Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Totally lost and need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Totally lost and need help

Unread postby Mel Adjusted » January 11th, 2011, 9:15 am

OK I downloaded Rootkit Unhooker to my desk top and clicked on it to run it. Nothing happened so I rebooted my computer and tried it again and let it run 8 hours and still nothing... What next?
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm
Advertisement
Register to Remove

Re: Totally lost and need help

Unread postby deltalima » January 11th, 2011, 9:27 am

Hi Mel Adjusted,

My Comodo said I had a virus..TrojWare32.TrojanProxy.Horse~0@25568469.. So I shut my computer off and tried to reboot in safe mode and it wont allow me to boot in safe mode


Did Comodo say that it had remove the virus?

Can you now boot into Safe mode?

Are there any other symptoms?

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 11th, 2011, 9:54 pm

Here's what my ESET scan found.......
G:\Documents and Settings\K. Albert 2\My Documents\Downloads\Internet Connection Optimization Software - TweakMaster Pro v. 3.04.r3127 {numberone}\TweakMaster Pro v. 3.04.zip probably a variant of Win32/HackTool.Patcher.A application
G:\Documents and Settings\K. Albert 2\Local Settings\temp\1111 a variant of Win32/TrojanDownloader.Fosniw.AH trojan
G:\Documents and Settings\K. Albert 2\My Documents\Downloads\Zemana AntiLogger v1.9.2.205.rar a variant of Win32/Keygen.AN application
G:\System Volume Information\_restore{E6254C3E-FE19-4532-B2DA-C044DE707783}(2)\RP262\A0094580.exe a variant of Win32/Adware.Kraddare.P application
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 12th, 2011, 3:49 am

Did Comodo say that it had remove the virus?

Can you now boot into Safe mode?

Are there any other symptoms?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 12th, 2011, 5:14 am

Comodo said I had to reboot to remove the virus I was going to reboot in safe mode and run Comodo again but couldn't get into safe mode.
Sometimes my keyboard wont type I've installed a new one but have the same problem
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 12th, 2011, 7:18 am

Can you get into safe mode OK now?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 12th, 2011, 11:49 pm

No..... I can't get into Safe Mode
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 13th, 2011, 4:42 am

Hi Mel Adjusted,

I tried to run the GMER in Normal mode and Safe mode and it wouldn't let ne run it...


From that I assumed that you had managed to boot into safe mode.

No..... I can't get into Safe Mode


Please describe exactly what happens when you attempt to boot into safe mode.

Please uninstall
Java(TM) 6 Update 7

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    @Alternate Data Stream - 190 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
    @Alternate Data Stream - 100 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
    :files
    G:\Documents and Settings\K. Albert 2\Local Settings\temp\1111
    G:\Documents and Settings\K. Albert 2\My Documents\Downloads\Zemana AntiLogger v1.9.2.205.rar
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please describe any other symptoms shown by the computer.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 13th, 2011, 2:23 pm

When I try to boo into Safe Mode It hilites "Normal Mode" and won't allow me to hilite "Safe Mode". It's like stuck on "Normal Mode".

All processes killed
========== OTL ==========
ADS G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS G:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
ADS G:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1 deleted successfully.
========== FILES ==========
G:\Documents and Settings\K. Albert 2\Local Settings\temp\1111 moved successfully.
G:\Documents and Settings\K. Albert 2\My Documents\Downloads\Zemana AntiLogger v1.9.2.205.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: K. Albert 2
->Temp folder emptied: 90393334 bytes
->Temporary Internet Files folder emptied: 5111610 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91504733 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 28115 bytes

User: K6575~1~ALB

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 13th, 2011, 4:21 pm

Hi Mel Adjusted,

Is the keyboard USB or PS2?

RootRepeal - Rootkit Detector

  • Download RootRepeal from the following location and save it to your desktop.
  • Unzip it to your Desktop
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • Check the box for your main system drive (Usually C:), and Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 13th, 2011, 8:56 pm

I have both and the one I'm using now is PS2.....
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/01/13 16:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: G:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAD4C2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine
Status: Locked to the Windows API!

Path: \\?\G:\Program Files\COMODO\COMODO Internet Security\Quarantine\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001086.exe
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001086.exe.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001087.exe
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001087.exe.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001088.exe
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0001088.exe.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0080904.exe
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0080904.exe.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\DUMeter.exe
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\DUMeter.exe.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\FFF - Your Uninstaller! 2008 6.1.1231 KeyGen.exe
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\FFF - Your Uninstaller! 2008 6.1.1231 KeyGen.exe.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d23
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d23.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d46
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Lampllc-msn-com.5d46.info
Status: Invisible to the Windows API!

Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp
Status: Invisible to the Windows API!

Path: \\?\G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd
Status: Invisible to the Windows API!

Path: \\?\G:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\*
Status: Could not enumerate files with the Windows API (0x00000005)!


SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c80a

#: 031 Function Name: NtConnectPort
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198bd8a

#: 037 Function Name: NtCreateFile
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c470

#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf744ba1c

#: 046 Function Name: NtCreatePort
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198bc66

#: 050 Function Name: NtCreateSection
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198f13c

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198f4c2

#: 053 Function Name: NtCreateThread
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b652

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf744bc10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf744bcb6

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b458

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198d7bc

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198da12

#: 097 Function Name: NtLoadDriver
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198eb4c

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c052

#: 116 Function Name: NtOpenFile
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c64c

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf744b90c

#: 122 Function Name: NtOpenProcess
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b086

#: 125 Function Name: NtOpenSection
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c2f6

#: 128 Function Name: NtOpenThread
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b28a

#: 160 Function Name: NtQueryKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198dc20

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198e074

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198de32

#: 192 Function Name: NtRenameKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198d5d4

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198e5e4

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198e898

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198ce46

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198ee44

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf744be52

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198bfbc

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198c1e2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf744db30

#: 258 Function Name: NtTerminateThread
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb198b856

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb19916e4

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991f90

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991824

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991e4a

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991970

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991ab0

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb199155c

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb19905a4

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991202

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991bf6

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990f4a

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb199109e

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990bd4

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb19902a0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb199085e

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990a18

#: 490 Function Name: NtUserRegisterHotKey
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991d1a

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991366

#: 502 Function Name: NtUserSendInput
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990ddc

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991464

#: 529 Function Name: NtUserSetParent
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990430

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1991fce

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1992264

#: 559 Function Name: NtUserSystemParametersInfo
Status: Hooked by "G:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1990742

==EOF==

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000f0

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798D000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltMgr.sys
0xF7468000 sr.sys
0xF7457000 TfFsMon.sys
0xF7446000 TfSysMon.sys
0xF742F000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7419000 inspect.sys
0xF786A000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xF7717000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xF7850000 Mup.sys
0xF782C000 DeepFrz.sys
0xBAF4B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7667000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA357000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xBA343000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA31F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA301000 \SystemRoot\system32\DRIVERS\e1000325.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7677000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7687000 \SystemRoot\system32\DRIVERS\serial.sys
0xBAF47000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA2ED000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7697000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2D5000 \SystemRoot\system32\drivers\DVDHlp.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA2B2000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA22E000 \SystemRoot\system32\drivers\smwdm.sys
0xBA20A000 \SystemRoot\system32\drivers\portcls.sys
0xF76C7000 \SystemRoot\system32\drivers\drmk.sys
0xF79C1000 \SystemRoot\system32\drivers\aeaudio.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAAE5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBAF3F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA1F3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAAD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAAC5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA1E2000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAAB5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1B2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAAA5000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7817000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79C3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA12C000 \SystemRoot\system32\DRIVERS\update.sys
0xBAF27000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBAFC4000 \SystemRoot\system32\drivers\WmBEnum.sys
0xBAA95000 \SystemRoot\system32\drivers\WmXlCore.sys
0xBAA85000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBAA65000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79C5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBAF6B000 \SystemRoot\System32\DRIVERS\cmderd.sys
0xB1982000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA1A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA192000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7A09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB078F000 \SystemRoot\System32\Drivers\Null.SYS
0xF798F000 \SystemRoot\System32\Drivers\Beep.SYS
0xB1C0A000 \SystemRoot\system32\DRIVERS\Amfilter.sys
0xB1C02000 \SystemRoot\System32\drivers\vga.sys
0xF7991000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7993000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB1BFA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB1BF2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA118000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAFDB9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAFD60000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1BEA000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xAFD3A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAFD02000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xAFCC8000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB1D6E000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
0xAFCA0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB1BE2000 \SystemRoot\system32\DRIVERS\myWIFIzone.sys
0xAFC7E000 \SystemRoot\System32\drivers\afd.sys
0xB1D5E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB1D4E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xADC52000 \??\H:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xAE314000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xADC34000 \SystemRoot\System32\Drivers\usbvideo.sys
0xAE442000 \??\H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xADC09000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xADB99000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE304000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE43A000 \SystemRoot\system32\drivers\copyhddvdhlp.sys
0xB195C000 \SystemRoot\System32\Drivers\BANTExt.sys
0xADB79000 \SystemRoot\System32\Drivers\avgldx86.sys
0xAE2D4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE112000 \SystemRoot\System32\drivers\Dxapi.sys
0xAE42A000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xB1546000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E4000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D6000 \SystemRoot\System32\ialmrnt5.dll
0xBFA03000 \SystemRoot\System32\ialmdev5.DLL
0xBFA22000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xADB68000 \SystemRoot\system32\DRIVERS\thdudf.sys
0xADB57000 \SystemRoot\System32\Drivers\Udfs.SYS
0xAE80B000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xAE807000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAF409000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADA02000 \SystemRoot\system32\drivers\wdmaud.sys
0xB177E000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79BD000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAD7CA000 \SystemRoot\system32\DRIVERS\srv.sys
0xAD61A000 \??\G:\WINDOWS\system32\drivers\TfNetMon.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
1008 G:\WINDOWS\system32\smss.exe
1072 G:\WINDOWS\system32\csrss.exe
1096 G:\WINDOWS\system32\winlogon.exe
1140 G:\WINDOWS\system32\services.exe
1152 G:\WINDOWS\system32\lsass.exe
1312 G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
1324 G:\WINDOWS\system32\svchost.exe
1388 G:\WINDOWS\system32\svchost.exe
1476 G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1552 G:\WINDOWS\system32\svchost.exe
1680 G:\WINDOWS\system32\svchost.exe
1944 G:\WINDOWS\system32\LEXBCES.EXE
1968 G:\WINDOWS\system32\spoolsv.exe
1988 G:\WINDOWS\system32\LEXPPS.EXE
464 G:\WINDOWS\explorer.exe
1452 G:\Program Files\AVG\AVGLS9\avgwdsvc.exe
1700 G:\WINDOWS\system32\svchost.exe
1756 G:\Program Files\Common Files\Nuance\dgnsvc.exe
1888 G:\Program Files\DU Meter\DUMeterSvc.exe
632 G:\Program Files\Java\jre6\bin\jqs.exe
772 G:\Program Files\Maxtor\Sync\SyncServices.exe
868 G:\Program Files\AVG\AVGLS9\avgnsx.exe
716 G:\WINDOWS\system32\PnkBstrA.exe
1836 G:\WINDOWS\system32\PnkBstrB.exe
2072 G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2220 H:\Program Files\ThreatFire\TFService.exe
2328 G:\Program Files\Webroot\Washer\WasherSvc.exe
2900 G:\WINDOWS\system32\alg.exe
2500 G:\Program Files\new folder\Update\realsched.exe
1204 H:\Program Files\ThreatFire\TFTray.exe
644 G:\Program Files\Softwin\BitDefender10\bdagent.exe
2884 G:\PROGRA~1\AVG\AVGLS9\avgtray.exe
3880 G:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
3912 G:\WINDOWS\system32\ctfmon.exe
1896 G:\WINDOWS\system32\svchost.exe
5756 G:\WINDOWS\system32\notepad.exe
3440 G:\Documents and Settings\K. Albert 2\Desktop\MBRCheck.exe

\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLAT20, Rev: PF2OA21B
PhysicalDrive1 Model Number: WDCWD2500JB-50FUA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 14th, 2011, 4:44 am

Hi Mel Adjusted,

Not a Malware Issue
Your problem does not appear to be "malware" related. The Malware Removal forum deals with removing malware.
I suggest you try a PC troubleshooting forum. Links for some are provided below.
These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
Registration is free, it only takes a few minutes. :)
The Elder Geek on Windows
BleepingComputer.com
WhattheTech...formerly TomCoyote

If you have any questions or require additional malware help, please let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Mel Adjusted » January 14th, 2011, 5:06 am

Thank you very much for your time and that is a relief to hear....
User avatar
Mel Adjusted
Regular Member
 
Posts: 29
Joined: February 10th, 2008, 7:56 pm

Re: Totally lost and need help

Unread postby deltalima » January 14th, 2011, 5:11 am

You're welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Totally lost and need help

Unread postby Cypher » January 14th, 2011, 7:00 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware