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101130.001\IDSxpx86.sys
    2010/12/03 18:31:00.0203 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/03 18:31:00.0718 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/12/03 18:31:00.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/03 18:31:00.0906 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/03 18:31:01.0046 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/03 18:31:01.0187 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/03 18:31:01.0343 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    2010/12/03 18:31:01.0484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/03 18:31:01.0640 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
    2010/12/03 18:31:01.0734 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/03 18:31:01.0875 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/03 18:31:02.0093 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/03 18:31:02.0296 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/03 18:31:02.0703 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
    2010/12/03 18:31:02.0859 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/12/03 18:31:02.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/03 18:31:03.0125 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/03 18:31:03.0281 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/03 18:31:03.0359 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/03 18:31:03.0640 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/03 18:31:03.0859 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/03 18:31:04.0015 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/03 18:31:04.0187 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/03 18:31:04.0343 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/03 18:31:04.0500 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/03 18:31:04.0625 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/03 18:31:04.0812 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/12/03 18:31:04.0984 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
    2010/12/03 18:31:05.0062 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/03 18:31:05.0265 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/12/03 18:31:05.0500 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101201.003\NAVENG.SYS
    2010/12/03 18:31:05.0671 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101201.003\NAVEX15.SYS
    2010/12/03 18:31:05.0859 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/03 18:31:06.0062 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/12/03 18:31:06.0140 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/03 18:31:06.0250 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/03 18:31:06.0359 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/03 18:31:06.0406 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/03 18:31:06.0500 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/03 18:31:06.0640 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/03 18:31:06.0828 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/12/03 18:31:06.0937 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/03 18:31:07.0109 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/03 18:31:07.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/03 18:31:07.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/03 18:31:07.0531 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/03 18:31:07.0671 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/12/03 18:31:07.0781 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/03 18:31:07.0843 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/03 18:31:07.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/03 18:31:08.0062 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/03 18:31:08.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/03 18:31:08.0453 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/12/03 18:31:09.0750 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/03 18:31:09.0906 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/12/03 18:31:10.0078 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/03 18:31:10.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/03 18:31:11.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/03 18:31:11.0265 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2010/12/03 18:31:11.0375 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/03 18:31:11.0468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/03 18:31:11.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/03 18:31:11.0640 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/03 18:31:11.0687 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/03 18:31:11.0875 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/03 18:31:12.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/03 18:31:12.0203 rmedia (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
    2010/12/03 18:31:12.0390 RTL8023xp (accaef9f58ae156772be67df148c5b3a) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    2010/12/03 18:31:12.0546 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/03 18:31:12.0671 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
    2010/12/03 18:31:12.0843 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/03 18:31:13.0234 SiS315 (8365751f9407ea612ea1e022292ffc9c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    2010/12/03 18:31:13.0406 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    2010/12/03 18:31:13.0625 SiSkp (5de3c5e923eaa435ab4b48ea87c99f71) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    2010/12/03 18:31:13.0812 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/12/03 18:31:14.0171 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/03 18:31:14.0343 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/03 18:31:14.0656 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
    2010/12/03 18:31:14.0875 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
    2010/12/03 18:31:15.0109 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/03 18:31:15.0312 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/12/03 18:31:15.0437 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/03 18:31:15.0656 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/03 18:31:16.0281 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
    2010/12/03 18:31:16.0484 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    2010/12/03 18:31:16.0750 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
    2010/12/03 18:31:16.0968 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
    2010/12/03 18:31:17.0187 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    2010/12/03 18:31:17.0218 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    2010/12/03 18:31:17.0406 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
    2010/12/03 18:31:17.0640 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    2010/12/03 18:31:18.0390 SynTP (55a7c2667ff752fabcae7e6b6df52a10) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2010/12/03 18:31:18.0578 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/03 18:31:18.0796 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/03 18:31:18.0984 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/03 18:31:19.0156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/03 18:31:19.0328 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/03 18:31:19.0703 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/03 18:31:20.0031 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/03 18:31:20.0234 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/03 18:31:20.0375 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/03 18:31:20.0531 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/12/03 18:31:20.0734 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/03 18:31:20.0859 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/03 18:31:21.0171 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/03 18:31:21.0296 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/03 18:31:21.0656 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/03 18:31:21.0843 winachsf (3abf96fc0e3ae1aa8ba21d8b5a9a745a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2010/12/03 18:31:22.0171 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/12/03 18:31:22.0421 ================================================================================
    2010/12/03 18:31:22.0421 Scan finished
    2010/12/03 18:31:22.0421 ================================================================================
     
  8. The OP

    The OP TS Rookie Topic Starter

    MBRcheck report:-

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806CE000 \WINDOWS\system32\hal.dll
    0xF7AC5000 \WINDOWS\system32\KDCOM.DLL
    0xF79D5000 \WINDOWS\system32\BOOTVID.dll
    0xF7496000 ACPI.sys
    0xF7AC7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7485000 pci.sys
    0xF75C5000 isapnp.sys
    0xF75D5000 ohci1394.sys
    0xF75E5000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF79D9000 compbatt.sys
    0xF79DD000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B8D000 pciide.sys
    0xF7845000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7467000 pcmcia.sys
    0xF75F5000 MountMgr.sys
    0xF7448000 ftdisk.sys
    0xF79E1000 ACPIEC.sys
    0xF7B8E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF784D000 PartMgr.sys
    0xF7605000 VolSnap.sys
    0xF7430000 atapi.sys
    0xF7615000 disk.sys
    0xF7625000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7411000 fltMgr.sys
    0xF73FF000 sr.sys
    0xF73B0000 SYMEFA.SYS
    0xF738D000 Fastfat.sys
    0xF7376000 KSecDD.sys
    0xF7349000 NDIS.sys
    0xF7635000 SISAGPX.sys
    0xF7338000 rmedia.sys
    0xF731D000 Mup.sys
    0xF7645000 gagp30kx.sys
    0xF7AC9000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
    0xF7296000 \SystemRoot\system32\DRIVERS\sisgrp.sys
    0xF7282000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7675000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF786D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7254000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7ACB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7875000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7685000 \SystemRoot\System32\Drivers\Serial.SYS
    0xF787D000 \SystemRoot\system32\DRIVERS\irsir.sys
    0xF7A59000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xF7240000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7695000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF76A5000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76B5000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF721D000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF71ED000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
    0xF70EF000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF7047000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF7885000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6E11000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xF6DED000 \SystemRoot\system32\drivers\portcls.sys
    0xF76C5000 \SystemRoot\system32\drivers\drmk.sys
    0xF788D000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF6DCA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7895000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6D6F000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF7A65000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF76D5000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xF7C58000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF789D000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xF78A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF76E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6D58000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76F5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7705000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF6CA7000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7715000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF78AD000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF78B5000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7725000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF78BD000 \SystemRoot\system32\DRIVERS\SymIM.sys
    0xF7ACD000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6C4B000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A79000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7735000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7765000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7AD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7C79000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7AD3000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF78DD000 \SystemRoot\System32\drivers\vga.sys
    0xF7AD5000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7AD7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF78E5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF78ED000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7AB1000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB16CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB1675000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB1641000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    0xB161C000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xF78F5000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
    0xB1607000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
    0xB15E6000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7775000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF78FD000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
    0xB158E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101130.001\IDSxpx86.sys
    0xB1566000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7AD9000 \SystemRoot\system32\drivers\GtTdiFltr.sys
    0xB1544000 \SystemRoot\System32\drivers\afd.sys
    0xF7785000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF77A5000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
    0xF72F9000 \SystemRoot\system32\DRIVERS\srvkp.sys
    0xB1518000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB14A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77B5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB13AB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xB138E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xB1313000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
    0xB12A9000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    0xB120D000 \SystemRoot\System32\Drivers\Bs350u2.sys
    0xF77D5000 \SystemRoot\System32\Drivers\STREAM.SYS
    0xF77E5000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB11F5000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7ADB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF6C97000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF791D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7B94000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\SiSGRV.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB102F000 \SystemRoot\system32\DRIVERS\irda.sys
    0xB10B5000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
    0xB10B1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB0E22000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB0F2B000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
    0xB0F23000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB0D2B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB0C4E000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB0EDF000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB07AE000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB0933000 \??\C:\WINDOWS\system32\ASNDIS5.SYS
    0xB0947000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xB00DE000 \??\C:\DOCUME~1\Matthew\LOCALS~1\Temp\pwdorkow.sys
    0xAFEDC000 \SystemRoot\system32\drivers\kmixer.sys
    0xF7B1B000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 39):
    0 System Idle Process
    4 System
    776 C:\WINDOWS\System32\SMSS.EXE
    880 csrss.exe
    904 C:\WINDOWS\System32\winlogon.exe
    948 C:\WINDOWS\System32\services.exe
    960 C:\WINDOWS\System32\lsass.exe
    1092 C:\WINDOWS\System32\svchost.exe
    1204 svchost.exe
    1260 C:\WINDOWS\System32\svchost.exe
    1380 svchost.exe
    1448 svchost.exe
    1844 C:\WINDOWS\System32\spoolsv.exe
    1912 svchost.exe
    200 C:\WINDOWS\System32\svchost.exe
    652 C:\WINDOWS\Explorer.EXE
    716 C:\Program Files\Google\Update\GoogleUpdate.exe
    1676 alg.exe
    212 C:\WINDOWS\ATK0100\HControl.exe
    332 C:\WINDOWS\SOUNDMAN.EXE
    348 C:\Program Files\ASUS\NB Probe\NBProbe.exe
    588 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    660 C:\WINDOWS\System32\rundll32.exe
    740 C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    812 C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe
    1396 C:\Program Files\Messenger\msmsgs.exe
    1420 C:\WINDOWS\ATK0100\ATKOSD.exe
    1324 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1584 C:\WINDOWS\System32\ctfmon.exe
    1656 C:\WINDOWS\System32\sistray.exe
    1684 C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
    3052 C:\WINDOWS\System32\wuauclt.exe
    2432 C:\WINDOWS\System32\svchost.exe
    1196 C:\Program Files\Internet Explorer\iexplore.exe
    2792 C:\Program Files\Internet Explorer\iexplore.exe
    1964 C:\WINDOWS\System32\wuauclt.exe
    3336 wmiprvse.exe
    2280 C:\Documents and Settings\Matthew\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`77226600 (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`94637e00 (FAT32)

    PhysicalDrive0 Model Number: FUJITSUMHV2060ATPL, Rev: 000000A0

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    All looks clean, so far :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Reopened on user request.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...