Inactive Nasty Virus infection including fakeantivirus

Status
Not open for further replies.

nonaestet

Posts: 26   +0
I have a friends computer from work that I am attempting to fix, and it seems like it only wants to run in safe mode, ive ran several scanns.. which have come up with various virus. The original problem was the fakeantivirus. I ran hirens boot disk, cleaned alot of the infections off of the computer, and alot of the issues are resolved, but im sure there are more. one of the weird problems it has is when booting normally the system runs the windows up dates every time, yet never installs the updates. This is before the user log in. The system is running Vist Sp1, aqnd im sure the updates are needed.

DDS (Ver_10-11-10.01) - NTFSx86 NETWORK
Run by Owner at 15:07:58.68 on Mon 11/22/2010
Internet Explorer: 7.0.6000.16681
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2424 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AntiVir Desktop *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-4 4232704]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-21 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-21 267944]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-21 60936]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-3 135664]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-11-22 312152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-21 1153368]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-13 1174152]

=============== Created Last 30 ================

2010-11-22 19:54:43 -------- d-s---w- C:\ComboFix
2010-11-22 03:05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 02:53:30 -------- d-----w- c:\users\owner\appdata\roaming\Avira
2010-11-22 02:43:49 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-22 02:43:46 -------- d-----w- c:\program files\Avira
2010-11-22 02:43:46 -------- d-----w- c:\progra~2\Avira
2010-11-22 01:24:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 01:16:48 -------- d-----w- c:\program files\IObit
2010-11-21 23:12:13 -------- d-----w- c:\users\owner\appdata\local\Threat Expert
2010-11-19 01:22:50 -------- d-----w- c:\users\owner\appdata\roaming\Spam Monitor
2010-11-19 01:22:50 -------- d-----w- c:\users\owner\appdata\roaming\PCToolsFirewallPlus
2010-11-19 00:32:43 -------- d-----w- c:\progra~2\PC Tools
2010-11-18 07:56:22 -------- d-----w- c:\users\owner\appdata\local\temp(12)

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
 

Attachments

  • Attach.txt
    17.4 KB · Views: 0
  • DDS.txt
    7.7 KB · Views: 0
  • ark.txt
    2.5 KB · Views: 0
MBAM does not run a full scan.. it locks up on a dll file. I did not realize that the DDS log was incomplete. im running the tool now
 
No need for MBAM full scan.
If you've read our instructions, we need "Quick scan" only.
 
DDS (Ver_10-11-10.01) - NTFSx86 NETWORK
Run by Owner at 15:07:58.68 on Mon 11/22/2010
Internet Explorer: 7.0.6000.16681
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2424 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AntiVir Desktop *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-4 4232704]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-21 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-21 267944]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-21 60936]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-3 135664]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-11-22 312152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-21 1153368]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-13 1174152]

=============== Created Last 30 ================

2010-11-22 19:54:43 -------- d-s---w- C:\ComboFix
2010-11-22 03:05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 02:53:30 -------- d-----w- c:\users\owner\appdata\roaming\Avira
2010-11-22 02:43:49 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-22 02:43:46 -------- d-----w- c:\program files\Avira
2010-11-22 02:43:46 -------- d-----w- c:\progra~2\Avira
2010-11-22 01:24:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 01:16:48 -------- d-----w- c:\program files\IObit
2010-11-21 23:12:13 -------- d-----w- c:\users\owner\appdata\local\Threat Expert
2010-11-19 01:22:50 -------- d-----w- c:\users\owner\appdata\roaming\Spam Monitor
2010-11-19 01:22:50 -------- d-----w- c:\users\owner\appdata\roaming\PCToolsFirewallPlus
2010-11-19 00:32:43 -------- d-----w- c:\progra~2\PC Tools
2010-11-18 07:56:22 -------- d-----w- c:\users\owner\appdata\local\temp(12)

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 15:09:12.80 ===============
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-22 16:21:59
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pxrdypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!DialogBoxIndirectParamW 774D14EA 5 Bytes JMP 713A1667 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!MessageBoxExA 774E570D 5 Bytes JMP 713A15AE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!DialogBoxParamA 774E65BF 5 Bytes JMP 713A162C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!MessageBoxIndirectW 774EF1B3 5 Bytes JMP 712316B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!DialogBoxParamW 774F129F 5 Bytes JMP 7120F301 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!DialogBoxIndirectParamA 775129C9 5 Bytes JMP 713A16A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!MessageBoxIndirectA 7751FACF 5 Bytes JMP 713A15E8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[616] USER32.dll!MessageBoxExW 7751FBC9 5 Bytes JMP 713A1574 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
ahh ok ill post the quickscan log in a couple of minutes. Im on another forum, and was reading there rules, sorry for the misunderstanding.
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5166

