Merry Xmas and Happy New Year, Dave. All the best for this year
Thanks for your time of being a good helper here
So those for the log you requested
aswMBR
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-26 08:43:36
-----------------------------
08:43:36.593 OS Version: Windows 5.1.2600 Service Pack 3
08:43:36.593 Number of processors: 1 586 0xD08
08:43:36.593 ComputerName: SKY-20121011IPJ UserName: noname
08:43:38.375 Initialize success
08:43:48.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:43:48.578 Disk 0 Vendor: SAMSUNG_MP0603H UD100-14 Size: 56759MB BusType: 3
08:43:48.593 Disk 0 MBR read successfully
08:43:48.609 Disk 0 MBR scan
08:43:48.625 Disk 0 Windows XP default MBR code
08:43:48.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 56753 MB offset 63
08:43:48.640 Disk 0 scanning sectors +116230275
08:43:48.734 Disk 0 scanning C:\WINDOWS\system32\drivers
08:44:14.828 Service scanning
08:44:28.546 Modules scanning
08:44:36.703 Disk 0 trace - called modules:
08:44:36.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:44:36.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8610cab8]
08:44:36.718 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000007e[0x861ef9e8]
08:44:36.734 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x861ba940]
08:44:36.734 Scan finished successfully
08:45:04.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\noname\Desktop\MBR.dat"
08:45:04.171 The log file has been saved successfully to "C:\Documents and Settings\noname\Desktop\aswMBR log.txt"
SysProt
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\DOCUME~1\noname\LOCALS~1\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: AA0C4000
Module End: AA0D0000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: AA6674B0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwCreateThread
Address: AA6677F0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwDebugActiveProcess
Address: AA667AB0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwDuplicateObject
Address: AA6675D0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwLoadDriver
Address: AA6678B0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwOpenProcess
Address: AA667350
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwOpenThread
Address: AA667410
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwProtectVirtualMemory
Address: AA667570
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwQueueApcThread
Address: AA667630
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSetContextThread
Address: AA667530
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSetInformationThread
Address: AA6674F0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSetSecurityObject
Address: AA667670
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSetSystemInformation
Address: AA667870
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSuspendProcess
Address: AA6673B0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSuspendThread
Address: AA667430
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwSystemDebugControl
Address: AA667830
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwTerminateProcess
Address: AA667370
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwTerminateThread
Address: AA667470
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
Function Name: ZwWriteVirtualMemory
Address: AA6675F0
Driver Base: AA666000
Driver End: AA686000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetProcessInheritedFromUniqueProcessI
d
At Address: 804FD889
Jump To: EABC805A
Module Name: _unknown_
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\autorun.inf\123.
Status: Hidden
Object: C:\Documents and Settings\noname\Application Data\Microsoft\Office\Recent\«??» .LNK
Status: Hidden
Object: C:\Documents and Settings\noname\Application Data\Microsoft\Office\Recent\«?
»??:
?.LNK
Status: Hidden
Object: C:\Documents and Settings\noname\Application Data\Microsoft\Office\Recent\«???»??:
.LNK
Status: Hidden
Object: C:\Documents and Settings\noname\Application Data\Microsoft\Office\Recent\
??«?
».LNK
Status: Hidden
Object: C:\Documents and Settings\noname\Application Data\Microsoft\Office\Recent\??«?
?».LNK
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music\2011-06-03 ?? -
??+???Live ??
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music,\CD 1\--- applemilk.HaX3 ---.m3u
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music,\CD 2\--- applemilk.HaX3 ---.m3u
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music,\CD 2\04.??:
??.mp3
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music,\CD 2\05.
(
?).mp3
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music,\CD 2\09.??(
?):
??.mp3
Status: Hidden
Object: C:\Documents and Settings\noname\Desktop\Music,\CD 2\10.
?+???Live??.mp3
Status: Hidden
Object: C:\Documents and Settings\noname\Recent\«??»??:??.lnk
Status: Hidden
Object: C:\Documents and Settings\noname\Recent\«??».lnk
Status: Hidden
Object: C:\Documents and Settings\noname\Recent\«?
(
)»??:
?.lnk
Status: Hidden
Object: C:\Documents and Settings\noname\Recent\«?
»??:??.lnk
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied