Home / Software / Computer viruses and spyware / Malware issue (logs here)
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: 1 [2]  All - (Bottom) Print
Author Topic: Malware issue (logs here)  (Read 1016 times)
DragonMaster Jay
Malware Removal Specialist
Moderator
Mentor



Thanked: 103
Posts: 1,488

Certifications: List
Computer: Specs
Experience: Expert
OS: Windows 7
Malware/BSOD troubleshooter

Cheetah-Fast Antivirus Forum
« Reply #15 on: November 03, 2011, 06:03:37 AM »
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3[/list]
    • Double-click on MBRCheck.exe to run it.
    • It will open a black window...please do not fix anything (if it gives you an option).
    • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
    • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
    • Please copy and paste the contents of that log in your next reply.
    IP logged
    Regards,

    ~DMJ
    daveworm
    Topic Starter
    Rookie



    Posts: 36
    « Reply #16 on: November 03, 2011, 08:43:22 AM »
    Quote
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:         
    Windows Version:      Windows 7 Home Premium Edition
    Windows Information:       (build 7600), 64-bit
    Base Board Manufacturer:   DELL Inc.
    BIOS Manufacturer:      DELL INC.
    System Manufacturer:      DELL Inc.
    System Product Name:      Studio XPS 435T/9000
    Logical Drives Mask:      0x0080007c