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16681

11/23/2010 1:11:11 AM
mbam-log-2010-11-23 (01-11-11).txt

Scan type: Quick scan
Objects scanned: 167879
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Is the computer still unable to boot to normal mode?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Yeah mbrcheck detects that my master boot record is infected.. here is the log.
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L355
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 109):
0x82C00000 \SystemRoot\system32\ntkrnlpa.exe
0x82FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80458000 \SystemRoot\system32\drivers\msisadrv.sys
0x80433000 \SystemRoot\system32\drivers\pci.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\intelide.sys
0x807F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807EB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806D9000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x806D1000 \SystemRoot\system32\drivers\atapi.sys
0x806B3000 \SystemRoot\system32\drivers\ataport.SYS
0x806AA000 \SystemRoot\system32\drivers\msahci.sys
0x80679000 \SystemRoot\system32\drivers\fltmgr.sys
0x80669000 \SystemRoot\system32\drivers\fileinfo.sys
0x80660000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x834FC000 \SystemRoot\system32\drivers\ndis.sys
0x80635000 \SystemRoot\system32\drivers\msrpc.sys
0x834C3000 \SystemRoot\system32\drivers\NETIO.SYS
0x836F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83459000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83423000 \SystemRoot\system32\drivers\volsnap.sys
0x80630000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x80619000 \SystemRoot\System32\drivers\partmgr.sys
0x8060A000 \SystemRoot\System32\Drivers\mup.sys
0x836D3000 \SystemRoot\System32\drivers\ecache.sys
0x83412000 \SystemRoot\system32\drivers\disk.sys
0x836B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80601000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C0A5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C0B0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8C09A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C05D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C04F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C03D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C019000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F1ED000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8C006000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ED85000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ED55000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8BC7E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED4A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ED32000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EC7D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EC3D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EC32000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EC1B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EC10000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ED0F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x83683000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ECBF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F0FD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BC7C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F003000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EFC6000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8ECA8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F02D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EF92000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BD20000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C0CB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EDA5000 \SystemRoot\System32\Drivers\Null.SYS
0x8EDAC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BCEE000 \SystemRoot\System32\drivers\vga.sys
0x8EEB1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F03A000 \SystemRoot\System32\drivers\watchdog.sys
0x8C1B8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ECB4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EE83000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C0D4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F92F000 \SystemRoot\System32\drivers\tcpip.sys
0x8EE6A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EE55000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EE41000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EE0F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F918000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F8D1000 \SystemRoot\system32\drivers\afd.sys
0x8F8BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EE01000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F880000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F836000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F81F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FBED000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x97A00000 \SystemRoot\System32\win32k.sys
0x8FB93000 \SystemRoot\System32\drivers\Dxapi.sys
0x97DE0000 \SystemRoot\System32\drivers\dxg.sys
0x97C00000 \SystemRoot\System32\TSDDD.dll
0x97C10000 \SystemRoot\System32\framebuf.dll
0x9A068000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x98415000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98481000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A014000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A6C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A689000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A002000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B4A5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76EC0000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
392 csrss.exe
428 csrss.exe
436 C:\Windows\System32\wininit.exe
480 C:\Windows\System32\winlogon.exe
512 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
904 C:\Windows\servicing\TrustedInstaller.exe
964 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1636 C:\Windows\explorer.exe
1348 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`4c900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
after looking at the combo fix log it looks like the avg removal tool failed. here is the log.
ComboFix 10-11-23.02 - Owner 11/24/2010 2:02.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2578 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AntiVir Desktop *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\recycler

