Hey all, I've been having some pretty nasty computer issues lately and was recommended this forum by a blog. I got hit by the "privacy protection virus" last night and I finally got it out of my system by this morning. The problem now is that something in the registry must be off or missing, I can't open any browser except for opera. I tried reinstalling firefox and safari multiple times. What ends up happening is the hour glass flashes a few times as if it is going to load nothing happens even though it does show up in the "processes" section in task manager as running. This also happened for google chrome, picassa, spybot search and destroy and photscape. I removed the virus ultimately with super antispyware and mbam but I also ran sophos antirootkit, ccleaner for registry fixes and tdss killer. I really hope someone out there can help me. Thanks. Here is the hijackthis log in case there is anything obvious missing or wrong: Edit, the forum wont allow me to post the log because no "external links or emails" allowed so I'll wait on that

Hello!

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

Here it is, I appreciate this a lot:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-06 23:59:10
-----------------------------
23:59:10.734 OS Version: Windows 5.1.2600 Service Pack 2
23:59:10.734 Number of processors: 1 586 0x3702
23:59:10.734 ComputerName: ACER-3B6299156D UserName: neil
23:59:11.687 Initialize success
23:59:12.265 AVAST engine defs: 11110901
23:59:19.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
23:59:19.234 Disk 0 Vendor: ST3200827AS 3.AAE Size: 190782MB BusType: 3
23:59:21.250 Disk 0 MBR read successfully
23:59:21.250 Disk 0 MBR scan
23:59:21.296 Disk 0 unknown MBR code
23:59:21.296 Disk 0 scanning sectors +390716865
23:59:21.359 Disk 0 scanning C:\WINDOWS\system32\drivers
23:59:28.234 Service scanning
23:59:29.312 Modules scanning
23:59:33.109 Disk 0 trace - called modules:
23:59:33.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:59:33.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b6ab8]
23:59:33.125 3 CLASSPNP.SYS[f75d105b] -> nt!IofCallDriver -> \Device\00000078[0x85887f18]
23:59:33.484 5 ACPI.sys[f7447620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8585b940]
23:59:33.968 AVAST engine scan C:\WINDOWS
23:59:36.359 AVAST engine scan C:\WINDOWS\system32
00:00:43.421 AVAST engine scan C:\WINDOWS\system32\drivers
00:00:50.406 AVAST engine scan C:\Documents and Settings\neil
00:06:41.968 AVAST engine scan C:\Documents and Settings\All Users
00:09:55.140 Scan finished successfully

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

• Double-click on MBRCheck.exe to run it.
  
• It will open a black window...please do not fix anything (if it gives you an option).
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  
• Please copy and paste the contents of that log in your next reply.

