Please Help With Redirect Virus
Started by
ChristineBin
, Jun 17 2012 08:54 PM
#16
Posted 19 June 2012 - 04:00 PM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
#17
Posted 19 June 2012 - 04:27 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click on where it says Connections: (then the name of the connection)
Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties
3. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.
4. Click "OK" and close all of the windows that have opened.
See if that makes any difference.
If not:
Download
http://ad13.geekstogo.com/MBRCheck.exe
Save it and run it by right checking and Run As Admin. It will produce a log MBRCheck(date).txt on your desktop. (Close the program) Copy and paste it into a reply.
Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties
3. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.
4. Click "OK" and close all of the windows that have opened.
See if that makes any difference.
If not:
Download
http://ad13.geekstogo.com/MBRCheck.exe
Save it and run it by right checking and Run As Admin. It will produce a log MBRCheck(date).txt on your desktop. (Close the program) Copy and paste it into a reply.
#18
Posted 19 June 2012 - 07:00 PM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 188):
0x02A15000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7C000 \SystemRoot\system32\PSHED.dll
0x00C90000 \SystemRoot\system32\CLFS.SYS
0x00CEE000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F45000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F82000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0100D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01069000 \SystemRoot\System32\drivers\mountmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0108C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01128000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153D000 \SystemRoot\System32\drivers\pcw.sys
0x0154E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01558000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x015A4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0121A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B8000 \SystemRoot\System32\Drivers\Null.SYS
0x014C1000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DE000 \SystemRoot\System32\drivers\vga.sys
0x0119A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EC000 \SystemRoot\System32\drivers\watchdog.sys
0x01244000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011BF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x036F2000 \SystemRoot\system32\drivers\afd.sys
0x0377B000 \SystemRoot\system32\drivers\TDI.SYS
0x03788000 \SystemRoot\System32\DRIVERS\netbt.sys
0x037CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x037EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x037F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03626000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0363C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0364B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03666000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036E2000 \SystemRoot\System32\drivers\discache.sys
0x03A50000 \SystemRoot\system32\drivers\csc.sys
0x03AD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 188):
0x02A15000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7C000 \SystemRoot\system32\PSHED.dll
0x00C90000 \SystemRoot\system32\CLFS.SYS
0x00CEE000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F45000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F82000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0100D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01069000 \SystemRoot\System32\drivers\mountmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0108C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01128000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153D000 \SystemRoot\System32\drivers\pcw.sys
0x0154E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01558000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x015A4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0121A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B8000 \SystemRoot\System32\Drivers\Null.SYS
0x014C1000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DE000 \SystemRoot\System32\drivers\vga.sys
0x0119A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EC000 \SystemRoot\System32\drivers\watchdog.sys
0x01244000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011BF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x036F2000 \SystemRoot\system32\drivers\afd.sys
0x0377B000 \SystemRoot\system32\drivers\TDI.SYS
0x03788000 \SystemRoot\System32\DRIVERS\netbt.sys
0x037CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x037EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x037F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03626000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0363C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0364B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03666000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036E2000 \SystemRoot\System32\drivers\discache.sys
0x03A50000 \SystemRoot\system32\drivers\csc.sys
0x03AD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
#19
Posted 19 June 2012 - 08:00 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I don't think you let it finish or you didn't copy all of it. Please try mbrcheck again.
#20
Posted 20 June 2012 - 08:16 AM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 188):
0x02A15000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7C000 \SystemRoot\system32\PSHED.dll
0x00C90000 \SystemRoot\system32\CLFS.SYS
0x00CEE000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F45000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F82000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0100D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01069000 \SystemRoot\System32\drivers\mountmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0108C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01128000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153D000 \SystemRoot\System32\drivers\pcw.sys
0x0154E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01558000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x015A4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0121A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B8000 \SystemRoot\System32\Drivers\Null.SYS
0x014C1000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DE000 \SystemRoot\System32\drivers\vga.sys
0x0119A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EC000 \SystemRoot\System32\drivers\watchdog.sys
0x01244000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011BF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x036F2000 \SystemRoot\system32\drivers\afd.sys
0x0377B000 \SystemRoot\system32\drivers\TDI.SYS
0x03788000 \SystemRoot\System32\DRIVERS\netbt.sys
0x037CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x037EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x037F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03626000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0363C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0364B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03666000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036E2000 \SystemRoot\System32\drivers\discache.sys
0x03A50000 \SystemRoot\system32\drivers\csc.sys
0x03AD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B28000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03B3E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03C01000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x042E9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04253000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B47000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02C05000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02D74000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02D81000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02D9F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02DBD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02DC2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x02DDF000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x02DE6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BC3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043E9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02DFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x011E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x048F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04905000 \SystemRoot\system32\drivers\HdAudio.sys
0x04961000 \SystemRoot\system32\drivers\portcls.sys
0x0499E000 \SystemRoot\system32\drivers\drmk.sys
0x049C0000 \SystemRoot\system32\drivers\ksthunk.sys
0x04800000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x04C57000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x04EE7000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x04FB2000 \SystemRoot\system32\drivers\modem.sys
0x04FC1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04FCF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04FDB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04FE6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x04E0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x04E1A000 \SystemRoot\system32\drivers\luafv.sys
0x04E3D000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E73000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04EC6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0260D000 \SystemRoot\system32\drivers\HTTP.sys
0x026D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x026F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0270B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02738000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02786000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x027A9000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x027B0000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x032D4000 \SystemRoot\system32\drivers\peauth.sys
0x0337A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03385000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x033B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04637000 \SystemRoot\System32\DRIVERS\srv.sys
0x046CC000 \??\C:\Windows\system32\drivers\mbam.sys
0x04747000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77CA0000 \Windows\System32\ntdll.dll
0x47C90000 \Windows\System32\smss.exe
0xFFFC0000 \Windows\System32\apisetschema.dll
0xFF5A0000 \Windows\System32\autochk.exe
0xFFDD0000 \Windows\System32\setupapi.dll
0x77A90000 \Windows\System32\iertutil.dll
0xFFD50000 \Windows\System32\shlwapi.dll
0x77990000 \Windows\System32\user32.dll
0xFFB40000 \Windows\System32\ole32.dll
0xFEDB0000 \Windows\System32\shell32.dll
0xFED60000 \Windows\System32\Wldap32.dll
0xFEC30000 \Windows\System32\rpcrt4.dll
0xFEC10000 \Windows\System32\sechost.dll
0xFEBC0000 \Windows\System32\ws2_32.dll
0xFEB20000 \Windows\System32\clbcatq.dll
0xFEB10000 \Windows\System32\lpk.dll
0x77870000 \Windows\System32\kernel32.dll
0xFEAF0000 \Windows\System32\imagehlp.dll
0xFEA10000 \Windows\System32\advapi32.dll
0xFE940000 \Windows\System32\usp10.dll
0xFE830000 \Windows\System32\msctf.dll
0xFE820000 \Windows\System32\nsi.dll
0xFE740000 \Windows\System32\oleaut32.dll
0xFE6C0000 \Windows\System32\difxapi.dll
0xFE620000 \Windows\System32\msvcrt.dll
0xFE580000 \Windows\System32\comdlg32.dll
0xFE510000 \Windows\System32\gdi32.dll
0x77E70000 \Windows\System32\normaliz.dll
0x77E60000 \Windows\System32\psapi.dll
0x77720000 \Windows\System32\urlmon.dll
0x775C0000 \Windows\System32\wininet.dll
0xFE4E0000 \Windows\System32\imm32.dll
0xFE370000 \Windows\System32\crypt32.dll
0xFE2D0000 \Windows\System32\comctl32.dll
0xFE2B0000 \Windows\System32\devobj.dll
0xFE270000 \Windows\System32\wintrust.dll
0xFE230000 \Windows\System32\cfgmgr32.dll
0xFE1C0000 \Windows\System32\KernelBase.dll
0xFE1B0000 \Windows\System32\msasn1.dll
Processes (total 53):
0 System Idle Process
4 System
256 C:\Windows\System32\smss.exe
344 csrss.exe
396 C:\Windows\System32\wininit.exe
408 csrss.exe
456 C:\Windows\System32\winlogon.exe
500 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\spoolsv.exe
1208 C:\Windows\System32\svchost.exe
1296 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1324 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1364 C:\Program Files\Bonjour\mDNSResponder.exe
1412 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
1548 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
1572 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
1712 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\taskhost.exe
2748 C:\Windows\System32\dwm.exe
2780 C:\Windows\explorer.exe
3068 C:\Users\Jerome\AppData\Roaming\Dropbox\bin\Dropbox.exe
1356 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2440 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2644 C:\Windows\System32\SearchIndexer.exe
2864 C:\Program Files\Windows Media Player\wmpnetwk.exe
1304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1660 C:\Windows\System32\svchost.exe
3772 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
3972 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3904 C:\Windows\SysWOW64\notepad.exe
3652 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2312 C:\Windows\System32\cmd.exe
3864 C:\Windows\System32\conhost.exe
3968 C:\Windows\System32\notepad.exe
100 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
3748 C:\Windows\System32\wuauclt.exe
1396 C:\Windows\System32\audiodg.exe
2464 C:\Windows\System32\SearchProtocolHost.exe
2892 C:\Windows\System32\SearchFilterHost.exe
2220 C:\Users\Jerome\Downloads\MBRCheck.exe
1892 C:\Windows\System32\conhost.exe
608 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26000000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEKT-60V5T1, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 188):
0x02A15000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7C000 \SystemRoot\system32\PSHED.dll
0x00C90000 \SystemRoot\system32\CLFS.SYS
0x00CEE000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F45000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F82000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0100D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01069000 \SystemRoot\System32\drivers\mountmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0108C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01128000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153D000 \SystemRoot\System32\drivers\pcw.sys
0x0154E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01558000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x015A4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0121A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B8000 \SystemRoot\System32\Drivers\Null.SYS
0x014C1000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DE000 \SystemRoot\System32\drivers\vga.sys
0x0119A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EC000 \SystemRoot\System32\drivers\watchdog.sys
0x01244000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011BF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x036F2000 \SystemRoot\system32\drivers\afd.sys
0x0377B000 \SystemRoot\system32\drivers\TDI.SYS
0x03788000 \SystemRoot\System32\DRIVERS\netbt.sys
0x037CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x037EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x037F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03626000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0363C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0364B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03666000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036E2000 \SystemRoot\System32\drivers\discache.sys
0x03A50000 \SystemRoot\system32\drivers\csc.sys
0x03AD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B28000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03B3E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03C01000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x042E9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04253000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B47000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02C05000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02D74000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02D81000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02D9F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02DBD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02DC2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x02DDF000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x02DE6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BC3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043E9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02DFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x011E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x048F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04905000 \SystemRoot\system32\drivers\HdAudio.sys
0x04961000 \SystemRoot\system32\drivers\portcls.sys
0x0499E000 \SystemRoot\system32\drivers\drmk.sys
0x049C0000 \SystemRoot\system32\drivers\ksthunk.sys
0x04800000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x04C57000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x04EE7000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x04FB2000 \SystemRoot\system32\drivers\modem.sys
0x04FC1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04FCF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04FDB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04FE6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x04E0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x04E1A000 \SystemRoot\system32\drivers\luafv.sys
0x04E3D000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E73000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04EC6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0260D000 \SystemRoot\system32\drivers\HTTP.sys
0x026D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x026F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0270B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02738000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02786000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x027A9000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x027B0000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x032D4000 \SystemRoot\system32\drivers\peauth.sys
0x0337A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03385000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x033B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04637000 \SystemRoot\System32\DRIVERS\srv.sys
0x046CC000 \??\C:\Windows\system32\drivers\mbam.sys
0x04747000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77CA0000 \Windows\System32\ntdll.dll
0x47C90000 \Windows\System32\smss.exe
0xFFFC0000 \Windows\System32\apisetschema.dll
0xFF5A0000 \Windows\System32\autochk.exe
0xFFDD0000 \Windows\System32\setupapi.dll
0x77A90000 \Windows\System32\iertutil.dll
0xFFD50000 \Windows\System32\shlwapi.dll
0x77990000 \Windows\System32\user32.dll
0xFFB40000 \Windows\System32\ole32.dll
0xFEDB0000 \Windows\System32\shell32.dll
0xFED60000 \Windows\System32\Wldap32.dll
0xFEC30000 \Windows\System32\rpcrt4.dll
0xFEC10000 \Windows\System32\sechost.dll
0xFEBC0000 \Windows\System32\ws2_32.dll
0xFEB20000 \Windows\System32\clbcatq.dll
0xFEB10000 \Windows\System32\lpk.dll
0x77870000 \Windows\System32\kernel32.dll
0xFEAF0000 \Windows\System32\imagehlp.dll
0xFEA10000 \Windows\System32\advapi32.dll
0xFE940000 \Windows\System32\usp10.dll
0xFE830000 \Windows\System32\msctf.dll
0xFE820000 \Windows\System32\nsi.dll
0xFE740000 \Windows\System32\oleaut32.dll
0xFE6C0000 \Windows\System32\difxapi.dll
0xFE620000 \Windows\System32\msvcrt.dll
0xFE580000 \Windows\System32\comdlg32.dll
0xFE510000 \Windows\System32\gdi32.dll
0x77E70000 \Windows\System32\normaliz.dll
0x77E60000 \Windows\System32\psapi.dll
0x77720000 \Windows\System32\urlmon.dll
0x775C0000 \Windows\System32\wininet.dll
0xFE4E0000 \Windows\System32\imm32.dll
0xFE370000 \Windows\System32\crypt32.dll
0xFE2D0000 \Windows\System32\comctl32.dll
0xFE2B0000 \Windows\System32\devobj.dll
0xFE270000 \Windows\System32\wintrust.dll
0xFE230000 \Windows\System32\cfgmgr32.dll
0xFE1C0000 \Windows\System32\KernelBase.dll
0xFE1B0000 \Windows\System32\msasn1.dll
Processes (total 53):
0 System Idle Process
4 System
256 C:\Windows\System32\smss.exe
344 csrss.exe
396 C:\Windows\System32\wininit.exe
408 csrss.exe
456 C:\Windows\System32\winlogon.exe
500 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\spoolsv.exe
1208 C:\Windows\System32\svchost.exe
1296 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1324 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1364 C:\Program Files\Bonjour\mDNSResponder.exe
1412 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
1548 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
1572 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
1712 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\taskhost.exe
2748 C:\Windows\System32\dwm.exe
2780 C:\Windows\explorer.exe
3068 C:\Users\Jerome\AppData\Roaming\Dropbox\bin\Dropbox.exe
1356 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2440 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2644 C:\Windows\System32\SearchIndexer.exe
2864 C:\Program Files\Windows Media Player\wmpnetwk.exe
1304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1660 C:\Windows\System32\svchost.exe
3772 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
3972 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3904 C:\Windows\SysWOW64\notepad.exe
3652 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2312 C:\Windows\System32\cmd.exe
3864 C:\Windows\System32\conhost.exe
3968 C:\Windows\System32\notepad.exe
100 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
3748 C:\Windows\System32\wuauclt.exe
1396 C:\Windows\System32\audiodg.exe
2464 C:\Windows\System32\SearchProtocolHost.exe
2892 C:\Windows\System32\SearchFilterHost.exe
2220 C:\Users\Jerome\Downloads\MBRCheck.exe
1892 C:\Windows\System32\conhost.exe
608 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26000000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEKT-60V5T1, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
#21
Posted 20 June 2012 - 09:14 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Were you able to change the DNS to use 8.8.8.8 and 4.2.2.1?
Did that make any difference in the redirect?
Do you have the password for your DSL modem?
Did that make any difference in the redirect?
Do you have the password for your DSL modem?
#22
Posted 20 June 2012 - 08:14 PM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
I was able to change the setting, I still have a redirect virus. I have a wirless network key number to get onto the internet.
#23
Posted 20 June 2012 - 08:53 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
This is starting to look like an infected router
Open a browser. Type in 192.168.1.254
This should take you to your modem/router. Are you able to log on to it? Here is a list of default router passwords which may come in handy:
http://www.routerpasswords.com/
What we usually do is reset the router but you need to know how it is set up so you can restore the critical configs.
Ron
Open a browser. Type in 192.168.1.254
This should take you to your modem/router. Are you able to log on to it? Here is a list of default router passwords which may come in handy:
http://www.routerpasswords.com/
What we usually do is reset the router but you need to know how it is set up so you can restore the critical configs.
Ron
#24
Posted 21 June 2012 - 09:30 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute for things to settle down.
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute for things to settle down.
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
#25
Posted 22 June 2012 - 07:37 AM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
I did a system restore to an earlier time and it seems to be working ok now. Will this fix the issue? Also, A t&T supplied me this wireless router, if they sent me a new one would that fix the problem? Or would it be faster and better to just do the steps you would like to do with reconfiguring the router?
#26
Posted 22 June 2012 - 08:06 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
If a System Restore fixed the reset then it wasn't in the router and our tools must be missing some new style infection which System Restore removed. I'd say it's done and we can clean up:
We need to cleanup System Restore:
Copy the following:
That will get the last of the malware off the system.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
OTL has a cleanup tab if you go there it will remove itself and its logs.
To hide hidden files again (OTL may do it for you):
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
(Following may not apply to you if AT&T controls your router.)
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Ron
We need to cleanup System Restore:
Copy the following:
:Commands [CLEARALLRESTOREPOINTS] [Reboot]Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
That will get the last of the malware off the system.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
OTL has a cleanup tab if you go there it will remove itself and its logs.
To hide hidden files again (OTL may do it for you):
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
(Following may not apply to you if AT&T controls your router.)
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Ron
#27
Posted 24 June 2012 - 07:59 AM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
I am still getting the redirect virus. It happened again this morning? What do you suggest? Do you think the virus is in the router? If so how can I get rid of that? The modem I have is a dsl wirless router through at&t
#28
Posted 24 June 2012 - 09:10 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute for things to settle down.
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute for things to settle down.
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
#29
Posted 25 June 2012 - 01:44 PM
ChristineBin
- Topic Starter
-
- Member
-
- 56 posts
Member
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer System Idle Process 0 40.76 0 K 24 K procexp64.exe 2796 20.41 25,212 K 43,432 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals firefox.exe 3308 15.79 131,692 K 154,252 K Firefox Mozilla Corporation (Verified) Mozilla Corporation Updater.exe 2996 12.02 4,144 K 8,020 K Ask Updater Ask (Verified) Ask.com plugin-container.exe 3648 5.06 29,588 K 34,792 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation Interrupts n/a 1.77 0 K 0 K Hardware Interrupts and DPCs dwm.exe 2404 1.07 43,152 K 20,456 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows System 4 1.04 140 K 1,340 K csrss.exe 400 0.97 2,036 K 5,124 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows explorer.exe 492 0.19 28,152 K 45,392 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows svchost.exe 604 0.16 3,696 K 7,356 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 1432 0.15 6,904 K 14,636 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows lsass.exe 508 0.15 4,272 K 9,416 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows AppleMobileDeviceService.exe 1344 0.10 2,884 K 6,352 K MobileDeviceService Apple Inc. (Verified) Apple Inc. LogMeIn.exe 1588 0.09 18,424 K 13,744 K LogMeIn LogMeIn, Inc. (Verified) LogMeIn, Inc. svchost.exe 704 0.08 3,540 K 6,720 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 840 0.05 86,300 K 91,688 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 356 0.03 8,204 K 13,956 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows SearchIndexer.exe 2148 0.03 40,108 K 29,248 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows svchost.exe 332 0.01 14,024 K 13,908 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows plugin-container.exe 384 0.01 21,064 K 30,860 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation AAM Updates Notifier.exe 3340 0.01 4,224 K 6,436 K AAM Updates Notifier Application Adobe Systems Incorporated (Verified) Adobe Systems Incorporated svchost.exe 872 0.01 30,656 K 39,672 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows IntuitUpdateService.exe 3856 0.01 27,788 K 2,280 K Intuit Update Service Intuit Inc. (Verified) Intuit, Inc. svchost.exe 2840 0.01 9,860 K 12,296 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows taskhost.exe 2308 0.01 3,024 K 6,460 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows LMIGuardianSvc.exe 1480 < 0.01 2,684 K 5,296 K LMIGuardianSvc LogMeIn, Inc. (Verified) LogMeIn, Inc. wmpnetwk.exe 2288 10,932 K 6,664 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows winlogon.exe 448 2,428 K 5,544 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows wininit.exe 388 1,276 K 3,552 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows UpdateChecker.exe 2716 34,392 K 25,564 K FileHippo.com Update Checker FileHippo.com (Unable to verify) FileHippo.com taskeng.exe 1932 1,624 K 5,372 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows taskeng.exe 4012 1,628 K 5,396 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows svchost.exe 752 19,280 K 17,876 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 1204 13,784 K 11,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 3172 36,756 K 16,200 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 1760 1,648 K 4,632 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows spoolsv.exe 1168 7,708 K 9,584 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows smss.exe 256 352 K 924 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows services.exe 484 5,468 K 7,008 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows ramaint.exe 1524 3,340 K 3,828 K LogMeIn Maintenance Service LogMeIn, Inc. (Verified) LogMeIn, Inc. procexp.exe 2920 2,200 K 6,364 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation mscorsvw.exe 3756 5,024 K 7,060 K .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation mDNSResponder.exe 1380 1,708 K 4,276 K Bonjour Service Apple Inc. (Verified) Apple Inc. lsm.exe 516 2,148 K 3,528 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows jusched.exe 2988 1,020 K 3,820 K Java(TM) Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc. Dropbox.exe 2732 49,044 K 30,936 K Dropbox Dropbox, Inc. (Verified) Dropbox csrss.exe 348 1,868 K 3,632 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows audiodg.exe 940 15,408 K 14,608 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows armsvc.exe 1276 1,116 K 3,416 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
#30
Posted 25 June 2012 - 01:54 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I would uninstall the ask toolbar and its updater. You don't need it (it's foistware - you get it when you download other stuff) and it's using up a lot of CPU time. Then go into Firefox, Click on Firefox, then hover over Help until the new menu shows up then select Restart with Add-ons Disabled. Restart. When it starts up just hit Continue. See if you still have the redirect and also create a new Process Explorer log and post it.
Ron
Ron
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
