TechSpot

Multiple iexplorer.exe and audio ads

Solved
By Mandragora
Aug 11, 2010
  1. Lately I've noticed that my computer was running really slowly and also random clips of audio ads playing even when I didn't have a browser open. When I checked my task manager, I found multiple copies of iexplorer.exe running, even though I didn't have iexplorer open at the time (I use firefox). Whenever I try to end task one of them, it's like cutting off a head of the hydra because more just end up spawning.

    I saw some other posts in the forum with similar problems, but I didn't want to go ahead with any but the basic steps until I had some expert help.

    Thank you so much in advance!


    MBR LOG
    ------------------------------------------------
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: XPS M1530
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 158):
    0x8264E000 \SystemRoot\system32\ntkrnlpa.exe
    0x8261B000 \SystemRoot\system32\hal.dll
    0x80406000 \SystemRoot\system32\kdcom.dll
    0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8047D000 \SystemRoot\system32\PSHED.dll
    0x8048E000 \SystemRoot\system32\BOOTVID.dll
    0x80496000 \SystemRoot\system32\CLFS.SYS
    0x804D7000 \SystemRoot\system32\CI.dll
    0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80695000 \SystemRoot\System32\Drivers\spuy.sys
    0x80788000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x80791000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x807B7000 \SystemRoot\system32\drivers\acpi.sys
    0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
    0x805B7000 \SystemRoot\system32\drivers\pci.sys
    0x805DE000 \SystemRoot\System32\drivers\partmgr.sys
    0x80608000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x805ED000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x88408000 \SystemRoot\system32\drivers\volmgr.sys
    0x88417000 \SystemRoot\System32\drivers\volmgrx.sys
    0x88461000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x88468000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x88476000 \SystemRoot\system32\drivers\pciide.sys
    0x8847D000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8848D000 \SystemRoot\system32\drivers\iastorv.sys
    0x8852E000 \SystemRoot\system32\drivers\iastor.sys
    0x885F5000 \SystemRoot\system32\drivers\atapi.sys
    0x8860B000 \SystemRoot\system32\drivers\ataport.SYS
    0x88629000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8865B000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8866B000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x886DC000 \SystemRoot\system32\drivers\ndis.sys
    0x88805000 \SystemRoot\system32\drivers\msrpc.sys
    0x88830000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8886B000 \SystemRoot\System32\drivers\tcpip.sys
    0x88955000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88A0A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88B1A000 \SystemRoot\system32\drivers\volsnap.sys
    0x88B53000 \SystemRoot\System32\Drivers\spldr.sys
    0x88B5B000 \SystemRoot\System32\Drivers\mup.sys
    0x88B6A000 \SystemRoot\System32\drivers\ecache.sys
    0x88B91000 \SystemRoot\system32\drivers\disk.sys
    0x88BA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x88BC3000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8C6CF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8C6DA000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8C6E3000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8CA04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8D482000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8D484000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8D523000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D52F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8D53A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8D578000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C6F2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8D587000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x8D60E000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x8D83D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8D84D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8D85B000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8D875000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8D886000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8D89A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8D8EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8D8FF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8D92B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8D936000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8D941000 \SystemRoot\system32\drivers\Afc.sys
    0x8D949000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8D961000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8D967000 \SystemRoot\System32\Drivers\ayc80t00.SYS
    0x8D9A0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8D9A4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8D9AD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8C77F000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8D9DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8D9E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8D600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8D5CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8D5F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8C7C0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8C7D4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8C7E9000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8D60B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x88970000 \SystemRoot\system32\DRIVERS\ks.sys
    0x88BD9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x88BE3000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8899A000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x889CF000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FC04000 \SystemRoot\system32\drivers\stwrt.sys
    0x8FC59000 \SystemRoot\system32\drivers\portcls.sys
    0x8FC86000 \SystemRoot\system32\drivers\drmk.sys
    0x8FCAB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8FCC2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8FCC4000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
    0x8FCFE000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
    0x8FD00000 \SystemRoot\System32\Drivers\tcusb.sys