    Kernel Drivers (total 170):
      0x02E13000 \SystemRoot\system32\ntoskrnl.exe
      0x033EF000 \SystemRoot\system32\hal.dll
      0x00BD2000 \SystemRoot\system32\kdcom.dll
      0x00C6D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
      0x00CB1000 \SystemRoot\system32\PSHED.dll
      0x00CC5000 \SystemRoot\system32\CLFS.SYS
      0x00D23000 \SystemRoot\system32\CI.dll
      0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys
      0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
      0x0105A000 \SystemRoot\System32\Drivers\sptd.sys
      0x011B7000 \SystemRoot\System32\Drivers\WMILIB.SYS
      0x011C0000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
      0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
      0x011EF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
      0x00ECF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
      0x00EDC000 \SystemRoot\system32\DRIVERS\pci.sys
      0x00F0F000 \SystemRoot\System32\drivers\partmgr.sys
      0x00F24000 \SystemRoot\system32\DRIVERS\volmgr.sys
      0x00F39000 \SystemRoot\System32\drivers\volmgrx.sys
      0x00F95000 \SystemRoot\System32\drivers\mountmgr.sys
      0x012E0000 \SystemRoot\system32\DRIVERS\iaStor.sys
      0x01200000 \SystemRoot\system32\DRIVERS\jraid.sys
      0x0121D000 \SystemRoot\system32\drivers\amdxata.sys
      0x01228000 \SystemRoot\system32\drivers\fltmgr.sys
      0x01274000 \SystemRoot\system32\drivers\fileinfo.sys
      0x01288000 \SystemRoot\System32\Drivers\PxHlpa64.sys
      0x0140D000 \SystemRoot\System32\Drivers\Ntfs.sys
      0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
      0x015AF000 \SystemRoot\System32\Drivers\ksecdd.sys
      0x01647000 \SystemRoot\System32\Drivers\cng.sys
      0x016BA000 \SystemRoot\System32\drivers\pcw.sys
      0x016CB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
      0x016D5000 \SystemRoot\system32\drivers\ndis.sys
      0x0181E000 \SystemRoot\system32\drivers\NETIO.SYS
      0x0187E000 \SystemRoot\System32\Drivers\ksecpkg.sys
      0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
      0x018A9000 \SystemRoot\System32\drivers\fwpkclnt.sys
      0x018F3000 \SystemRoot\system32\DRIVERS\volsnap.sys
      0x0193F000 \SystemRoot\System32\Drivers\spldr.sys
      0x01947000 \SystemRoot\System32\drivers\rdyboost.sys
      0x01981000 \SystemRoot\System32\Drivers\mup.sys
      0x01993000 \SystemRoot\System32\drivers\hwpolicy.sys
      0x0199C000 \SystemRoot\System32\DRIVERS\fvevol.sys
      0x019D6000 \SystemRoot\system32\DRIVERS\disk.sys
      0x017C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
      0x02FB1000 \SystemRoot\system32\DRIVERS\cdrom.sys
      0x02FDB000 \SystemRoot\System32\Drivers\Null.SYS
      0x02FE4000 \SystemRoot\System32\Drivers\Beep.SYS
      0x02FEB000 \SystemRoot\System32\drivers\vga.sys
      0x02E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
      0x02E25000 \SystemRoot\System32\drivers\watchdog.sys
      0x02E35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
      0x02E3E000 \SystemRoot\system32\drivers\rdpencdd.sys
      0x02E47000 \SystemRoot\system32\drivers\rdprefmp.sys
      0x02E50000 \SystemRoot\System32\Drivers\Msfs.SYS
      0x02E5B000 \SystemRoot\System32\Drivers\Npfs.SYS
      0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
      0x02E6C000 \SystemRoot\system32\DRIVERS\TDI.SYS
      0x03ECC000 \SystemRoot\system32\drivers\afd.sys
      0x03F55000 \SystemRoot\System32\DRIVERS\netbt.sys
      0x03F9A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
      0x03FA3000 \SystemRoot\system32\DRIVERS\pacer.sys
      0x03FC9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
      0x03FDF000 \SystemRoot\system32\DRIVERS\netbios.sys
      0x03E00000 \SystemRoot\system32\DRIVERS\wanarp.sys
      0x03E1B000 \SystemRoot\system32\DRIVERS\termdd.sys
      0x03E2F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
      0x03E39000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
      0x03E43000 \SystemRoot\system32\DRIVERS\rdbss.sys
      0x03E94000 \SystemRoot\system32\drivers\nsiproxy.sys
      0x03EA0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
      0x03EAB000 \SystemRoot\System32\drivers\discache.sys
      0x01600000 \SystemRoot\System32\Drivers\dfsc.sys
      0x03EBA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
      0x0161E000 \SystemRoot\system32\DRIVERS\tunnel.sys
      0x015C9000 \SystemRoot\system32\DRIVERS\intelppm.sys
      0x04A95000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
      0x0558F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
      0x04614000 \SystemRoot\System32\drivers\dxgkrnl.sys
      0x04708000 \SystemRoot\System32\drivers\dxgmms1.sys
      0x0474E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
      0x04772000 \SystemRoot\system32\DRIVERS\usbuhci.sys
      0x0477F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
      0x047D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
      0x05591000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
      0x04A00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
      0x04A3E000 \SystemRoot\System32\Drivers\apk4id25.SYS
      0x01294000 \SystemRoot\System32\Drivers\aj6vni46.SYS
      0x047E6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
      0x047EF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
      0x04600000 \SystemRoot\System32\Drivers\RootMdm.sys
      0x04A82000 \SystemRoot\system32\drivers\modem.sys
      0x055CA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
      0x00FAF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
      0x04608000 \SystemRoot\system32\DRIVERS\ndistapi.sys
      0x05C38000 \SystemRoot\system32\DRIVERS\ndiswan.sys
      0x05C67000 \SystemRoot\system32\DRIVERS\raspppoe.sys
      0x05C82000 \SystemRoot\system32\DRIVERS\raspptp.sys
      0x05CA3000 \SystemRoot\system32\DRIVERS\rassstp.sys
      0x05CBD000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
      0x05CC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
      0x05CD4000 \SystemRoot\system32\DRIVERS\mouclass.sys
      0x05CE3000 \SystemRoot\system32\DRIVERS\swenum.sys
      0x05CE5000 \SystemRoot\system32\DRIVERS\ks.sys
      0x05D28000 \SystemRoot\system32\DRIVERS\circlass.sys
      0x05D3A000 \SystemRoot\system32\DRIVERS\umbus.sys
      0x05D4C000 \SystemRoot\system32\DRIVERS\usbhub.sys
      0x05DA6000 \SystemRoot\System32\Drivers\NDProxy.SYS
      0x05DBB000 \SystemRoot\system32\drivers\nvhda64v.sys
      0x060FC000 \SystemRoot\system32\drivers\portcls.sys
      0x06139000 \SystemRoot\system32\drivers\drmk.sys
      0x0615B000 \SystemRoot\system32\drivers\ksthunk.sys
      0x0622B000 \SystemRoot\system32\drivers\RTKVHD64.sys
      0x063D8000 \SystemRoot\system32\DRIVERS\hidusb.sys
      0x063E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      0x06200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      0x06209000 \SystemRoot\system32\DRIVERS\USBD.SYS
      0x0620B000 \SystemRoot\system32\DRIVERS\mouhid.sys
      0x06218000 \SystemRoot\system32\DRIVERS\point64.sys
      0x06161000 \SystemRoot\system32\DRIVERS\kbdhid.sys
      0x06000000 \SystemRoot\system32\DRIVERS\netr28ux.sys
      0x0616F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
      0x00030000 \SystemRoot\System32\win32k.sys
      0x0617C000 \SystemRoot\System32\drivers\Dxapi.sys
      0x06188000 \SystemRoot\system32\DRIVERS\usbcir.sys
      0x061A7000 \SystemRoot\System32\Drivers\RtsUStor.sys
      0x061E1000 \SystemRoot\system32\DRIVERS\monitor.sys
      0x061EF000 \SystemRoot\System32\Drivers\crashdmp.sys
      0x02E79000 \SystemRoot\System32\Drivers\dump_iaStor.sys
      0x05DD3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
      0x05DE6000 \SystemRoot\system32\DRIVERS\hidir.sys
      0x005E0000 \SystemRoot\System32\TSDDD.dll
      0x00620000 \SystemRoot\System32\cdd.dll
      0x008B0000 \SystemRoot\System32\ATMFD.DLL
      0x05C00000 \SystemRoot\system32\drivers\luafv.sys
      0x015DF000 \SystemRoot\system32\drivers\WudfPf.sys
      0x05C23000 \SystemRoot\system32\DRIVERS\lltdio.sys
      0x06887000 \SystemRoot\system32\DRIVERS\nwifi.sys
      0x068DA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
      0x068ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
      0x06905000 \SystemRoot\system32\DRIVERS\vwifimp.sys
      0x0690F000 \SystemRoot\system32\drivers\HTTP.sys
      0x069D7000 \SystemRoot\system32\DRIVERS\bowser.sys
      0x06800000 \SystemRoot\System32\drivers\mpsdrv.sys
      0x06818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
      0x078F4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      0x07942000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      0x07800000 \SystemRoot\system32\drivers\peauth.sys
      0x078A6000 \SystemRoot\System32\Drivers\secdrv.SYS
      0x078B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
      0x078DE000 \SystemRoot\System32\drivers\tcpipreg.sys
      0x07965000 \SystemRoot\System32\DRIVERS\srv2.sys
      0x07C70000 \SystemRoot\System32\DRIVERS\srv.sys
      0x07D05000 \SystemRoot\System32\Drivers\fastfat.SYS
      0x07D3B000 \SystemRoot\system32\drivers\spsys.sys
      0x776B0000 \Windows\System32\ntdll.dll
      0x48410000 \Windows\System32\smss.exe
      0xFF9D0000 \Windows\System32\apisetschema.dll
      0xFF250000 \Windows\System32\autochk.exe
      0xFF7E0000 \Windows\System32\setupapi.dll
      0xFF580000 \Windows\System32\iertutil.dll
      0xFE7F0000 \Windows\System32\shell32.dll
      0xFE5E0000 \Windows\System32\ole32.dll
      0xFE5D0000 \Windows\System32\nsi.dll
      0xFE5B0000 \Windows\System32\imagehlp.dll
      0x77590000 \Windows\System32\kernel32.dll
      0xFE560000 \Windows\System32\Wldap32.dll
      0x77880000 \Windows\System32\normaliz.dll
      0xFE430000 \Windows\System32\wininet.dll
      0xFE350000 \Windows\System32\advapi32.dll

    Processes (total 67):
           0 System Idle Process
           4 System
         368 C:\Windows\System32\smss.exe
         520 csrss.exe
         620 C:\Windows\System32\wininit.exe
         636 csrss.exe
         668 C:\Windows\System32\winlogon.exe
         728 C:\Windows\System32\services.exe
         748 C:\Windows\System32\lsass.exe
         760 C:\Windows\System32\lsm.exe
         856 C:\Windows\System32\svchost.exe
         920 C:\Windows\System32\nvvsvc.exe
         960 C:\Windows\System32\svchost.exe
         136 C:\Windows\System32\svchost.exe
         528 C:\Windows\System32\svchost.exe
         628 C:\Windows\System32\svchost.exe
         148 C:\Windows\System32\audiodg.exe
        1084 C:\Windows\System32\svchost.exe
        1196 C:\Windows\System32\svchost.exe
        1436 C:\Windows\System32\nvvsvc.exe
        1504 C:\Windows\System32\spoolsv.exe
        1540 C:\Windows\System32\svchost.exe
        1640 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
        1660 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
        1708 C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
        1764 C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
        1844 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
        1896 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
        1928 C:\Windows\System32\svchost.exe
        1128 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
        2792 C:\Windows\System32\svchost.exe
        2856 WmiPrvSE.exe
        2600 C:\Windows\System32\dwm.exe
        2636 C:\Windows\explorer.exe
        2324 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
         196 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
        2612 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
        3212 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
        3268 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
        3292 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        3616 C:\Windows\System32\svchost.exe
        3720 C:\Windows\System32\taskhost.exe
        3892 C:\Windows\System32\SearchIndexer.exe
        4052 C:\Program Files (x86)\Internet Explorer\iexplore.exe
        3132 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
        1400 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
        3800 C:\Windows\System32\prevhost.exe
        3476 C:\Windows\System32\cmd.exe
        3456 C:\Windows\System32\conhost.exe
        3544 C:\Program Files (x86)\Java\jre6\bin\java.exe
        1396 C:\Windows\System32\SearchProtocolHost.exe
        2572 C:\Windows\System32\SearchFilterHost.exe
        1760 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        2212 C:\Windows\System32\sppsvc.exe
        3988 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
         376 C:\Windows\System32\svchost.exe
        2876 C:\Program Files\Windows Media Player\wmpnetwk.exe
        4260 C:\Windows\System32\cmd.exe
        4268 C:\Windows\System32\conhost.exe
        4284 C:\Program Files (x86)\Java\jre6\bin\java.exe
        4600 WmiPrvSE.exe
        4696 C:\Windows\servicing\TrustedInstaller.exe
        4764 C:\Windows\System32\wuauclt.exe
        3984 C:\Windows\System32\wbem\WMIADAP.exe
        4216 C:\Windows\System32\dllhost.exe
         228 C:\Users\David Crawford\Downloads\MBRCheck.exe
        1728 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`69a00000  (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01117

          Size  Device Name          MBR Status
      --------------------------------------------
        931 GB  \\.\PhysicalDrive0   MBR Code Faked!
                SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344 B


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
      [1] Dump the MBR of a physical disk to file.
      [2] Restore the MBR of a physical disk with a standard boot code.
      [3] Exit.

    Enter your choice:

    Done!

    Ahh
    IP logged
    DragonMaster Jay
    Malware Removal Specialist
    Moderator
    Mentor



    Thanked: 103
    Posts: 1,488

    Certifications: List
    Computer: Specs
    Experience: Expert
    OS: Windows 7
    Malware/BSOD troubleshooter

    Cheetah-Fast Antivirus Forum
    « Reply #17 on: November 04, 2011, 12:15:31 PM »
    Run MBRCheck.exe
    • Run MBRCheck.exe
    • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Please push the 'Y' key and then press Enter
    • When program ask you Enter your choice: enter 2 and press the Enter key
    • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
    • Enter 0 and press the Enter key.
    • The program will show Available MBR codes:, followed by a list of operating systems.  Please enter 1 for Windows XP, and then press Enter.
    • When asked Do you want to fix the MBR code? type in YES and press enter
    • Restart your PC.
    IP logged
    Regards,

    ~DMJ
    qenten40
    Newbie



    Posts: 2

    Experience: Beginner
    OS: Unknown
    « Reply #18 on: November 30, 2011, 08:50:34 PM »
    wow thanks to information.
    IP logged
    sbobet-ผลบอล-gclub-บาคาร่าออนไลน์
    Pages: 1 [2]  All - (Top) Print 
    Home / Software / Computer viruses and spyware / Malware issue (logs here) « previous next »
     


    Login with username, password and session length

    Old Forum Search | Forum Rules
    Copyright © 2010 Computer Hope ® All rights reserved.
    Powered by SMF 2.0 RC3 | SMF © 2006–2010, Simple Machines LLC
    Page created in 0.138 seconds with 20 queries.