.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-24 07:09 . 2010-11-24 07:09 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-11-24 07:09 . 2010-11-24 07:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-11-24 07:09 . 2010-11-24 07:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-11-24 07:00 . 2010-11-24 07:00 -------- d-----w- C:\32788R22FWJFW
2010-11-22 03:05 . 2010-11-22 03:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 02:53 . 2010-11-22 02:53 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
2010-11-22 02:43 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-22 02:43 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-22 02:43 . 2010-11-22 02:43 -------- d-----w- c:\programdata\Avira
2010-11-22 02:43 . 2010-11-22 02:43 -------- d-----w- c:\program files\Avira
2010-11-22 01:24 . 2010-11-22 01:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 01:16 . 2010-11-22 10:34 -------- d-----w- c:\program files\IObit
2010-11-21 23:12 . 2010-11-21 23:12 -------- d-----w- c:\users\Owner\AppData\Local\Threat Expert
2010-11-19 01:22 . 2010-11-19 01:22 -------- d-----w- c:\users\Owner\AppData\Roaming\Spam Monitor
2010-11-19 01:22 . 2010-11-19 01:22 -------- d-----w- c:\users\Owner\AppData\Roaming\PCToolsFirewallPlus
2010-11-19 00:32 . 2010-11-22 02:22 -------- d-----w- c:\programdata\PC Tools
2010-11-08 05:19 . 2010-11-21 09:00 -------- d-----w- c:\users\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2010-04-16 16:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-10-22 07:12 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1E2393D-F9AB-40AD-8B03-E13A90F30B3E}\mpengine.dll
2010-09-26 06:06 . 2006-11-02 08:57 66048 ----a-w- c:\windows\system32\drivers\smb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2294666553-2699877921-459855803-1001]
"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 135664]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 mvb35316;mvb35316; [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-04-25 04:23 124928 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-11-22 02:33]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 11:30]

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 11:30]

2010-11-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-11-22 23:08]

2010-11-22 c:\windows\Tasks\User_Feed_Synchronization-{69747E9F-0818-49E9-9A2F-E3A783B1ADC6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 02:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-24 02:11:17
ComboFix-quarantined-files.txt 2010-11-24 07:11
ComboFix2.txt 2010-11-18 07:56
ComboFix3.txt 2010-11-17 20:22
ComboFix4.txt 2010-09-28 23:00

Pre-Run: 76,469,768,192 bytes free
Post-Run: 76,474,294,272 bytes free

- - End Of File - - F33868D13ADBB4C57AF2CAD2B5E28B4C
 
Is the computer still unable to boot to normal mode?

I can also see, that you don't have any service pack installed. Any particular reason for it?

Let's start with fixing your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Cant run the windows updates, and my friend is not very computer savvy, so he never updated prior to the infection. Ill run the CD as soon as I have a burnable CD in my possession.
 
I found a copy of his usb tool, ran it did the same thing as the cd, about to post the log. Happy Thanksgiving.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L355
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 109):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80458000 \SystemRoot\system32\drivers\msisadrv.sys
0x80433000 \SystemRoot\system32\drivers\pci.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\intelide.sys
0x807F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807EB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806D9000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x806D1000 \SystemRoot\system32\drivers\atapi.sys
0x806B3000 \SystemRoot\system32\drivers\ataport.SYS
0x806AA000 \SystemRoot\system32\drivers\msahci.sys
0x80679000 \SystemRoot\system32\drivers\fltmgr.sys
0x80669000 \SystemRoot\system32\drivers\fileinfo.sys
0x80660000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82CFC000 \SystemRoot\system32\drivers\ndis.sys
0x80635000 \SystemRoot\system32\drivers\msrpc.sys
0x82CC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x82EF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82C59000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C23000 \SystemRoot\system32\drivers\volsnap.sys
0x80630000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x80619000 \SystemRoot\System32\drivers\partmgr.sys
0x8060A000 \SystemRoot\System32\Drivers\mup.sys
0x82ED3000 \SystemRoot\System32\drivers\ecache.sys
0x82C12000 \SystemRoot\system32\drivers\disk.sys
0x82EB2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80601000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B42A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82E05000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ED50000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B983000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B4EC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B403000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E72C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EFED000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8B970000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ED5B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E68C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B4A6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED66000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E674000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E61F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ED10000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ED71000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E608000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ED7C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ECED000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82E83000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E661000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EEFD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B4A4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ECC3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC86000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8E64A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E654000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EB82000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B510000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B812000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E6CA000 \SystemRoot\System32\Drivers\Null.SYS
0x8E6D1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EB76000 \SystemRoot\System32\drivers\vga.sys
0x8EB55000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EBB6000 \SystemRoot\System32\drivers\watchdog.sys
0x8EB1E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B8F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED87000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EB0B000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8EAFD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B81B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EA2C000 \SystemRoot\System32\drivers\tcpip.sys
0x8EA13000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EEE8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EED4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EEA2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EE5B000 \SystemRoot\system32\drivers\afd.sys
0x8EE45000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EA05000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EE0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EE00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F5E9000 \SystemRoot\System32\Drivers\dfsc.sys
0x97400000 \SystemRoot\System32\win32k.sys
0x8F54D000 \SystemRoot\System32\drivers\Dxapi.sys
0x977E0000 \SystemRoot\System32\drivers\dxg.sys
0x97600000 \SystemRoot\System32\TSDDD.dll
0x97610000 \SystemRoot\System32\framebuf.dll
0x99555000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F4A1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95A0A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98809000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99477000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9943E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9942C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99416000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77470000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
400 csrss.exe
436 csrss.exe
444 C:\Windows\System32\wininit.exe
480 C:\Windows\System32\winlogon.exe
520 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
936 C:\Windows\servicing\TrustedInstaller.exe
992 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
2004 C:\Windows\explorer.exe
1564 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`4c900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
it says mbr is not flagged as bootable, and it says i can flag it as bootable, delete the partition information and set as bootable, or just flag as bootable.
 