    0x8FD0A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8FD13000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8FD23000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8FD2A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8FD32000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FD3B000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FD42000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FD49000 \SystemRoot\System32\drivers\vga.sys
    0x8FD55000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FD76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FD7E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FD86000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FD91000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FD9F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FDA8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FDBE000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8FDC8000 \SystemRoot\system32\DRIVERS\smb.sys
    0x91A02000 \SystemRoot\system32\drivers\afd.sys
    0x91A4A000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x91A4F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x91A81000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x91A97000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x91AA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x91AB8000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x91AF4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91AFE000 \SystemRoot\System32\Drivers\dfsc.sys
    0x91B15000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x91B3C000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x91B77000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8C600000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x99650000 \SystemRoot\System32\win32k.sys
    0x91B84000 \SystemRoot\System32\drivers\Dxapi.sys
    0x91B8E000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x99870000 \SystemRoot\System32\TSDDD.dll
    0x99890000 \SystemRoot\System32\cdd.dll
    0x91B9D000 \SystemRoot\system32\drivers\luafv.sys
    0x91BB8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x91BCF000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9E807000 \SystemRoot\system32\drivers\spsys.sys
    0x9E8B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9E8C7000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9E8F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9E8FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9E90E000 \SystemRoot\system32\drivers\HTTP.sys
    0x9E97B000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9E998000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9E9B1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9E9C6000 \SystemRoot\system32\drivers\mrxdav.sys
    0x91BD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA1A09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA1A42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA1A5A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA1A81000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA1AE7000 \SystemRoot\system32\drivers\peauth.sys
    0xA1BC5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA1BCF000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA1ACF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9E9E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x779B0000 \Windows\System32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    464 C:\Windows\System32\smss.exe
    580 csrss.exe
    640 C:\Windows\System32\wininit.exe
    652 csrss.exe
    684 C:\Windows\System32\services.exe
    720 C:\Windows\System32\lsass.exe
    732 C:\Windows\System32\lsm.exe
    856 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\nvvsvc.exe
    948 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\winlogon.exe
    1192 C:\Windows\System32\audiodg.exe
    1224 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\SLsvc.exe
    1284 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\svchost.exe
    1568 C:\Windows\System32\nvvsvc.exe
    1644 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    1840 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1888 C:\Windows\System32\wlanext.exe
    1796 C:\Windows\System32\svchost.exe
    1988 C:\Windows\System32\spoolsv.exe
    2012 C:\Windows\System32\svchost.exe
    2060 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2092 C:\Windows\System32\AEstSrv.exe
    2104 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2116 C:\Program Files\Bonjour\mDNSResponder.exe
    2140 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    2176 C:\Windows\System32\svchost.exe
    2224 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2256 C:\Windows\System32\svchost.exe
    2368 C:\Windows\System32\svchost.exe
    2416 C:\Windows\System32\svchost.exe
    2464 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2604 C:\Windows\System32\stacsv.exe
    2728 C:\Windows\System32\svchost.exe
    2760 C:\Windows\System32\svchost.exe
    2792 C:\Windows\System32\SearchIndexer.exe
    3340 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\dwm.exe
    2924 C:\Windows\explorer.exe
    3388 C:\Program Files\DellTPad\Apoint.exe
    3940 C:\Windows\OEM02Mon.exe
    3364 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2400 C:\Program Files\Dell\MediaDirect\PCMService.exe
    3824 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3436 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3884 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    508 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    1916 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    3580 C:\Program Files\iTunes\iTunesHelper.exe
    2184 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    4288 C:\Program Files\DellTPad\ApMsgFwd.exe
    4332 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    4404 C:\Program Files\DellTPad\ApntEx.exe
    4556 C:\Program Files\DellTPad\hidfind.exe
    6136 C:\Program Files\iPod\bin\iPodService.exe
    4084 C:\Program Files\Mozilla Firefox\firefox.exe
    4124 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4956 C:\Windows\System32\svchost.exe
    2360 C:\Windows\System32\taskeng.exe
    940 C:\Windows\System32\taskeng.exe
    3876 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3848 C:\Users\Flaerong\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    5064 iexplore.exe
    1940 C:\Program Files\Internet Explorer\iexplore.exe
    4876 C:\Windows\System32\dllhost.exe
    3588 C:\Users\Flaerong\Desktop\MBRCheck.exe
    3136 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
    SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Welcome aboard [​IMG]

    Please, don't mark your topic with any prefixes, like [Active].
    They're reserved for malware helpers, so we know, someone replied to your thread.

    Malwarebytes log is missing.


    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Pres the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 3 for Windows Vista, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot and run MBRCheck again and post that log.
     
  3. Mandragora

    Mandragora TS Rookie Topic Starter

    Sorry about that! I saw all the tags and thought you were supposed to add it on.

    Is this the right log?

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4417

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18928

    8/11/2010 2:28:57 AM
    mbam-log-2010-08-11 (02-28-57).txt

    Scan type: Quick scan
    Objects scanned: 135402
    Time elapsed: 7 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Mandragora

    Mandragora TS Rookie Topic Starter

    Ok, I figured out what you meant by MBRCheck and followed your instructions:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: XPS M1530
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 158):
    0x82600000 \SystemRoot\system32\ntkrnlpa.exe
    0x829B9000 \SystemRoot\system32\hal.dll
    0x8040B000 \SystemRoot\system32\kdcom.dll
    0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80482000 \SystemRoot\system32\PSHED.dll
    0x80493000 \SystemRoot\system32\BOOTVID.dll
    0x8049B000 \SystemRoot\system32\CLFS.SYS
    0x804DC000 \SystemRoot\system32\CI.dll
    0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80694000 \SystemRoot\System32\Drivers\spvb.sys
    0x80787000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x80790000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x807B6000 \SystemRoot\system32\drivers\acpi.sys
    0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
    0x805BC000 \SystemRoot\system32\drivers\pci.sys
    0x805E3000 \SystemRoot\System32\drivers\partmgr.sys
    0x80608000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x805F2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x88400000 \SystemRoot\system32\drivers\volmgr.sys
    0x8840F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x88459000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x88460000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8846E000 \SystemRoot\system32\drivers\pciide.sys
    0x88475000 \SystemRoot\System32\drivers\mountmgr.sys
    0x88485000 \SystemRoot\system32\drivers\iastorv.sys
    0x88526000 \SystemRoot\system32\drivers\iastor.sys
    0x885ED000 \SystemRoot\system32\drivers\atapi.sys
    0x88606000 \SystemRoot\system32\drivers\ataport.SYS
    0x88624000 \SystemRoot\system32\drivers\fltmgr.sys
    0x88656000 \SystemRoot\system32\drivers\fileinfo.sys
    0x88666000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x886D7000 \SystemRoot\system32\drivers\ndis.sys
    0x88800000 \SystemRoot\system32\drivers\msrpc.sys
    0x8882B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88866000 \SystemRoot\System32\drivers\tcpip.sys
    0x88950000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88A03000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88B13000 \SystemRoot\system32\drivers\volsnap.sys
    0x88B4C000 \SystemRoot\System32\Drivers\spldr.sys
    0x88B54000 \SystemRoot\System32\Drivers\mup.sys
    0x88B63000 \SystemRoot\System32\drivers\ecache.sys
    0x88B8A000 \SystemRoot\system32\drivers\disk.sys
    0x88B9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x88BBC000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8C4CC000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8C4D7000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8C4E0000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8D607000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8E085000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8E087000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8E126000 \SystemRoot\System32\drivers\watchdog.sys
    0x8E132000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8E13D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8E17B000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C4EF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8E18A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x8CA03000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x8CC32000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8CC42000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8CC50000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8CC6A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8CC7B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8CC8F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8CCE1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8CCF4000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8CD20000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8CD2B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8CD36000 \SystemRoot\system32\drivers\Afc.sys
    0x8CD3E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8CD56000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8CD5C000 \SystemRoot\System32\Drivers\acdsb3ci.SYS
    0x8CD95000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8CD99000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8CDA2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8C57C000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8CDD1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8CDDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8CDF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8E1D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8C5BD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8C5CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8C5E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x88BD2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8CDFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8896B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8E1F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x88BE2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x88995000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x88BEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FA0B000 \SystemRoot\system32\drivers\stwrt.sys
    0x8FA60000 \SystemRoot\system32\drivers\portcls.sys
    0x8FA8D000 \SystemRoot\system32\drivers\drmk.sys
    0x8FAB2000 \SystemRoot\System32\Drivers\tcusb.sys
    0x8FABC000 \SystemRoot\System32\Drivers\USBD.SYS
    0x8FABE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8FAD5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8FADE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8FAEE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8FAF5000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
    0x8FB2F000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
    0x8FB31000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8FB39000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FB42000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FB49000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FB50000 \SystemRoot\System32\drivers\vga.sys
    0x8FB5C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FB7D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FB85000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FB8D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FB98000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FBA6000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FBAF000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FBC5000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8FBCF000 \SystemRoot\system32\DRIVERS\smb.sys
    0x9180E000 \SystemRoot\system32\drivers\afd.sys
    0x91856000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x9185B000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x9188D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x918A3000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x918B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x918C4000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x91900000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9190A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x91921000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x91948000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x91983000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8C400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x99CE0000 \SystemRoot\System32\win32k.sys
    0x91990000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9199A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x99F00000 \SystemRoot\System32\TSDDD.dll
    0x99F20000 \SystemRoot\System32\cdd.dll
    0x919A9000 \SystemRoot\system32\drivers\luafv.sys
    0x919C4000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x919DB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9EC0E000 \SystemRoot\system32\drivers\spsys.sys
    0x9ECBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9ECCE000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9ECF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9ED02000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9ED15000 \SystemRoot\system32\drivers\HTTP.sys
    0x9ED82000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9ED9F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9EDB8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9EDCD000 \SystemRoot\system32\drivers\mrxdav.sys
    0x919DE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA1803000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA183C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA1854000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA187B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA18E1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA1909000 \SystemRoot\system32\drivers\peauth.sys
    0xA19E7000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA19F1000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA18C9000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77070000 \Windows\System32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 80):
    0 System Idle Process
    4 System
    468 C:\Windows\System32\smss.exe
    580 csrss.exe
    640 C:\Windows\System32\wininit.exe
    652 csrss.exe
    684 C:\Windows\System32\services.exe
    696 C:\Windows\System32\lsass.exe
    708 C:\Windows\System32\lsm.exe
    856 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\nvvsvc.exe
    948 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\audiodg.exe
    1180 C:\Windows\System32\winlogon.exe
    1232 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\SLsvc.exe
    1340 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\nvvsvc.exe
    1516 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    1584 C:\Windows\System32\svchost.exe
    1868 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1876 C:\Windows\System32\svchost.exe
    1916 C:\Windows\System32\wlanext.exe
    1604 C:\Windows\System32\spoolsv.exe
    1668 C:\Windows\System32\svchost.exe
    232 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2072 C:\Windows\System32\AEstSrv.exe
    2100 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2112 C:\Program Files\Bonjour\mDNSResponder.exe
    2140 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    2180 C:\Windows\System32\svchost.exe
    2216 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2360 C:\Windows\System32\svchost.exe
    2440 C:\Windows\System32\svchost.exe
    2472 C:\Windows\System32\svchost.exe
    2536 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2564 C:\Windows\System32\rpcnet.exe
    2616 C:\Windows\System32\svchost.exe
    2652 C:\Windows\System32\stacsv.exe
    2804 C:\Windows\System32\svchost.exe
    2844 C:\Windows\System32\svchost.exe
    2864 C:\Windows\System32\SearchIndexer.exe
    3432 C:\Windows\System32\dwm.exe
    3460 C:\Windows\System32\taskeng.exe
    3536 C:\Windows\System32\taskeng.exe
    3572 C:\Windows\explorer.exe
    3680 C:\Program Files\Windows Defender\MSASCui.exe
    3688 C:\Program Files\DellTPad\Apoint.exe
    3724 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3736 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3812 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3828 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    3836 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    3864 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    3872 C:\Program Files\iTunes\iTunesHelper.exe
    3924 C:\Program Files\DellTPad\ApMsgFwd.exe
    3936 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    3996 C:\Program Files\DellTPad\hidfind.exe
    4064 C:\Program Files\DellTPad\ApntEx.exe
    4080 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    2672 iexplore.exe
    3012 C:\Program Files\Internet Explorer\iexplore.exe
    2660 C:\Program Files\Mozilla Firefox\firefox.exe
    4168 C:\Program Files\iPod\bin\iPodService.exe
    4764 C:\Windows\System32\SearchProtocolHost.exe
    5160 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5484 C:\Program Files\Windows Media Player\wmpnscfg.exe
    5624 C:\Program Files\Windows Media Player\wmpnetwk.exe
    6096 C:\Users\Flaerong\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    5120 C:\Program Files\Ventrilo\Ventrilo.exe
    4424 WmiPrvSE.exe
    3124 C:\Windows\System32\SearchFilterHost.exe
    1324 C:\Program Files\Internet Explorer\iexplore.exe
    3788 C:\Windows\System32\SearchProtocolHost.exe
    3988 C:\Users\Flaerong\Desktop\MBRCheck.exe
    5476 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
    SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows Vista)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 3
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
  5. Broni

