Solved Can't open DDS

Status
Not open for further replies.
It appeared after uninstalling Smartclean/reboot.
"Task Shield
Warning: There is a suspicious sotware running on your computer. Click here to display latest security inormation on line
You previously marked winlogon.exe as suspicious.
Name: winlogon.exe
Path: C:\windows\system32\winlog.exe
Get online security inormation about winlogon.exe
Select an action:
Do nothing now, please remind me later
Ignore, never display warning about winlogon.exe
Proceed"

By the way, I downloaded Java in less than a minute.
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Improving

Done. This time the recovery console ran. My Laptop is running much faster.

Waiting for next steps.
 

Attachments

  • MBRCheck_08.26.10_23.19.25.txt
    11.5 KB · Views: 1
  • log.txt
    38.7 KB · Views: 2
Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 1 and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.
 
Answer

First log copied (2nd one attached). My laptop is running slow again.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 189):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A6F000 \WINDOWS\system32\KDCOM.DLL
0xF797F000 \WINDOWS\system32\BOOTVID.dll
0xF7520000 ACPI.sys
0xF7A71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF750F000 pci.sys
0xF756F000 isapnp.sys
0xF7983000 ACPIEC.sys
0xF7B37000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7987000 compbatt.sys
0xF798B000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B38000 pciide.sys
0xF77EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A73000 aliide.sys
0xF7A75000 intelide.sys
0xF7A77000 toside.sys
0xF7A79000 viaide.sys
0xF7A7B000 cmdide.sys
0xF74F1000 pcmcia.sys
0xF757F000 MountMgr.sys
0xF74D2000 ftdisk.sys
0xF77F7000 PartMgr.sys
0xF758F000 VolSnap.sys
0xF798F000 cpqarray.sys
0xF74BA000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74A2000 atapi.sys
0xF7993000 aha154x.sys
0xF77FF000 sparrow.sys
0xF7997000 symc810.sys
0xF759F000 aic78xx.sys
0xF799B000 dac960nt.sys
0xF75AF000 ql10wnt.sys
0xF799F000 amsint.sys
0xF7807000 asc.sys
0xF79A3000 asc3550.sys
0xF780F000 mraid35x.sys
0xF7817000 i2omp.sys
0xF79A7000 ini910u.sys
0xF75BF000 ql1240.sys
0xF75CF000 aic78u2.sys
0xF781F000 symc8xx.sys
0xF7827000 sym_hi.sys
0xF782F000 sym_u3.sys
0xF7837000 ABP480N5.SYS
0xF783F000 asc3350p.sys
0xF7A7D000 cd20xrnt.sys
0xF75DF000 ultra.sys
0xF7489000 adpu160m.sys
0xF7847000 dpti2o.sys
0xF75EF000 ql1080.sys
0xF75FF000 ql1280.sys
0xF760F000 ql12160.sys
0xF784F000 perc2.sys
0xF7A7F000 perc2hib.sys
0xF7857000 hpn.sys
0xF79AB000 cbidf2k.sys
0xF745D000 dac2w2k.sys
0xF761F000 disk.sys
0xF762F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF743D000 fltmgr.sys
0xF763F000 PxHelp20.sys
0xF7426000 KSecDD.sys
0xF7399000 Ntfs.sys
0xF736C000 NDIS.sys
0xF764F000 sisagp.sys
0xF765F000 viaagp.sys
0xF735B000 rmedia.sys
0xF766F000 ohci1394.sys
0xF767F000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7341000 Mup.sys
0xF768F000 agp440.sys
0xF769F000 alim1541.sys
0xF76AF000 amdagp.sys
0xF76BF000 agpCPQ.sys
0xF76EF000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF774F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7261000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF680F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF67FB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7887000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF67D7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF788F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF775F000 \SystemRoot\system32\DRIVERS\Rtlnic51.sys
0xF6783000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6946000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7897000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6757000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AB1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF789F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6936000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6926000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6916000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6734000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6906000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF669E000 \SystemRoot\system32\drivers\smwdm.sys
0xF667A000 \SystemRoot\system32\drivers\portcls.sys
0xF68F6000 \SystemRoot\system32\drivers\drmk.sys
0xF7AB3000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6649000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF654A000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF64A4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78A7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B3F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7AB5000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF68E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7259000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF648D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF68D6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF68C6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF647C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF68B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF776F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78CF000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF7AB7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF641E000 \SystemRoot\system32\DRIVERS\update.sys
0xF70C9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF777F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A2B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7ABD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B48000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ABF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78E7000 \SystemRoot\System32\drivers\vga.sys
0xF7AC1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A2F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE2A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE24A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE21E000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEE1F9000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF7A33000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xF7AC5000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xF78FF000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xEE193000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xF7907000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xEE14E000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100819.001\SymIDSCo.sys
0xEE126000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE104000 \SystemRoot\System32\drivers\afd.sys
0xF7331000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xEE094000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xEE06E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7311000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7301000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF72D1000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE010000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEDFF3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEDFA7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDF8F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF726D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF793F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C6B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF05E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDE77000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF76DF000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xF7275000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE1D9000 \??\C:\WINDOWS\system32\drivers\CO_Mon.sys
0xED9C2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B33000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEDA1B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEE1B1000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xED5B9000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xED37C000 \SystemRoot\system32\drivers\wdmaud.sys
0xED67A000 \SystemRoot\system32\drivers\sysaudio.sys
0xED429000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED185000 \SystemRoot\System32\Drivers\HTTP.sys
0xEC38E000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.023\NAVEX15.SYS
0xEC37A000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.023\NAVENG.SYS
0xEE1D1000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0xEC33D000 \SystemRoot\system32\DRIVERS\sr.sys
0xEE1B9000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
0xF7AEB000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF795F000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0xEE1C9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEC297000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
896 C:\WINDOWS\system32\smss.exe
1000 csrss.exe
1024 C:\WINDOWS\system32\winlogon.exe
1068 C:\WINDOWS\system32\services.exe
1080 C:\WINDOWS\system32\lsass.exe
1240 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1332 C:\WINDOWS\system32\svchost.exe
1412 svchost.exe
1532 svchost.exe
1972 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
2044 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
864 C:\WINDOWS\system32\spoolsv.exe
1768 svchost.exe
1864 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
596 C:\Program Files\Bonjour\mDNSResponder.exe
640 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
360 C:\WINDOWS\system32\HPZipm12.exe
732 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
780 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
924 C:\WINDOWS\system32\svchost.exe
952 C:\WINDOWS\system32\svchost.exe
2812 alg.exe
1664 C:\Program Files\QuickTime\QTTask.exe
2376 C:\Program Files\iTunes\iTunesHelper.exe
2444 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2824 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4000 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
1132 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2912 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
2976 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3064 C:\WINDOWS\system32\hkcmd.exe
3228 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
3596 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
728 C:\WINDOWS\system32\svchost.exe
4056 C:\WINDOWS\system32\ctfmon.exe
3488 C:\Program Files\iPod\bin\iPodService.exe
4036 C:\Palm\HOTSYNC.EXE
2276 C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
2648 C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
3568 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2688 C:\WINDOWS\system32\wuauclt.exe
4004 C:\WINDOWS\ElLince.scr
296 C:\WINDOWS\explorer.exe
1464 C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
2264 C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
1196 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0baf4400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23FA-60, Rev: 00M4A0A2
PhysicalDrive1 Model Number: ToshibaExternal USB HDD, Rev: 1.04