Let's try something else...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L355
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 109):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80458000 \SystemRoot\system32\drivers\msisadrv.sys
0x80433000 \SystemRoot\system32\drivers\pci.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\intelide.sys
0x807F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807EB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806D9000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x806D1000 \SystemRoot\system32\drivers\atapi.sys
0x806B3000 \SystemRoot\system32\drivers\ataport.SYS
0x806AA000 \SystemRoot\system32\drivers\msahci.sys
0x80679000 \SystemRoot\system32\drivers\fltmgr.sys
0x80669000 \SystemRoot\system32\drivers\fileinfo.sys
0x80660000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82CFC000 \SystemRoot\system32\drivers\ndis.sys
0x80635000 \SystemRoot\system32\drivers\msrpc.sys
0x82CC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x82EF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82C59000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C23000 \SystemRoot\system32\drivers\volsnap.sys
0x80630000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x80619000 \SystemRoot\System32\drivers\partmgr.sys
0x8060A000 \SystemRoot\System32\Drivers\mup.sys
0x82ED3000 \SystemRoot\System32\drivers\ecache.sys
0x82C12000 \SystemRoot\system32\drivers\disk.sys
0x82EB2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80601000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B86F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82E05000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B864000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B827000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B819000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E0CC000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EBED000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8E0B9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E0AE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E00E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B9CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E003000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EBB8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EB78000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E15D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E146000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EB5D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EB3A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B40A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EB27000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B419000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9C8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EA2D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E9F0000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8EBE3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EA57000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E91C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B5F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E102000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E045000 \SystemRoot\System32\Drivers\Null.SYS
0x8E04C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B93D000 \SystemRoot\System32\drivers\vga.sys
0x8E8FB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EA64000 \SystemRoot\System32\drivers\watchdog.sys
0x8E1C0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E8D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E8C2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E10B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F32F000 \SystemRoot\System32\drivers\tcpip.sys
0x8E8A9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8E894000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E880000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E84E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E837000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F2E8000 \SystemRoot\system32\drivers\afd.sys
0x8E821000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E813000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F2AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E950000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F256000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F243000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x97400000 \SystemRoot\System32\win32k.sys
0x8E95A000 \SystemRoot\System32\drivers\Dxapi.sys
0x977E0000 \SystemRoot\System32\drivers\dxg.sys
0x97600000 \SystemRoot\System32\TSDDD.dll
0x97610000 \SystemRoot\System32\framebuf.dll
0x93065000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8E96E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F4C2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99238000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9921A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99FC7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93000000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99E38000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
392 csrss.exe
428 csrss.exe
436 C:\Windows\System32\wininit.exe
480 C:\Windows\System32\winlogon.exe
512 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
908 C:\Windows\servicing\TrustedInstaller.exe
968 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1564 C:\Windows\explorer.exe
1708 C:\Windows\HelpPane.exe
2036 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`4c900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Status
Not open for further replies.
Back