    Broni Malware Annihilator Posts: 47,048   +256

     
  6. Mandragora

    Mandragora TS Rookie Topic Starter

    This is what I get after the reboot:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: XPS M1530
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 158):
    0x8260C000 \SystemRoot\system32\ntkrnlpa.exe
    0x829C5000 \SystemRoot\system32\hal.dll
    0x80404000 \SystemRoot\system32\kdcom.dll
    0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8047B000 \SystemRoot\system32\PSHED.dll
    0x8048C000 \SystemRoot\system32\BOOTVID.dll
    0x80494000 \SystemRoot\system32\CLFS.SYS
    0x804D5000 \SystemRoot\system32\CI.dll
    0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80696000 \SystemRoot\System32\Drivers\spfz.sys
    0x80789000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x80792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x807B8000 \SystemRoot\system32\drivers\acpi.sys
    0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
    0x805B5000 \SystemRoot\system32\drivers\pci.sys
    0x805DC000 \SystemRoot\System32\drivers\partmgr.sys
    0x80608000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x805EB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x88407000 \SystemRoot\system32\drivers\volmgr.sys
    0x88416000 \SystemRoot\System32\drivers\volmgrx.sys
    0x88460000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x88467000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x88475000 \SystemRoot\system32\drivers\pciide.sys
    0x8847C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8848C000 \SystemRoot\system32\drivers\iastorv.sys
    0x8852D000 \SystemRoot\system32\drivers\iastor.sys
    0x885F4000 \SystemRoot\system32\drivers\atapi.sys
    0x88603000 \SystemRoot\system32\drivers\ataport.SYS
    0x88621000 \SystemRoot\system32\drivers\fltmgr.sys
    0x88653000 \SystemRoot\system32\drivers\fileinfo.sys
    0x88663000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x886D4000 \SystemRoot\system32\drivers\ndis.sys
    0x88802000 \SystemRoot\system32\drivers\msrpc.sys
    0x8882D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88868000 \SystemRoot\System32\drivers\tcpip.sys
    0x88952000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88A01000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88B11000 \SystemRoot\system32\drivers\volsnap.sys
    0x88B4A000 \SystemRoot\System32\Drivers\spldr.sys
    0x88B52000 \SystemRoot\System32\Drivers\mup.sys
    0x88B61000 \SystemRoot\System32\drivers\ecache.sys
    0x88B88000 \SystemRoot\system32\drivers\disk.sys
    0x88B99000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x88BBA000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8C4CE000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8C4D9000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8C4E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8CE0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8D88C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8D88E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8D92D000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D939000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8D944000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8D982000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C4F1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8D991000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x8DA0E000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x8DC3D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8DC4D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8DC5B000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8DC75000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8DC86000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8DC9A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8DCEC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8DCFF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8DD2B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8DD36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8DD41000 \SystemRoot\system32\drivers\Afc.sys
    0x8DD49000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8DD61000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8DD67000 \SystemRoot\System32\Drivers\arzdai4e.SYS
    0x8DDA0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8DDA4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8DDAD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8C57E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8DDDC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8DDE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8DA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8D9D7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8C5BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8C5CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8C5E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x88BD0000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DA0B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8896D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8CE00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x88BE0000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x88997000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x88BED000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FA04000 \SystemRoot\system32\drivers\stwrt.sys
    0x8FA59000 \SystemRoot\system32\drivers\portcls.sys
    0x8FA86000 \SystemRoot\system32\drivers\drmk.sys
    0x8FAC2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8FB00000 \SystemRoot\System32\Drivers\tcusb.sys
    0x8FB0A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8FB13000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8FB23000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8FB2A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8FB32000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FB3B000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FB42000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FB49000 \SystemRoot\System32\drivers\vga.sys
    0x8FB55000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FB76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FB7E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FB86000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FB91000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FB9F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FBA8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FBBE000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8FBC8000 \SystemRoot\system32\DRIVERS\smb.sys
    0x9180B000 \SystemRoot\system32\drivers\afd.sys
    0x91853000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x91858000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x9188A000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x918A0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x918AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x918C1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x918FD000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91907000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9191E000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x91945000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x91980000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8C400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x81CF0000 \SystemRoot\System32\win32k.sys
    0x9198D000 \SystemRoot\System32\drivers\Dxapi.sys
    0x91997000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x81F10000 \SystemRoot\System32\TSDDD.dll
    0x81F30000 \SystemRoot\System32\cdd.dll
    0x919A6000 \SystemRoot\system32\drivers\luafv.sys
    0x919C1000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x919D8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9EA01000 \SystemRoot\system32\drivers\spsys.sys
    0x9EAB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9EAC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9EAEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9EAF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9EB08000 \SystemRoot\system32\drivers\HTTP.sys
    0x9EB75000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9EB92000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9EBAB000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9EBC0000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9EBE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA180E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA1847000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA185F000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA1886000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA18EC000 \SystemRoot\system32\drivers\peauth.sys
    0xA19CA000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA19F2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA1800000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA18D4000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x919DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8FAC4000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
    0xA19FC000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
    0x77690000 \Windows\System32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 81):
    0 System Idle Process
    4 System
    464 C:\Windows\System32\smss.exe
    580 csrss.exe
    640 C:\Windows\System32\wininit.exe
    648 csrss.exe
    684 C:\Windows\System32\services.exe
    700 C:\Windows\System32\lsass.exe
    708 C:\Windows\System32\lsm.exe
    848 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\nvvsvc.exe
    944 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\audiodg.exe
    1196 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\SLsvc.exe
    1264 C:\Windows\System32\winlogon.exe
    1292 C:\Windows\System32\svchost.exe
    1504 C:\Windows\System32\svchost.exe
    1568 C:\Windows\System32\nvvsvc.exe
    1684 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    1708 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1868 C:\Windows\System32\wlanext.exe
    1544 C:\Windows\System32\svchost.exe
    1852 C:\Windows\System32\spoolsv.exe
    2012 C:\Windows\System32\svchost.exe
    2084 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    2112 C:\Windows\System32\AEstSrv.exe
    2140 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2152 C:\Program Files\Bonjour\mDNSResponder.exe
    2184 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    2244 C:\Windows\System32\svchost.exe
    2260 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2428 C:\Windows\System32\svchost.exe
    2448 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2520 C:\Windows\System32\rpcnet.exe
    2616 C:\Windows\System32\stacsv.exe
    2776 C:\Windows\System32\svchost.exe
    2808 C:\Windows\System32\svchost.exe
    2836 C:\Windows\System32\SearchIndexer.exe
    3516 C:\Windows\System32\dwm.exe
    3540 C:\Windows\System32\taskeng.exe
    3612 C:\Windows\System32\taskeng.exe
    3652 C:\Windows\explorer.exe
    3680 C:\Windows\System32\svchost.exe
    3796 C:\Program Files\Windows Defender\MSASCui.exe
    3824 C:\Program Files\DellTPad\Apoint.exe
    3864 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3880 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3912 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3928 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    3952 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    3960 C:\Program Files\iTunes\iTunesHelper.exe
    4008 C:\Program Files\DellTPad\ApMsgFwd.exe
    4052 C:\Program Files\DellTPad\hidfind.exe
    4060 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    2360 C:\Program Files\DellTPad\ApntEx.exe
    2456 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    3220 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    3512 iexplore.exe
    876 C:\Program Files\iPod\bin\iPodService.exe
    4260 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4372 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5496 C:\Program Files\Mozilla Firefox\firefox.exe
    4112 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4688 C:\Windows\System32\conime.exe
    5348 C:\Users\Flaerong\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    4020 C:\Program Files\Skype\Phone\Skype.exe
    5292 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    4868 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    5928 C:\Windows\System32\wuauclt.exe
    5032 C:\Program Files\Mozilla Firefox\plugin-container.exe
    7224 C:\Program Files\Internet Explorer\iexplore.exe
    7328 C:\Windows\System32\SearchProtocolHost.exe
    3668 C:\Windows\System32\SearchFilterHost.exe
    7400 C:\Program Files\Internet Explorer\iexplore.exe
    2796 C:\Users\Flaerong\Desktop\MBRCheck.exe
    8156 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
    SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows Vista)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 3
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Hmmm.....

