OK. Because Vista disk didn't come with your PC is there recovery partition on notebook you can access on boot? Try ALT+F10 or CTRL+F10 during the initial boot and let me know please.
Virus/malware preventing Windows updates
Started by
JCastaldi
, Dec 12 2010 12:03 PM
-
This topic is locked
#16
Posted 21 December 2010 - 12:45 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
OK. Because Vista disk didn't come with your PC is there recovery partition on notebook you can access on boot? Try ALT+F10 or CTRL+F10 during the initial boot and let me know please.
#17
Posted 21 December 2010 - 01:36 AM
JCastaldi
- Topic Starter
-
- Member
-
- 96 posts
Member
It has Recovery Management which gives me the option of restoring to factory original settings. From my research of "recovery partition" on ACER windows vista, that is what this seems to be referencing.
#18
Posted 21 December 2010 - 02:43 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Because you have recovery partition your MBR could be custom made. Let's try to find out. By the way....how is your system now?
- Run MBRCheck.exe
- Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
- Please push the 'Y' key and then press Enter
- When program ask you Enter your choice: enter 1 ( [1] Dump the MBR of a physical disk to file.) and press the Enter key
- Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
- Enter 0 and press the Enter key.
- The program will show Enter Filename to dump to:, write MBR.txt as filename
- The program will create MBR.txt file at the same directory where program is.
- Type -1 to exit MBRCheck
- Attach MBR.txt here for me please.
#19
Posted 21 December 2010 - 08:44 AM
JCastaldi
- Topic Starter
-
- Member
-
- 96 posts
Member
My system appears to be running normally. Here is the MBR.txt:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4315
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 161):
0x82809000 \SystemRoot\system32\ntkrnlpa.exe
0x82BC2000 \SystemRoot\system32\hal.dll
0x8060D000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80684000 \SystemRoot\system32\PSHED.dll
0x80695000 \SystemRoot\system32\BOOTVID.dll
0x8069D000 \SystemRoot\system32\CLFS.SYS
0x806DE000 \SystemRoot\system32\CI.dll
0x82E03000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E8C000 \SystemRoot\system32\drivers\acpi.sys
0x82ED2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EDB000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EE3000 \SystemRoot\system32\drivers\pci.sys
0x82F0A000 \SystemRoot\System32\drivers\partmgr.sys
0x82F19000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F1C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F26000 \SystemRoot\system32\drivers\volmgr.sys
0x82F35000 \SystemRoot\System32\drivers\volmgrx.sys
0x82F7F000 \SystemRoot\system32\drivers\intelide.sys
0x82F86000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82F94000 \SystemRoot\System32\drivers\mountmgr.sys
0x86A03000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x86ACA000 \SystemRoot\system32\drivers\atapi.sys
0x86AD2000 \SystemRoot\system32\drivers\ataport.SYS
0x86AF0000 \SystemRoot\system32\drivers\fltmgr.sys
0x86B22000 \SystemRoot\system32\drivers\fileinfo.sys
0x86B32000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x86B3B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86C07000 \SystemRoot\system32\drivers\ndis.sys
0x86D12000 \SystemRoot\system32\drivers\msrpc.sys
0x86D3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x86E07000 \SystemRoot\System32\drivers\tcpip.sys
0x86EF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87117000 \SystemRoot\system32\drivers\volsnap.sys
0x87150000 \SystemRoot\System32\Drivers\spldr.sys
0x87158000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8716A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x87173000 \SystemRoot\System32\Drivers\mup.sys
0x87182000 \SystemRoot\System32\drivers\ecache.sys
0x871A9000 \SystemRoot\system32\drivers\disk.sys
0x871BA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x871DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x871F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86FD3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86FDC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x86FEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A60C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8ACC7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AD68000 \SystemRoot\System32\drivers\watchdog.sys
0x8AD74000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AD7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ADBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE99000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8AEE5000 \SystemRoot\system32\DRIVERS\athr.sys
0x8AFD6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AFDA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AFED000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ADCC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8AFF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x86D78000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AFF9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8AFFB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x86D90000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x86DB1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x86BAC000 \SystemRoot\system32\DRIVERS\storport.sys
0x86FF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ADF8000 \SystemRoot\System32\Drivers\RootMdm.sys
0x86DE0000 \SystemRoot\system32\drivers\modem.sys
0x82FA4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x86DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82FBB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x86BED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82FDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x87000000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x86E00000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x807D3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B402000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B42C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B436000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B443000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B478000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BA0D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BBC2000 \SystemRoot\system32\drivers\portcls.sys
0x8B489000 \SystemRoot\system32\drivers\drmk.sys
0x8B4AE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8B4EB000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BC05000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BCB9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BCC2000 \SystemRoot\System32\Drivers\Null.SYS
0x8BCC9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BCD0000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x8BCE7000 \SystemRoot\System32\drivers\vga.sys
0x8BCF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BCFB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BD03000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BD0E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BD1C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BD25000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BD3B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8BD45000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD59000 \SystemRoot\system32\drivers\afd.sys
0x8BDA1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8BDA6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BDD8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BDEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x807E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BBEF000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8C60D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C649000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C653000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C6B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C6CC000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C6F3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8C71B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C728000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93EA0000 \SystemRoot\System32\win32k.sys
0x8C7EF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B5EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x940C0000 \SystemRoot\System32\TSDDD.dll
0x940E0000 \SystemRoot\System32\cdd.dll
0x94110000 \SystemRoot\System32\lmimirr.dll
0x94120000 \SystemRoot\System32\lmimirr2.dll
0x86F0C000 \SystemRoot\system32\drivers\luafv.sys
0x86F27000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8C7F9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x86F5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x86F6E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x86F98000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8E07000 \SystemRoot\system32\drivers\spsys.sys
0xA8EB7000 \SystemRoot\system32\drivers\HTTP.sys
0xA8F24000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA8F41000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA8F5A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA8F6F000 \SystemRoot\system32\drivers\mrxdav.sys
0xA8F90000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8FAF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8FE8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x86FAB000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD408000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD46E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAD470000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD486000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAD497000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xAD499000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xAD4A3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD4A7000 \SystemRoot\system32\drivers\peauth.sys
0xAD585000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD58F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD59B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAD5A3000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x84A01000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
0x84ACB000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
0x76F50000 \Windows\System32\ntdll.dll
Processes (total 81):
0 System Idle Process
4 System
440 C:\Windows\System32\smss.exe
508 csrss.exe
552 C:\Windows\System32\wininit.exe
560 csrss.exe
600 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
820 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\SLsvc.exe
1268 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\svchost.exe
1540 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1640 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
1696 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1820 C:\Windows\System32\dwm.exe
1844 C:\Windows\explorer.exe
2008 C:\Windows\RtHDVCpl.exe
2016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2024 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2032 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2040 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
116 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
236 C:\Program Files\Windows Sidebar\sidebar.exe
244 C:\Program Files\Windows Media Player\wmpnscfg.exe
684 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\taskeng.exe
1672 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\taskeng.exe
2568 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
2644 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
2672 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2684 aoltpspd.exe
2732 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
2756 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
2776 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2872 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2972 C:\Acer\Empowering Technology\eNet\eNet Service.exe
3024 C:\Windows\System32\svchost.exe
3052 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3168 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3188 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
3236 C:\Program Files\LogMeIn\x86\ramaint.exe
3248 C:\Program Files\LogMeIn\x86\LogMeIn.exe
3340 C:\Acer\Mobility Center\MobilityService.exe
3368 C:\Windows\System32\svchost.exe
3456 C:\Windows\System32\svchost.exe
3584 C:\Windows\System32\svchost.exe
3636 C:\Windows\System32\svchost.exe
3676 C:\Windows\System32\svchost.exe
3720 C:\Windows\System32\SearchIndexer.exe
3884 C:\Windows\System32\drivers\XAudio.exe
3916 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
3968 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
4016 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2112 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2480 WmiPrvSE.exe
3604 unsecapp.exe
2456 C:\Users\Debbie\AppData\Local\temp\RtkBtMnt.exe
2452 C:\Program Files\Windows Sidebar\sidebar.exe
4124 C:\PROGRA~1\COMMON~1\AOL\124915~1\EE\AOLHOS~1.EXE
4148 C:\Program Files\Common Files\AOL\1249151987\EE\AOLServiceHost.exe
4272 C:\Program Files\Mozilla Firefox\firefox.exe
4924 C:\Program Files\Mozilla Firefox\plugin-container.exe
5276 C:\Program Files\Windows Media Player\wmpnetwk.exe
5784 C:\Windows\System32\svchost.exe
2668 C:\Windows\System32\wbem\unsecapp.exe
5884 C:\Windows\servicing\TrustedInstaller.exe
5988 C:\Windows\System32\VSSVC.exe
3776 C:\Windows\System32\svchost.exe
3756 WmiPrvSE.exe
6052 C:\Windows\System32\wsqmcons.exe
4332 C:\Users\Debbie\Desktop\Computer Fix\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`89a00000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK8037GSX, Rev: DL250J
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: MV\BR.txtError opening output file (0)!
Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: MBR.txtDumped successfully!
Enter the physical disk number to dump (0-99, -1 to exit): -1
Done!
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4315
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 161):
0x82809000 \SystemRoot\system32\ntkrnlpa.exe
0x82BC2000 \SystemRoot\system32\hal.dll
0x8060D000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80684000 \SystemRoot\system32\PSHED.dll
0x80695000 \SystemRoot\system32\BOOTVID.dll
0x8069D000 \SystemRoot\system32\CLFS.SYS
0x806DE000 \SystemRoot\system32\CI.dll
0x82E03000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E8C000 \SystemRoot\system32\drivers\acpi.sys
0x82ED2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EDB000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EE3000 \SystemRoot\system32\drivers\pci.sys
0x82F0A000 \SystemRoot\System32\drivers\partmgr.sys
0x82F19000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F1C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F26000 \SystemRoot\system32\drivers\volmgr.sys
0x82F35000 \SystemRoot\System32\drivers\volmgrx.sys
0x82F7F000 \SystemRoot\system32\drivers\intelide.sys
0x82F86000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82F94000 \SystemRoot\System32\drivers\mountmgr.sys
0x86A03000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x86ACA000 \SystemRoot\system32\drivers\atapi.sys
0x86AD2000 \SystemRoot\system32\drivers\ataport.SYS
0x86AF0000 \SystemRoot\system32\drivers\fltmgr.sys
0x86B22000 \SystemRoot\system32\drivers\fileinfo.sys
0x86B32000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x86B3B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86C07000 \SystemRoot\system32\drivers\ndis.sys
0x86D12000 \SystemRoot\system32\drivers\msrpc.sys
0x86D3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x86E07000 \SystemRoot\System32\drivers\tcpip.sys
0x86EF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87117000 \SystemRoot\system32\drivers\volsnap.sys
0x87150000 \SystemRoot\System32\Drivers\spldr.sys
0x87158000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8716A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x87173000 \SystemRoot\System32\Drivers\mup.sys
0x87182000 \SystemRoot\System32\drivers\ecache.sys
0x871A9000 \SystemRoot\system32\drivers\disk.sys
0x871BA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x871DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x871F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86FD3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86FDC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x86FEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A60C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8ACC7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AD68000 \SystemRoot\System32\drivers\watchdog.sys
0x8AD74000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AD7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ADBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE99000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8AEE5000 \SystemRoot\system32\DRIVERS\athr.sys
0x8AFD6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AFDA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AFED000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ADCC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8AFF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x86D78000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AFF9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8AFFB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x86D90000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x86DB1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x86BAC000 \SystemRoot\system32\DRIVERS\storport.sys
0x86FF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ADF8000 \SystemRoot\System32\Drivers\RootMdm.sys
0x86DE0000 \SystemRoot\system32\drivers\modem.sys
0x82FA4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x86DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82FBB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x86BED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82FDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x87000000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x86E00000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x807D3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B402000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B42C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B436000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B443000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B478000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BA0D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BBC2000 \SystemRoot\system32\drivers\portcls.sys
0x8B489000 \SystemRoot\system32\drivers\drmk.sys
0x8B4AE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8B4EB000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BC05000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BCB9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BCC2000 \SystemRoot\System32\Drivers\Null.SYS
0x8BCC9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BCD0000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x8BCE7000 \SystemRoot\System32\drivers\vga.sys
0x8BCF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BCFB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BD03000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BD0E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BD1C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BD25000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BD3B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8BD45000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD59000 \SystemRoot\system32\drivers\afd.sys
0x8BDA1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8BDA6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BDD8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BDEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x807E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BBEF000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8C60D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C649000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C653000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C6B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C6CC000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C6F3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8C71B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C728000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93EA0000 \SystemRoot\System32\win32k.sys
0x8C7EF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B5EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x940C0000 \SystemRoot\System32\TSDDD.dll
0x940E0000 \SystemRoot\System32\cdd.dll
0x94110000 \SystemRoot\System32\lmimirr.dll
0x94120000 \SystemRoot\System32\lmimirr2.dll
0x86F0C000 \SystemRoot\system32\drivers\luafv.sys
0x86F27000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8C7F9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x86F5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x86F6E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x86F98000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8E07000 \SystemRoot\system32\drivers\spsys.sys
0xA8EB7000 \SystemRoot\system32\drivers\HTTP.sys
0xA8F24000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA8F41000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA8F5A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA8F6F000 \SystemRoot\system32\drivers\mrxdav.sys
0xA8F90000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8FAF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8FE8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x86FAB000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD408000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD46E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAD470000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD486000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAD497000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xAD499000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xAD4A3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD4A7000 \SystemRoot\system32\drivers\peauth.sys
0xAD585000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD58F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD59B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAD5A3000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x84A01000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
0x84ACB000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
0x76F50000 \Windows\System32\ntdll.dll
Processes (total 81):
0 System Idle Process
4 System
440 C:\Windows\System32\smss.exe
508 csrss.exe
552 C:\Windows\System32\wininit.exe
560 csrss.exe
600 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
820 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\SLsvc.exe
1268 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\svchost.exe
1540 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1640 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
1696 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1820 C:\Windows\System32\dwm.exe
1844 C:\Windows\explorer.exe
2008 C:\Windows\RtHDVCpl.exe
2016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2024 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2032 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2040 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
116 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
236 C:\Program Files\Windows Sidebar\sidebar.exe
244 C:\Program Files\Windows Media Player\wmpnscfg.exe
684 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\taskeng.exe
1672 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\taskeng.exe
2568 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
2644 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
2672 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2684 aoltpspd.exe
2732 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
2756 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
2776 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2872 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2972 C:\Acer\Empowering Technology\eNet\eNet Service.exe
3024 C:\Windows\System32\svchost.exe
3052 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3168 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3188 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
3236 C:\Program Files\LogMeIn\x86\ramaint.exe
3248 C:\Program Files\LogMeIn\x86\LogMeIn.exe
3340 C:\Acer\Mobility Center\MobilityService.exe
3368 C:\Windows\System32\svchost.exe
3456 C:\Windows\System32\svchost.exe
3584 C:\Windows\System32\svchost.exe
3636 C:\Windows\System32\svchost.exe
3676 C:\Windows\System32\svchost.exe
3720 C:\Windows\System32\SearchIndexer.exe
3884 C:\Windows\System32\drivers\XAudio.exe
3916 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
3968 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
4016 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2112 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2480 WmiPrvSE.exe
3604 unsecapp.exe
2456 C:\Users\Debbie\AppData\Local\temp\RtkBtMnt.exe
2452 C:\Program Files\Windows Sidebar\sidebar.exe
4124 C:\PROGRA~1\COMMON~1\AOL\124915~1\EE\AOLHOS~1.EXE
4148 C:\Program Files\Common Files\AOL\1249151987\EE\AOLServiceHost.exe
4272 C:\Program Files\Mozilla Firefox\firefox.exe
4924 C:\Program Files\Mozilla Firefox\plugin-container.exe
5276 C:\Program Files\Windows Media Player\wmpnetwk.exe
5784 C:\Windows\System32\svchost.exe
2668 C:\Windows\System32\wbem\unsecapp.exe
5884 C:\Windows\servicing\TrustedInstaller.exe
5988 C:\Windows\System32\VSSVC.exe
3776 C:\Windows\System32\svchost.exe
3756 WmiPrvSE.exe
6052 C:\Windows\System32\wsqmcons.exe
4332 C:\Users\Debbie\Desktop\Computer Fix\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`89a00000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK8037GSX, Rev: DL250J
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: MV\BR.txtError opening output file (0)!
Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: MBR.txtDumped successfully!
Enter the physical disk number to dump (0-99, -1 to exit): -1
Done!
#20
Posted 21 December 2010 - 12:42 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hi JCastaldi,
OK. Can you update Malwarebytes and run scan? If you can please post the log of the scan.
OK. Can you update Malwarebytes and run scan? If you can please post the log of the scan.
#21
Posted 21 December 2010 - 04:08 PM
JCastaldi
- Topic Starter
-
- Member
-
- 96 posts
Member
The Malwarebytes scan came up clean.
Here's the Malwarebytes scan log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5367
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
12/21/2010 1:08:12 PM
mbam-log-2010-12-21 (13-08-12).txt
Scan type: Full scan (C:\|)
Objects scanned: 245729
Time elapsed: 57 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here's the Malwarebytes scan log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5367
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
12/21/2010 1:08:12 PM
mbam-log-2010-12-21 (13-08-12).txt
Scan type: Full scan (C:\|)
Objects scanned: 245729
Time elapsed: 57 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#22
Posted 22 December 2010 - 12:06 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hi JCastaldi,
Good Job! Your last OTL log was clean too. How is your system now? Any problems?
Good Job! Your last OTL log was clean too. How is your system now? Any problems?
#23
Posted 22 December 2010 - 09:11 AM
JCastaldi
- Topic Starter
-
- Member
-
- 96 posts
Member
It appears that the system is running problem-free and seems faster than pre-infection. There is only one issue which is not really a problem--only an annoyance. Since running the cleaning programs, I started to receive the following error message when re-booting (pops up 2x and I must hit cancel 2x): "waol.exe--unable to locate component. This application has failed to start because jgaw400.dll was not found. Re-installing the application may solve the problem."
Now I am getting this message only on starting the AOL program. However, AOL starts and acts normal, as it always has done before, during and after the cleaning process. I'm sure I can resolve this by reinstalling AOL which is not a big deal.
Thanks for the great work and advice. When (if) I have a future malware/virus problem, I hope I am fortunate to get assigned to you. Happy Holidays!
Now I am getting this message only on starting the AOL program. However, AOL starts and acts normal, as it always has done before, during and after the cleaning process. I'm sure I can resolve this by reinstalling AOL which is not a big deal.
Thanks for the great work and advice. When (if) I have a future malware/virus problem, I hope I am fortunate to get assigned to you. Happy Holidays!
#24
Posted 22 December 2010 - 02:44 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hi JCastaldi,
Combofix removed this file because it was infected. Please reinstall your application and that is best way to stay safe at this moment.
You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.
Step 1
Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.
General recommendations
Here are some recommendations you should follow to minimize infection risk in the future:
1. Enable Windows Update
2. Delete Temp files
Download TFC to your desktop
3. Make Backups of Important Files
Please read this article Home Computer Data Backup.
4. Regularly update your software
To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.
You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
Combofix removed this file because it was infected. Please reinstall your application and that is best way to stay safe at this moment.
You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.
Step 1
Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.
General recommendations
Here are some recommendations you should follow to minimize infection risk in the future:
1. Enable Windows Update
- Click Start, click Run, type sysdm.cpl, and then press ENTER.
- Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
- Click OK button
2. Delete Temp files
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
3. Make Backups of Important Files
Please read this article Home Computer Data Backup.
4. Regularly update your software
To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.
You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
#25
Posted 28 December 2010 - 10:16 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
