Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help...my computer attacked by win32: patched wq

Started by popo88 , Nov 11 2011 06:00 AM

  • This topic is locked This topic is locked

#31
popo88
Posted 21 November 2011 - 04:03 AM

popo88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi,
Here is the aswmbr.exe log. I'll run the next step afterwards. Thanks.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 17:58:40
-----------------------------
17:58:40.343 OS Version: Windows 6.1.7601 Service Pack 1
17:58:40.343 Number of processors: 4 586 0x2502
17:58:40.343 ComputerName: HP-PC UserName: Hp
17:58:41.138 Initialize success
17:58:46.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:58:46.119 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
17:58:46.134 Disk 0 MBR read successfully
17:58:46.134 Disk 0 MBR scan
17:58:46.150 Disk 0 unknown MBR code
17:58:46.150 Disk 0 scanning sectors +625140400
17:58:46.181 Disk 0 scanning C:\Windows\system32\drivers
17:58:46.181 Service scanning
17:58:47.445 Modules scanning
17:58:48.303 Disk 0 trace - called modules:
17:58:48.318 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
17:58:48.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87eab3c0]
17:58:48.334 3 CLASSPNP.SYS[84bd559e] -> nt!IofCallDriver -> [0x87eabb20]
17:58:48.334 5 hpdskflt.sys[8d636090] -> nt!IofCallDriver -> [0x873c8c30]
17:58:48.334 7 ACPI.sys[84a1a3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8737e028]
17:58:48.350 Scan finished successfully
17:58:56.586 Disk 0 MBR has been saved successfully to "C:\Users\Hp\Desktop\MBR.dat"
17:58:56.586 The log file has been saved successfully to "C:\Users\Hp\Desktop\aswMBR.txt"
  • 0

Advertisements

#32
Essexboy
Posted 21 November 2011 - 01:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the make of your computer ? I.e. Dell HP etc. Also what are the currennt problems ? Windows update working ?

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#33
popo88
Posted 22 November 2011 - 06:24 AM

popo88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi,

Yup, window update seems to be working. Thanks. My computer is HP Pavilion dv4 Notebook PC.
Here is the log for MBRCheck.exe

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Insyde
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x000008fc

Kernel Drivers (total 263):
0x83443000 \SystemRoot\system32\ntoskrnl.exe
0x8340C000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x8483F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x848C4000 \SystemRoot\system32\PSHED.dll
0x848D5000 \SystemRoot\system32\BOOTVID.dll
0x848DD000 \SystemRoot\system32\CLFS.SYS
0x8491F000 \SystemRoot\system32\CI.dll
0x849CA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x84A3B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x84A49000 \SystemRoot\system32\drivers\ACPI.sys
0x84A91000 \SystemRoot\system32\drivers\WMILIB.SYS
0x84A9A000 \SystemRoot\system32\drivers\msisadrv.sys
0x84AA2000 \SystemRoot\system32\drivers\pci.sys
0x84ACC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x84AD7000 \SystemRoot\system32\drivers\isapnp.sys
0x84AE6000 \SystemRoot\system32\drivers\mpio.sys
0x84B0A000 \SystemRoot\System32\drivers\partmgr.sys
0x84B1B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x84B23000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x84B2E000 \SystemRoot\system32\drivers\volmgr.sys
0x84B3E000 \SystemRoot\System32\drivers\volmgrx.sys
0x84B89000 \SystemRoot\system32\drivers\intelide.sys
0x84B90000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x84B9E000 \SystemRoot\system32\drivers\aliide.sys
0x84BA5000 \SystemRoot\system32\drivers\amdide.sys
0x84BAC000 \SystemRoot\system32\drivers\cmdide.sys
0x84BB4000 \SystemRoot\System32\drivers\mountmgr.sys
0x84BCA000 \SystemRoot\system32\drivers\msdsm.sys
0x84800000 \SystemRoot\system32\drivers\nvraid.sys
0x8C836000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C85B000 \SystemRoot\system32\drivers\pciide.sys
0x8C862000 \SystemRoot\system32\drivers\viaide.sys
0x8C86A000 \SystemRoot\system32\drivers\iaStorV.sys
0x8C945000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8CA1F000 \SystemRoot\system32\drivers\atapi.sys
0x8CA28000 \SystemRoot\system32\drivers\ataport.SYS
0x8CA4B000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8CA63000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CAAB000 \SystemRoot\system32\drivers\msahci.sys
0x8CAB5000 \SystemRoot\system32\drivers\HpSAMD.sys
0x8CAC8000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8CB32000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8CB7E000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8CBA4000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8CBB8000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8CBDE000 \SystemRoot\system32\drivers\amdsata.sys
0x8CC10000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8CC4D000 \SystemRoot\system32\drivers\amdxata.sys
0x8CC56000 \SystemRoot\system32\DRIVERS\arc.sys
0x8CC6C000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8CC84000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8CCF7000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8CD07000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8CD21000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8CD31000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8CD4B000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8CD56000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8CDE8000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8CDF6000 \SystemRoot\system32\drivers\nvstor.sys
0x8CE1B000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8CF9A000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8CFEF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8C800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8D013000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8D038000 \SystemRoot\system32\drivers\fltmgr.sys
0x8D06C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8D07D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8D086000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8D1B5000 \SystemRoot\System32\Drivers\msrpc.sys
0x8D1E0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8D1F3000 \SystemRoot\System32\Drivers\cng.sys
0x8D250000 \SystemRoot\System32\drivers\pcw.sys
0x8D25E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8D267000 \SystemRoot\system32\drivers\ndis.sys
0x8D31E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8D35C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8D43F000 \SystemRoot\System32\drivers\tcpip.sys
0x8D589000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D5BA000 \SystemRoot\system32\DRIVERS\wd.sys
0x8D5C2000 \SystemRoot\system32\drivers\volsnap.sys
0x8D601000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8D60A000 \SystemRoot\System32\Drivers\spldr.sys
0x8D612000 \SystemRoot\system32\drivers\sbp2port.sys
0x8D62A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8D657000 \SystemRoot\System32\Drivers\mup.sys
0x8D667000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8D66F000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8D678000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8D6AA000 \SystemRoot\system32\DRIVERS\disk.sys
0x8D7B3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D7D2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D7D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D7E0000 \SystemRoot\System32\drivers\vga.sys
0x8D400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D421000 \SystemRoot\System32\drivers\watchdog.sys
0x8D42E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D436000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D7EC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8D7F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D381000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D38F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D3A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9340C000 \SystemRoot\system32\drivers\afd.sys
0x93466000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93498000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x934A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x934A8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x934C7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x934D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x934E6000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x93521000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93534000 \SystemRoot\system32\drivers\termdd.sys
0x93545000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9354B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9358C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93596000 \SystemRoot\system32\drivers\mssmbios.sys
0x935A0000 \??\C:\SPLASH.SYS\config\dvmio.sys
0x935A3000 \SystemRoot\System32\drivers\discache.sys
0x935AF000 \SystemRoot\System32\Drivers\dfsc.sys
0x935C7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x935D5000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x935E1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x93606000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93627000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9362B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x97001000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x9781C000 \SystemRoot\system32\DRIVERS\igdpmd32.sys