    Please download ComboFix from Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. Mandragora

    Mandragora TS Rookie Topic Starter

  9. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Please download ComboFix from Here or Here to your Desktop.
     
  10. Mandragora

    Mandragora TS Rookie Topic Starter

    No more rogue iexplorer.exe! But I'm not sure if I have any other problems on my computer. I've recently had some BSOD problems with invalid kernel handles which I'm not sure are related or not.

    Here's my combofix log:
    -----------------------------------
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Good news :)

    Those BSODs could be a result of an infection.
    When we finish a whole cleaning process, you'll see how your computer is doing.

    Combofix log looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. Mandragora

    Mandragora TS Rookie Topic Starter

    OTL.txt and Extras.txt are attached:
     

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2010/08/12 01:15:22 | 000,000,000 | ---D | C] -- C:\wCFix
      @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "EnableFirewall" =dword:00000001
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  14. Mandragora

    Mandragora TS Rookie Topic Starter

    Here's the new OTL.Txt!
     

    Attached Files:

    • OTL.Txt
      File size:
      100.8 KB
      Views:
      1
  15. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    It doesn't look like you ran my fix.
     
  16. Mandragora

    Mandragora TS Rookie Topic Starter

    Oops! I clicked on Quick Scan not Quick Fix. Here's the log:

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\wCFix folder moved successfully.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Flaerong
    ->Temp folder emptied: 174515 bytes
    ->Temporary Internet Files folder emptied: 3481269 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 85642099 bytes
    ->Flash cache emptied: 29888 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 575069 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 286166996 bytes

    Total Files Cleaned = 359.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Flaerong
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08132010_234017

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\TMP0000004B9A1CC9EBD4D37702 not found!

    Registry entries deleted on Reboot...
     
  17. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Now, you're talking :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  18. Mandragora

    Mandragora TS Rookie Topic Starter

    Here's the checkup .txt. Doing the other steps now...
    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSASCui.exe
    Windows Defender MSASCui.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  19. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
     
  20. Mandragora

    Mandragora TS Rookie Topic Starter

    Ran JavaRa (and did it the right way this time, forgot to take out the def file) and here's the Kaspersky report:
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, August 14, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, August 13, 2010 21:03:58
    Records in database: 4132666
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 186045
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 03:09:11


    File name / Threat / Threats count
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

    Selected area has been scanned.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Good :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ====================================================================

    Your computer is clean [​IMG]


    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  22. Mandragora

    Mandragora TS Rookie Topic Starter

    Thank you so much! Sorry for the late reply, I didn't do the last step until today because I've been moving back to college and traveling.

    I really appreciate all the help you guys have given me. Now my computer's running smoothly again and hopefully I'll keep it that way!
     
  23. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.