Thanks again.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007bc

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7A70000 \WINDOWS\system32\KDCOM.DLL
0xF7980000 \WINDOWS\system32\BOOTVID.dll
0xF7441000 ACPI.sys
0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7430000 pci.sys
0xF7570000 isapnp.sys
0xF7580000 ohci1394.sys
0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B38000 pciide.sys
0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75A0000 MountMgr.sys
0xF7411000 ftdisk.sys
0xF7A74000 dmload.sys
0xF73EB000 dmio.sys
0xF77F8000 PartMgr.sys
0xF75B0000 VolSnap.sys
0xF73D3000 atapi.sys
0xF75C0000 disk.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B4000 fltMgr.sys
0xF73A2000 sr.sys
0xF75E0000 PxHelp20.sys
0xF738B000 KSecDD.sys
0xF72FE000 Ntfs.sys
0xF72D1000 NDIS.sys
0xF72B6000 Mup.sys
0xF7610000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7710000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6C80000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6C6C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6C49000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7918000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7720000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7730000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7740000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6C26000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6B44000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF7920000 \SystemRoot\System32\Drivers\Modem.SYS
0xF67B5000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6791000 \SystemRoot\system32\drivers\portcls.sys
0xF7750000 \SystemRoot\system32\drivers\drmk.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6747000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6710000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7928000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7760000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7292000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7930000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF728E000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF66D4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7C77000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7AB0000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7938000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7940000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7770000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7282000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7780000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7790000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF66AC000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77A0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7948000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7950000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7958000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF667B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77B0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7960000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7968000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AB2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6647000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77D0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A2C000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7640000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF7838000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7ABA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C94000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ABC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7848000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7850000 \SystemRoot\System32\drivers\vga.sys
0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7858000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7860000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A48000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4008000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3FB0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7060000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3F88000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7868000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF3F66000 \SystemRoot\System32\drivers\afd.sys
0xF7050000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3F3F000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xF3F1D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7870000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF3EF2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3E83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7030000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3E62000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7020000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF66F4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7010000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7000000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF3D4D000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF3CDD000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF7888000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7900000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF3C42000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF406B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76C0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3C2A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B36000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4057000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7978000 \SystemRoot\System32\watchdog.sys
0xBE000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBE012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8DF4000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB8C5A000 \SystemRoot\system32\DRIVERS\irda.sys
0xB8CD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8B01000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB886C000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8A99000 \SystemRoot\system32\drivers\sysaudio.sys
0xB87F2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB86E9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB86B0000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xB8636000 \SystemRoot\system32\DRIVERS\srv.sys
0xB5445000 \??\C:\DOCUME~1\neil\LOCALS~1\Temp\aswMBR.sys
0xAF1E0000 \SystemRoot\system32\drivers\kmixer.sys
0xB8246000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
668 C:\WINDOWS\system32\smss.exe
736 csrss.exe
760 C:\WINDOWS\system32\winlogon.exe
804 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
972 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1376 svchost.exe
1752 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1768 C:\WINDOWS\explorer.exe
260 C:\WINDOWS\system32\spoolsv.exe
588 C:\WINDOWS\ehome\ehRecvr.exe
440 C:\WINDOWS\ehome\ehSched.exe
1096 C:\Program Files\CyberLink\Shared files\RichVideo.exe
384 svchost.exe
580 mcrdsvc.exe
992 C:\WINDOWS\system32\dllhost.exe
2288 C:\WINDOWS\system32\wscntfy.exe
2400 alg.exe
3972 C:\WINDOWS\ehome\ehtray.exe
1636 C:\WINDOWS\ehome\ehmsas.exe
1660 C:\WINDOWS\soundman.exe
496 ehRec.exe
620 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2096 C:\WINDOWS\sm56hlpr.exe
2104 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2132 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2468 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2216 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1720 C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
2948 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3020 C:\Program Files\OpenOffice.org 3\program\soffice.bin
1824 C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe
1172 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3144 C:\Program Files\Opera\opera.exe
3892 C:\Documents and Settings\neil\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`384c7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`d653be00 (FAT32)

PhysicalDrive0 Model Number: ST3200827AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
• Enter 'Y' and then press Enter.
  
• When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  
• Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  
• Enter 0 and press the Enter key.
  
• The program will show Available MBR codes followed by a list of operating systems as shown below:
  

  Available MBR codes:
  [ 0] Default (Windows XP)
  [ 1] Windows XP
  [ 2] Windows Server 2003
  [ 3] Windows Vista
  [ 4] Windows 2008
  [ 5] Windows 7
  [-1] Cancel
  Please select the MBR code to write to this drive:
  

• Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  
• When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  
• Left-click on the title bar (where program name and path is written).
  
• From the menu chose Edit -> Select All.
  
• Press the Enter key to copy selected text.
  
• Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  
• If your computer does not restart on its own, please restart it manually.
  

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

• Invalid Partition Table
  
• Missing Operating System
  
• Error loading operating system

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

• How to use the Recovery Console
• How to fix MBR in Windows XP and Vista

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

Wow, that worked like a charm, it felt like it barely did anything but after I rebooted everything is working again. I can't thank you enough. I was expecting the worst and backed up all my important files and redownloaded XP. Thank you very very much, you are a life saver my friend.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007bc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7A70000 \WINDOWS\system32\KDCOM.DLL
0xF7980000 \WINDOWS\system32\BOOTVID.dll
0xF7441000 ACPI.sys
0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7430000 pci.sys
0xF7570000 isapnp.sys
0xF7580000 ohci1394.sys
0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B38000 pciide.sys
0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75A0000 MountMgr.sys
0xF7411000 ftdisk.sys
0xF7A74000 dmload.sys
0xF73EB000 dmio.sys
0xF77F8000 PartMgr.sys
0xF75B0000 VolSnap.sys
0xF73D3000 atapi.sys
0xF75C0000 disk.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B4000 fltMgr.sys
0xF73A2000 sr.sys
0xF75E0000 PxHelp20.sys
0xF738B000 KSecDD.sys
0xF72FE000 Ntfs.sys
0xF72D1000 NDIS.sys
0xF72B6000 Mup.sys
0xF7610000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6C8A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6C76000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78F8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6C53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7900000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6C30000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6B4E000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF7908000 \SystemRoot\System32\Drivers\Modem.SYS
0xF67BF000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF675F000 \SystemRoot\system32\drivers\portcls.sys
0xF76F0000 \SystemRoot\system32\drivers\drmk.sys
0xF7A6C000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6715000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF66DE000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7700000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7292000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7918000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF728E000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF66A2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7CA3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7AB8000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7920000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7928000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7710000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7282000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF668B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7720000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7730000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF667A000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7740000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7938000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7940000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7948000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6649000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7790000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7950000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7958000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ABA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6615000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77A0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77B0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A30000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF704A000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF7ACA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C4C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ACC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7970000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7978000 \SystemRoot\System32\drivers\vga.sys
0xF7ACE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7838000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7840000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A50000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4012000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3FBA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF702A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3F92000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7848000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF3F70000 \SystemRoot\System32\drivers\afd.sys
0xF701A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3F49000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xF3F27000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7850000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF3EFC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3E8D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6FFA000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3E6C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6FEA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF3D57000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF3CE7000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF7870000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF3C9C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7868000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF4051000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7750000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7878000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF4045000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7760000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3C34000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AB0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A48000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7888000 \SystemRoot\System32\watchdog.sys
0xBE000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C74000 \SystemRoot\System32\drivers\dxgthk.sys
0xBE012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8DE0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB8C5A000 \SystemRoot\system32\DRIVERS\irda.sys
0xB8CE0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8B01000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB886C000 \SystemRoot\system32\drivers\wdmaud.sys
0xB88D9000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8612000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB84E1000 \SystemRoot\System32\Drivers\HTTP.sys
0xB84D0000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xB838E000 \SystemRoot\system32\DRIVERS\srv.sys
0xAFAE6000 \SystemRoot\system32\drivers\kmixer.sys
0xB89AD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
668 C:\WINDOWS\system32\smss.exe
744 csrss.exe
776 C:\WINDOWS\system32\winlogon.exe
824 C:\WINDOWS\system32\services.exe
836 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1404 svchost.exe
1724 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1788 C:\WINDOWS\explorer.exe
276 C:\WINDOWS\system32\spoolsv.exe
540 C:\WINDOWS\ehome\ehtray.exe
576 C:\WINDOWS\soundman.exe
584 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
600 C:\WINDOWS\sm56hlpr.exe
612 C:\Program Files\Common Files\Java\Java Update\jusched.exe
688 C:\Program Files\AVAST Software\Avast\AvastUI.exe
408 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1100 C:\WINDOWS\ehome\ehmsas.exe
1108 C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
1124 C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe
1308 C:\Program Files\OpenOffice.org 3\program\soffice.exe
1484 C:\Program Files\OpenOffice.org 3\program\soffice.bin
1468 C:\WINDOWS\ehome\ehRecvr.exe
1688 C:\WINDOWS\ehome\ehSched.exe
2076 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3252 svchost.exe
3364 mcrdsvc.exe
3808 C:\WINDOWS\system32\dllhost.exe
1324 C:\WINDOWS\system32\wscntfy.exe
484 alg.exe
3580 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
4064 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
368 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2316 C:\Program Files\Opera\opera.exe
3712 C:\Documents and Settings\neil\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`384c7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`d653be00 (FAT32)

PhysicalDrive0 Model Number: ST3200827AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

So I also had privacy protection pop up. I removed the file in safe mode (I think)
I can not connect to internet
(wireless or pluged in)
I can not open any of the MBR files listed above (a little black window pops up for 1 second then goes away)
I deleted my mawlware bytes and on a other computer downloaded the most up to date onto a flash drive and tryed to run but same result as above.

And also I am now getting a
0x7d4caa9b Referenced Memory At 0x00000010

The infected computer will no longer pull up the flash drive also.

What am I not doing or doing wrong???

Hi,


Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review