0x97E94000 \SystemRoot\System32\Drivers\fastfat.SYS
0x97EBE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x97F75000 \SystemRoot\System32\drivers\dxgmms1.sys
0x97FAE000 \SystemRoot\system32\drivers\HDAudBus.sys
0x97FCD000 \SystemRoot\system32\DRIVERS\HECI.sys
0x97FD8000 \SystemRoot\system32\drivers\usbehci.sys
0x9752B000 \SystemRoot\system32\drivers\USBPORT.SYS
0x97576000 \SystemRoot\system32\DRIVERS\athr.sys
0x97FE7000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x976A3000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x97800000 \SystemRoot\system32\drivers\i8042prt.sys
0x97FF1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x976DF000 \SystemRoot\system32\drivers\kbdclass.sys
0x976EC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x97722000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x97FFA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9772F000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x9774E000 \SystemRoot\system32\DRIVERS\enecir.sys
0x97767000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x97772000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x97784000 \SystemRoot\system32\drivers\wmiacpi.sys
0x9778D000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9779A000 \SystemRoot\System32\Drivers\RootMdm.sys
0x977A2000 \SystemRoot\system32\drivers\modem.sys
0x977AF000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x977C1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x977D9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9364E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x977E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93670000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93687000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9369E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x97818000 \SystemRoot\system32\drivers\swenum.sys
0x936A5000 \SystemRoot\system32\drivers\ks.sys
0x936D9000 \SystemRoot\system32\DRIVERS\circlass.sys
0x936E7000 \SystemRoot\system32\drivers\umbus.sys
0x936F5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93739000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9374A000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x93767000 \SystemRoot\system32\drivers\portcls.sys
0x93796000 \SystemRoot\system32\drivers\drmk.sys
0x82032000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8209D000 \SystemRoot\system32\DRIVERS\hidir.sys
0x820AC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x820BF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x820C6000 \SystemRoot\system32\drivers\kbdhid.sys
0x820D2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x820DD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x824C0000 \SystemRoot\System32\win32k.sys
0x820F3000 \SystemRoot\System32\drivers\Dxapi.sys
0x820FD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8210A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x821E4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x821F5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82720000 \SystemRoot\System32\TSDDD.dll
0x82750000 \SystemRoot\System32\cdd.dll
0x82230000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x82239000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82244000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82246000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x82258000 \SystemRoot\System32\Drivers\bthport.sys
0x822BC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x822D3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x822F7000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8231B000 \SystemRoot\system32\drivers\BthEnum.sys
0x82328000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x82343000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x82355000 \SystemRoot\system32\drivers\btwavdt.sys
0x823C8000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x8D6BB000 \SystemRoot\system32\drivers\btwaudio.sys
0x823E3000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x823EE000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x82770000 \SystemRoot\System32\ATMFD.DLL
0x82000000 \SystemRoot\system32\drivers\luafv.sys
0x82200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x937AF000 \SystemRoot\system32\drivers\WudfPf.sys
0x82219000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D73C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8201B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x937C9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D41A000 \SystemRoot\system32\drivers\HTTP.sys
0x9D49F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D4B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D4CA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D4ED000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D528000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x9D531000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D564000 \SystemRoot\system32\DRIVERS\idmwfp.sys
0x9D57C000 \SystemRoot\system32\drivers\peauth.sys
0x9D613000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D61D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D63E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D64B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D69B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D6EF000 \??\C:\Windows\system32\drivers\mbam.sys
0x9D78B000 \SystemRoot\system32\drivers\spsys.sys
0x773F0000 \Windows\System32\ntdll.dll
0x48060000 \Windows\System32\smss.exe
0x77630000 \Windows\System32\apisetschema.dll
0x00E50000 \Windows\System32\autochk.exe
0x775D0000 \Windows\System32\Wldap32.dll
0x77320000 \Windows\System32\user32.dll
0x775C0000 \Windows\System32\normaliz.dll
0x77160000 \Windows\System32\iertutil.dll
0x76FC0000 \Windows\System32\setupapi.dll
0x76F20000 \Windows\System32\advapi32.dll
0x762D0000 \Windows\System32\shell32.dll
0x76220000 \Windows\System32\rpcrt4.dll
0x775A0000 \Windows\System32\sechost.dll
0x76140000 \Windows\System32\kernel32.dll
0x77590000 \Windows\System32\psapi.dll
0x76020000 \Windows\System32\wininet.dll
0x75F10000 \Windows\System32\urlmon.dll
0x75E60000 \Windows\System32\msvcrt.dll
0x77580000 \Windows\System32\lpk.dll
0x75E00000 \Windows\System32\difxapi.dll
0x75D70000 \Windows\System32\oleaut32.dll
0x77570000 \Windows\System32\nsi.dll
0x75CD0000 \Windows\System32\usp10.dll
0x75C00000 \Windows\System32\msctf.dll
0x75BA0000 \Windows\System32\shlwapi.dll
0x75A40000 \Windows\System32\ole32.dll
0x759B0000 \Windows\System32\clbcatq.dll
0x77540000 \Windows\System32\imagehlp.dll
0x75930000 \Windows\System32\comdlg32.dll
0x758F0000 \Windows\System32\ws2_32.dll
0x758A0000 \Windows\System32\gdi32.dll
0x75880000 \Windows\System32\imm32.dll
0x75850000 \Windows\System32\wintrust.dll
0x757C0000 \Windows\System32\comctl32.dll
0x756A0000 \Windows\System32\crypt32.dll
0x75680000 \Windows\System32\devobj.dll
0x75650000 \Windows\System32\cfgmgr32.dll
0x75600000 \Windows\System32\KernelBase.dll
0x77530000 \Windows\System32\msasn1.dll

Processes (total 91):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
452 csrss.exe
548 C:\Windows\System32\wininit.exe
556 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\hpservice.exe
1256 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\spoolsv.exe
1512 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1540 C:\Windows\System32\svchost.exe
1632 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1780 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\taskhost.exe
1016 C:\Windows\System32\dwm.exe
1224 C:\Windows\explorer.exe
2116 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
2156 C:\Program Files\Winamp\winampa.exe
2172 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2196 C:\Program Files\IDT\WDM\sttray.exe
2408 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2420 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
2540 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
2580 C:\Windows\System32\igfxpers.exe
2612 C:\Windows\System32\igfxsrvc.exe
2620 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
2696 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2768 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
2816 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2848 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
2972 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3016 C:\Program Files\Apoint2K\Apoint.exe
3164 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3172 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3460 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3468 C:\Windows\System32\conhost.exe
3536 C:\Windows\System32\SearchIndexer.exe
3544 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3596 C:\Windows\System32\svchost.exe
3648 C:\Windows\System32\svchost.exe
3676 C:\Windows\System32\svchost.exe
3864 C:\Program Files\Internet Download Manager\IDMan.exe
1384 C:\Program Files\Apoint2K\ApMsgFwd.exe
2676 C:\Program Files\Windows Media Player\wmpnetwk.exe
2844 C:\Program Files\Apoint2K\ApntEx.exe
2360 C:\Windows\System32\conhost.exe
1668 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
2132 C:\Program Files\Skype\Phone\Skype.exe
3032 C:\Windows\System32\taskeng.exe
4076 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2568 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4108 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4164 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
4180 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4200 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
4216 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
4240 C:\Program Files\Windows Sidebar\sidebar.exe
4292 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4328 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4996 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5240 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5320 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
5720 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
5792 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2728 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2312 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
6088 C:\Windows\System32\taskeng.exe
6108 C:\Windows\System32\VSSVC.exe
3960 C:\Windows\System32\svchost.exe
5332 C:\Program Files\Internet Download Manager\IEMonitor.exe
3568 C:\Windows\System32\sppsvc.exe
3684 WmiPrvSE.exe
2876 C:\Program Files\Mozilla Firefox\firefox.exe
2352 C:\Windows\System32\SearchProtocolHost.exe
4596 C:\Windows\System32\SearchFilterHost.exe
2644 dllhost.exe
6112 dllhost.exe
4064 C:\Users\Hp\Desktop\MBRCheck.exe
5020 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000046`21900000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004a`7f500000 (FAT32)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000025`20700000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000023`9a300000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEKT-60V5T1, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6BDBBB12D593D77D69D6167800EB2D20E3F9FD61


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#34
Essexboy
Posted 22 November 2011 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you experiencing any problems at all ?
  • 0

#35
popo88
Posted 23 November 2011 - 07:13 AM

popo88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi,
I think my computer is ok now. Thank you soo much for your help.
  • 0

#36
Essexboy
Posted 23 November 2011 - 02:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#37
Essexboy
Posted 24 November 2011 - 02:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP