I have been scared that I have a hidden rootkit or some sort of nasty malware on my Lenovo G500s, and this has been driving me nuts. I came across multiple threads here where users such as EssexBoy addressed concerns about unknown MBR. So I thought I’ll post a query.
My internet was really slow and when I tried shutting the browser from Task Manager, I got the message “Access Denied”. This occurred with Firefox, Chrome and IE. I thereafter did a System Restore and the problem seemed to have stopped. Got a similar message yesterday when I tried ending a PrevX 3.0 process (I usually use Sophos, but installed PrevX to check). Worrying that I might have a rootkit, I ran GMER and aswMBR. They both detected an unknown MBR code, but nothing else. TDSS Killer also did not detect anything. I’d really appreciate it if somebody would have a look at my log files and tell me if there is indeed cause to worry. P.S.: I have Windows 8.1 and I suspect there is a recovery partition cause I didn’t get any OS CD with my Lenovo.
EDIT: Shit sorry I didn’t read before posting the llogs. I’ll attach them in a reply. Thanks.
Please include the contents of that file in your reply. Due to special formatting, post it directly and not attach!
There will be also a file named Dump_Hdd*_DR*.mbr on your desktop. Do not click on it or delete it!
Hey here is the MBRScan log. I have split it into two.
MBRScan v1.1.1
OS : Windows 8 (64 bit)
PROCESSOR : Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
BOOT : Normal Boot
DATE : 2014/08/25 (ISO 8601) at 14:14:18
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __ST1000LM014-SSHD-8GB (LVD3)
BUS_TYPE : (0x0B) S-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
DISK : Device\Harddisk1\DR3 __Intenso Micro Line (1.00)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________
Device\Harddisk0\DR0 931.5 Go [Fixed] ==> Unknown MBR Code...
MBR_MD5 : AD6DA9C1A0B34D34A087C421489D6DA9
MBR_SHA1 : A151E89C89438D069AA8DE8C4DF0EF384B3E43C9
Device\Harddisk0\Partition1 2.00 To 0xEE EFI GPT[1]
________________________________________________________________________________
Device\Harddisk1\DR3 29.82 Go [Removable] ==> 7 MBR Code
MBR_MD5 : E23337AE26A708EC60AA854E1AC25442
MBR_SHA1 : DB83298D379747D7D24BDBDB2945942D381D8892
Device\Harddisk1\Partition1 29.82 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0xDEE0C000
SIZE : 7.54 Mo
DRIVER : C:\WINDOWS\system32\hal.dll => Invisible on the disk
ADDRESS : 0xDF595000
SIZE : 448.0 Ko
DRIVER : C:\WINDOWS\system32\kd.dll => Invisible on the disk
ADDRESS : 0xDE12E000
SIZE : 36.0 Ko
DRIVER : C:\WINDOWS\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0xC56D1000
SIZE : 408.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\werkernel.sys => Invisible on the disk
ADDRESS : 0xC5737000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0xC5745000
SIZE : 388.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0xC57A6000
SIZE : 136.0 Ko
DRIVER : C:\WINDOWS\system32\CI.dll => Invisible on the disk
ADDRESS : 0xC5600000
SIZE : 544.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0xC589C000
SIZE : 372.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0xC58F9000
SIZE : 828.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0xC59C8000
SIZE : 68.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0xC59D9000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0xC59F1000
SIZE : 44.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0xC5800000
SIZE : 552.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0xC588A000
SIZE : 40.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0xC5A3F000
SIZE : 560.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0xC5ACB000
SIZE : 40.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0xC5AD5000
SIZE : 288.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0xC5B1D000
SIZE : 52.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0xC5B2A000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0xC5B46000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0xC5B5E000
SIZE : 388.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0xC5BBF000
SIZE : 84.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0xC5CDE000
SIZE : 380.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0xC5D3D000
SIZE : 108.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\iaStorA.sys => Invisible on the disk
ADDRESS : 0xC5EAB000
SIZE : 2.80 Mo
DRIVER : C:\WINDOWS\System32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0xC6178000
SIZE : 380.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0xC5E00000
SIZE : 368.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0xC5E5C000
SIZE : 88.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Wof.sys => Invisible on the disk
ADDRESS : 0xC5E72000
SIZE : 172.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0xC6215000
SIZE : 1.96 Mo
DRIVER : C:\WINDOWS\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0xC640B000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0xC6427000
SIZE : 64.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0xC6437000
SIZE : 44.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0xC6442000
SIZE : 1.09 Mo
DRIVER : C:\WINDOWS\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0xC655A000
SIZE : 484.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0xC5D58000
SIZE : 196.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0xC66C9000
SIZE : 2.45 Mo
DRIVER : C:\WINDOWS\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0xC693D000
SIZE : 432.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\wfplwfs.sys => Invisible on the disk
ADDRESS : 0xC69A9000
SIZE : 148.0 Ko
DRIVER : C:\WINDOWS\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0xC6600000
SIZE : 596.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0xC5D89000
SIZE : 320.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0xC5C00000
SIZE : 280.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\nvpciflt.sys => Invisible on the disk
ADDRESS : 0xC6695000
SIZE : 44.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0xC66A0000
SIZE : 92.0 Ko
DRIVER : C:\WINDOWS\System32\DRIVERS\LhdX64.sys => Invisible on the disk
ADDRESS : 0xC66B7000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\intelpep.sys => Invisible on the disk
ADDRESS : 0xC69CE000
SIZE : 60.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0xC65D3000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0xC5C46000
SIZE : 340.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0xC69E9000
SIZE : 84.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\dtsoftbus01.sys => Invisible on the disk
ADDRESS : 0xC6F18000
SIZE : 288.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0xC6F60000
SIZE : 184.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\savonaccess.sys => Invisible on the disk
ADDRESS : 0xC6F8E000
SIZE : 208.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0xC6FC2000
SIZE : 36.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0xC6FCB000
SIZE : 32.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0xC6FD3000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0xC701B000
SIZE : 1.50 Mo
DRIVER : C:\WINDOWS\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0xC719C000
SIZE : 72.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0xC720F000
SIZE : 388.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0xC7270000
SIZE : 72.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0xC7282000
SIZE : 80.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0xC7296000
SIZE : 48.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0xC72A2000
SIZE : 128.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0xC72C2000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0xC72D0000
SIZE : 304.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0xC731C000
SIZE : 584.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0xC73AE000
SIZE : 168.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0xC73D8000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0xC71AE000
SIZE : 68.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0xC74C0000
SIZE : 448.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\swi_callout.sys => Invisible on the disk
ADDRESS : 0xC7696000
SIZE : 2.57 Mo
DRIVER : C:\WINDOWS\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0xC793D000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0xC794B000
SIZE : 48.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0xC7957000
SIZE : 48.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0xC7963000
SIZE : 152.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\ahcache.sys => Invisible on the disk
ADDRESS : 0xC7999000
SIZE : 92.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0xC79B0000
SIZE : 60.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\kdnic.sys => Invisible on the disk
ADDRESS : 0xC79BF000
SIZE : 44.0 Ko
MBRScan v1.1.1
OS : Windows 8 (64 bit)
PROCESSOR : Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
BOOT : Normal Boot
DATE : 2014/08/25 (ISO 8601) at 15:13:10
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __WDC WD10JPCX-24UE4T0 (01.01A01)
BUS_TYPE : (0x0B) S-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 931.5 Go [Fixed] ==> Unknown MBR Code...
MBR_MD5 : F1FCCBC439A28CE32812D3B753B96A55
MBR_SHA1 : 665EA56960493EE3613D2F7F6CA411E30FDB1DCA
Device\Harddisk0\Partition1 2.00 To 0xEE EFI GPT[1]
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0x2F475000
SIZE : 7.54 Mo
DRIVER : C:\WINDOWS\system32\hal.dll => Invisible on the disk
ADDRESS : 0x2F405000
SIZE : 448.0 Ko
DRIVER : C:\WINDOWS\system32\kd.dll => Invisible on the disk
ADDRESS : 0x2E549000
SIZE : 36.0 Ko
DRIVER : C:\WINDOWS\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0xB0C86000
SIZE : 408.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\werkernel.sys => Invisible on the disk
ADDRESS : 0xB0CEC000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0xB0CFA000
SIZE : 388.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0xB0D5B000
SIZE : 136.0 Ko
DRIVER : C:\WINDOWS\system32\CI.dll => Invisible on the disk
ADDRESS : 0xB0E1C000
SIZE : 544.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0xB0EA4000
SIZE : 372.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0xB0F01000
SIZE : 828.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0xB0FD0000
SIZE : 68.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0xB0FE1000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0xB0E00000
SIZE : 44.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0xB10CB000
SIZE : 552.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0xB1155000
SIZE : 40.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0xB115F000
SIZE : 560.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0xB11F6000
SIZE : 40.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0xB1000000
SIZE : 288.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0xB1048000
SIZE : 52.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0xB1055000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0xB1071000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0xB0D9C000
SIZE : 388.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0xB1089000
SIZE : 84.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0xB0C00000
SIZE : 380.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0xB109E000
SIZE : 108.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\iaStorA.sys => Invisible on the disk
ADDRESS : 0xB1287000
SIZE : 2.73 Mo
DRIVER : C:\WINDOWS\System32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0xB1541000
SIZE : 380.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0xB1200000
SIZE : 368.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0xB125C000
SIZE : 88.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Wof.sys => Invisible on the disk
ADDRESS : 0xB15BA000
SIZE : 172.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\WdFilter.sys => Invisible on the disk
ADDRESS : 0xB160C000
SIZE : 268.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0xB18BB000
SIZE : 1.96 Mo
DRIVER : C:\WINDOWS\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0xB1AB1000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0xB1ACD000
SIZE : 64.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0xB1ADD000
SIZE : 44.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0xB1AE8000
SIZE : 1.09 Mo
DRIVER : C:\WINDOWS\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0xB1800000
SIZE : 484.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0xB1879000
SIZE : 196.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0xB1CF5000
SIZE : 2.46 Mo
DRIVER : C:\WINDOWS\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0xB1F6A000
SIZE : 432.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\wfplwfs.sys => Invisible on the disk
ADDRESS : 0xB1FD6000
SIZE : 148.0 Ko
DRIVER : C:\WINDOWS\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0xB1C00000
SIZE : 596.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\amdkmpfd.sys => Invisible on the disk
ADDRESS : 0xB1C95000
SIZE : 52.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0xB1CA2000
SIZE : 320.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0xB164F000
SIZE : 280.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0xB1695000
SIZE : 92.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\intelpep.sys => Invisible on the disk
ADDRESS : 0xB18AA000
SIZE : 60.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0xB16B8000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0xB16D4000
SIZE : 340.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0xB1729000
SIZE : 84.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0xB2536000
SIZE : 184.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0xB2564000
SIZE : 36.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0xB256D000
SIZE : 32.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0xB2575000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0xB26BC000
SIZE : 1.50 Mo
DRIVER : C:\WINDOWS\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0xB283D000
SIZE : 72.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0xB284F000
SIZE : 388.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0xB28B0000
SIZE : 72.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0xB28C2000
SIZE : 80.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0xB28D6000
SIZE : 48.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0xB28E2000
SIZE : 128.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0xB2902000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0xB2910000
SIZE : 304.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0xB295C000
SIZE : 584.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0xB2600000
SIZE : 168.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0xB262A000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0xB2642000
SIZE : 68.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0xB2583000
SIZE : 448.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0xB2653000
SIZE : 56.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0xB2661000
SIZE : 48.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0xB266D000
SIZE : 48.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0xB2687000
SIZE : 152.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\ahcache.sys => Invisible on the disk
ADDRESS : 0xB2200000
SIZE : 92.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0xB26AD000
SIZE : 60.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\kdnic.sys => Invisible on the disk
ADDRESS : 0xB29EE000
SIZE : 44.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0xB2217000
SIZE : 68.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0xB174A000
SIZE : 632.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0xB2A7C000
SIZE : 12.50 Mo
DRIVER : C:\WINDOWS\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0xB388A000
SIZE : 4.09 Mo
DRIVER : C:\WINDOWS\System32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0xB3CA0000
SIZE : 100.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0xB3CB9000
SIZE : 228.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\USBXHCI.SYS => Invisible on the disk
ADDRESS : 0xB3CF2000
SIZE : 340.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\ucx01000.sys => Invisible on the disk
ADDRESS : 0xB3D47000
SIZE : 200.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys => Invisible on the disk
ADDRESS : 0xB3D79000
SIZE : 112.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0xB3D95000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0xB3800000
SIZE : 444.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\L1C63x64.sys => Invisible on the disk
ADDRESS : 0xB4540000
SIZE : 140.0 Ko
DRIVER : C:\WINDOWS\System32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0xB4563000
SIZE : 124.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0xB36FC000
SIZE : 544.0 Ko
DRIVER : C:\WINDOWS\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0xB4582000
SIZE : 48.0 Ko
It is perfectly normal. I suppose that it depends on either BIOS/UEFI that is used in Lenovo, cause mine is G510
Nothing to be concerned about the MBR. However, I’d recommend to get rid of Spybot - this program won’t protect you anymore. I’d also advise to clean temp files and scan for vulnerabilities. Go on, I want you to go from here as secured as possible
MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:
Hey,
SecurityCheck says that it doesn’t support the OS (Win 8.1).
EDIT: I also wanted to ask if I should remove SuperAntiSpyware. I only installed it last week to scan my system after this issue came up. I have a licensed AV and malware scanner otherwise.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Install the scanner by right-click on https://sites.google.com/site/cannedfixes/activescan/panda-av.jpg
icon and select https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg Run as Administrator.
[*]It should start itself automaticaly after the installation.
[*]In the main console click Accept and Scan.
[*]This scan won’t take long, about several minutes (depending on your system specs). Let it run uninterrupted.
[*]At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
[*]Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
[*]A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.
Don’t forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
here are the Panda results. I’d like your advice regarding the last four (suspicious policy, MALWARE.Regkey). The others are very likely FPs cause I have licensed versions of the corresponding softwares.
Broken Link. FILE: File not found:C:\WINDOWS\SYSTEM32\NVINITX.DLL,C:\PROGRA~2\SOPHOS\SOPHOS~1\SOPHOS~2.DLL to be deleted.
Broken Link. REGKEY: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows[AppInit_DLLs]. Value: AppInit_DLLs To be changed to: .
Unknown. FILE: C:\PROGRAM FILES (X86)\MATLAB\R2014A\BIN\WIN32\MATLABSTARTUPACCELERATOR.EXE to be deleted.
Unknown. TASK: Task[MATLAB R2014a Startup Accelerator]. Task to be deleted.
Broken Link. FILE: File not found:C:\WINDOWS\SYSWOW64\NVINIT.DLL,C:\PROGRA~2\SOPHOS\SOPHOS~1\SOPHOS~1.DLL to be deleted.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. (Panda says System Hijack)
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted. (Panda says System Hijack)
EDIT: The two REGKEY values are disabled, forgot to add that. Is it safe to rremove them?
Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don’t know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.
XP users click run after receipt of Windows Security Warning - Open File. 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]When the tool opens click Yes to disclaimer.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Hey morning,
I ran the CKScanner and found the last two entries in the log file suspicious (mabye I am wrong). I must admit I once used a cracked version of Office 13. I have since removed the Office version and the KMS crack that it used. I thought I had I removed everything (even with CCleaner), so I am not sure if this is related. Is there some serious problem?