Cobra Pleeskin
2011-05-13, 03:01
Good evening/mornig,
running Spybot I realized my PC was infected with Click.GiftLoad and it delete it but after the reboot of the PC the malware is always there.
Looking at other posts on this forum I have done the logs:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-12 21:25:02
-----------------------------
21:25:02.339 OS Version: Windows 5.1.2600 Service Pack 3
21:25:02.339 Number of processors: 4 586 0x170A
21:25:02.339 ComputerName: PAPA UserName:
21:25:05.151 Initialize success
21:25:08.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:25:08.933 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
21:25:08.933 Device \Driver\atapi -> DriverStartIo 8af8c31b
21:25:08.948 Disk 0 MBR read error 0
21:25:08.948 Disk 0 MBR scan
21:25:08.948 Disk 0 unknown MBR code
21:25:08.948 MBR BIOS signature not found 0
21:25:08.948 Disk 0 scanning sectors +976752000
21:25:08.948 Disk 0 scanning C:\WINDOWS\system32\drivers
21:25:15.417 Service scanning
21:25:16.230 Disk 0 trace - called modules:
21:25:16.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af8c4d0]<<
21:25:16.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afc2ab8]
21:25:16.230 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\00000066[0x8afd59e8]
21:25:16.558 5 ACPI.sys[b7e5b620] -> nt!IofCallDriver -> [0x8b03bd98]
21:25:16.558 \Driver\atapi[0x8afbfef8] -> IRP_MJ_CREATE -> 0x8af8c4d0
21:25:16.574 Scan finished successfully
21:25:35.356 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Enrico\Desktop\MBR.dat"
21:25:35.372 The log file has been saved successfully to "C:\Documents and Settings\Enrico\Desktop\aswMBR.txt"
[B]GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-13 02:32:35
Windows 5.1.2600 Service Pack 3
Running: 67zu777q.exe; Driver: C:\DOCUME~1\Enrico\IMPOST~1\Temp\pxtdapow.sys
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\DRIVERS\vdrv9000.sys (*** hidden *** ) [SYSTEM] vdrv9000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b1000039b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b1000039b@68ebae410232 0xA8 0x88 0x03 0xF2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001f81000100 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Tag 33
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0001
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b1000039b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b1000039b@68ebae410232 0xA8 0x88 0x03 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000100 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Tag 33
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0001
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000039b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000039b@68ebae410232 0xA8 0x88 0x03 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000100
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Tag 33
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0001
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ...
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000ffd
Kernel Drivers (total 96):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0x8ADA4000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF74CA000 sptd.sys
0xF7987000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74B2000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7484000 ACPI.sys
0xF7473000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7868000 ftdisk.sys
0xF7989000 dmload.sys
0xF7842000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF782A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7955000 sr.sys
0xF7A38000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A0B000 NDIS.sys
0xF7B38000 Mup.sys
0xB816C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7777000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8148000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8114000 \SystemRoot\system32\DRIVERS\RT2500.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7453000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7443000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7433000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7423000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB80F1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7413000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB82A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB80DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7403000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7887000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB80C9000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8260000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7737000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8049000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8250000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB7F64000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF7993000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7EE7000 \SystemRoot\system32\DRIVERS\update.sys
0xB8270000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7EAC000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xB8240000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8230000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB81C6000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xB80C1000 \SystemRoot\System32\drivers\vga.sys
0xB5D0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB80A1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8091000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB803D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5CD8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5C7F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5C59000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5C31000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5BB1000 \SystemRoot\System32\vsdatant.sys
0xB5B8F000 \SystemRoot\System32\drivers\afd.sys
0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5B64000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB5AF4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF781F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF76A7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5AB4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79D9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5D2B000 \SystemRoot\System32\drivers\Dxapi.sys
0xB80B9000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AB1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\ATMFD.DLL
0xB5766000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB532A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB52B6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBFF70000 \SystemRoot\System32\framebuf.dll
0xB4BA5000 \??\C:\DOCUME~1\Enrico\IMPOST~1\Temp\pxtdapow.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 19):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
732 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1208 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1340 svchost.exe
1440 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
696 C:\WINDOWS\explorer.exe
1992 C:\Documents and Settings\Enrico\Desktop\67zu777q.exe
484 csrss.exe
524 C:\WINDOWS\system32\winlogon.exe
1736 explorer.exe
1000 C:\Documents and Settings\Enrico\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000030`d3cbae00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000055`72a41200 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3500418AS, Rev: CC34
PhysicalDrive1 Model Number: TOSHIBAMK1646GSX, Rev:
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 503FD2CC6F3632B90CEC9C763A09B1AF1755FCD5
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 25BA9A98E9E3CCF0001B0CCA90A62851FBE2F9CD
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
I don't use the PC for banking transfer or tu buy online with credit cards (I have a Linux system for this) then there are not problems at all.
Using GMER I could not check Show All because the area was light grey and without the possibility to change it, I had to use it in safe mode because in normal mode the PC rebooted more times during the scan.
I thank everybody for the help and the nice work you are doing on this forum.
running Spybot I realized my PC was infected with Click.GiftLoad and it delete it but after the reboot of the PC the malware is always there.
Looking at other posts on this forum I have done the logs:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-12 21:25:02
-----------------------------
21:25:02.339 OS Version: Windows 5.1.2600 Service Pack 3
21:25:02.339 Number of processors: 4 586 0x170A
21:25:02.339 ComputerName: PAPA UserName:
21:25:05.151 Initialize success
21:25:08.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:25:08.933 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
21:25:08.933 Device \Driver\atapi -> DriverStartIo 8af8c31b
21:25:08.948 Disk 0 MBR read error 0
21:25:08.948 Disk 0 MBR scan
21:25:08.948 Disk 0 unknown MBR code
21:25:08.948 MBR BIOS signature not found 0
21:25:08.948 Disk 0 scanning sectors +976752000
21:25:08.948 Disk 0 scanning C:\WINDOWS\system32\drivers
21:25:15.417 Service scanning
21:25:16.230 Disk 0 trace - called modules:
21:25:16.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af8c4d0]<<
21:25:16.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afc2ab8]
21:25:16.230 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\00000066[0x8afd59e8]
21:25:16.558 5 ACPI.sys[b7e5b620] -> nt!IofCallDriver -> [0x8b03bd98]
21:25:16.558 \Driver\atapi[0x8afbfef8] -> IRP_MJ_CREATE -> 0x8af8c4d0
21:25:16.574 Scan finished successfully
21:25:35.356 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Enrico\Desktop\MBR.dat"
21:25:35.372 The log file has been saved successfully to "C:\Documents and Settings\Enrico\Desktop\aswMBR.txt"
[B]GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-13 02:32:35
Windows 5.1.2600 Service Pack 3
Running: 67zu777q.exe; Driver: C:\DOCUME~1\Enrico\IMPOST~1\Temp\pxtdapow.sys
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\DRIVERS\vdrv9000.sys (*** hidden *** ) [SYSTEM] vdrv9000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b1000039b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001b1000039b@68ebae410232 0xA8 0x88 0x03 0xF2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001f81000100 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000@Tag 33
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0001
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b1000039b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b1000039b@68ebae410232 0xA8 0x88 0x03 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000100 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000@Tag 33
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0001
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000039b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000039b@68ebae410232 0xA8 0x88 0x03 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000100
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV9000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ImagePath system32\DRIVERS\vdrv9000.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000@Tag 33
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum@0 Root\SCSIADAPTER\0001
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv9000\security@Security 0x01 0x00 0x14 0x80 ...
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000ffd
Kernel Drivers (total 96):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0x8ADA4000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF74CA000 sptd.sys
0xF7987000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74B2000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7484000 ACPI.sys
0xF7473000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7868000 ftdisk.sys
0xF7989000 dmload.sys
0xF7842000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF782A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7955000 sr.sys
0xF7A38000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A0B000 NDIS.sys
0xF7B38000 Mup.sys
0xB816C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7777000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8148000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8114000 \SystemRoot\system32\DRIVERS\RT2500.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7453000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7443000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7433000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7423000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB80F1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7413000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB82A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB80DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7403000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7887000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB80C9000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8260000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7737000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8049000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8250000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB7F64000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF7993000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7EE7000 \SystemRoot\system32\DRIVERS\update.sys
0xB8270000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7EAC000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xB8240000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8230000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB81C6000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xB80C1000 \SystemRoot\System32\drivers\vga.sys
0xB5D0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB80A1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8091000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB803D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5CD8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5C7F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5C59000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5C31000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB5BB1000 \SystemRoot\System32\vsdatant.sys
0xB5B8F000 \SystemRoot\System32\drivers\afd.sys
0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5B64000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB5AF4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF781F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF76A7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5AB4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79D9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5D2B000 \SystemRoot\System32\drivers\Dxapi.sys
0xB80B9000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AB1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\ATMFD.DLL
0xB5766000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB532A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB52B6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBFF70000 \SystemRoot\System32\framebuf.dll
0xB4BA5000 \??\C:\DOCUME~1\Enrico\IMPOST~1\Temp\pxtdapow.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 19):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
732 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1208 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1340 svchost.exe
1440 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
696 C:\WINDOWS\explorer.exe
1992 C:\Documents and Settings\Enrico\Desktop\67zu777q.exe
484 csrss.exe
524 C:\WINDOWS\system32\winlogon.exe
1736 explorer.exe
1000 C:\Documents and Settings\Enrico\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000030`d3cbae00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000055`72a41200 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3500418AS, Rev: CC34
PhysicalDrive1 Model Number: TOSHIBAMK1646GSX, Rev:
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 503FD2CC6F3632B90CEC9C763A09B1AF1755FCD5
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 25BA9A98E9E3CCF0001B0CCA90A62851FBE2F9CD
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
I don't use the PC for banking transfer or tu buy online with credit cards (I have a Linux system for this) then there are not problems at all.
Using GMER I could not check Show All because the area was light grey and without the possibility to change it, I had to use it in safe mode because in normal mode the PC rebooted more times during the scan.
I thank everybody for the help and the nice work you are doing on this forum.