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
RE: Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 

Attachments

  • MBRCheck_08.27.10_00.28.23.txt
    11.8 KB · Views: 1
Log after rebooting

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 184):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A6F000 \WINDOWS\system32\KDCOM.DLL
0xF797F000 \WINDOWS\system32\BOOTVID.dll
0xF7520000 ACPI.sys
0xF7A71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF750F000 pci.sys
0xF756F000 isapnp.sys
0xF7983000 ACPIEC.sys
0xF7B37000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7987000 compbatt.sys
0xF798B000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B38000 pciide.sys
0xF77EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A73000 aliide.sys
0xF7A75000 intelide.sys
0xF7A77000 toside.sys
0xF7A79000 viaide.sys
0xF7A7B000 cmdide.sys
0xF74F1000 pcmcia.sys
0xF757F000 MountMgr.sys
0xF74D2000 ftdisk.sys
0xF77F7000 PartMgr.sys
0xF758F000 VolSnap.sys
0xF798F000 cpqarray.sys
0xF74BA000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74A2000 atapi.sys
0xF7993000 aha154x.sys
0xF77FF000 sparrow.sys
0xF7997000 symc810.sys
0xF759F000 aic78xx.sys
0xF799B000 dac960nt.sys
0xF75AF000 ql10wnt.sys
0xF799F000 amsint.sys
0xF7807000 asc.sys
0xF79A3000 asc3550.sys
0xF780F000 mraid35x.sys
0xF7817000 i2omp.sys
0xF79A7000 ini910u.sys
0xF75BF000 ql1240.sys
0xF75CF000 aic78u2.sys
0xF781F000 symc8xx.sys
0xF7827000 sym_hi.sys
0xF782F000 sym_u3.sys
0xF7837000 ABP480N5.SYS
0xF783F000 asc3350p.sys
0xF7A7D000 cd20xrnt.sys
0xF75DF000 ultra.sys
0xF7489000 adpu160m.sys
0xF7847000 dpti2o.sys
0xF75EF000 ql1080.sys
0xF75FF000 ql1280.sys
0xF760F000 ql12160.sys
0xF784F000 perc2.sys
0xF7A7F000 perc2hib.sys
0xF7857000 hpn.sys
0xF79AB000 cbidf2k.sys
0xF745D000 dac2w2k.sys
0xF761F000 disk.sys
0xF762F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF743D000 fltmgr.sys
0xF742B000 sr.sys
0xF763F000 PxHelp20.sys
0xF7414000 KSecDD.sys
0xF7387000 Ntfs.sys
0xF735A000 NDIS.sys
0xF764F000 sisagp.sys
0xF765F000 viaagp.sys
0xF7349000 rmedia.sys
0xF766F000 ohci1394.sys
0xF767F000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF732F000 Mup.sys
0xF768F000 agp440.sys
0xF769F000 alim1541.sys
0xF76AF000 amdagp.sys
0xF76BF000 agpCPQ.sys
0xF777F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6903000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7267000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF67EC000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF67D8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF789F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF67B4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF68F3000 \SystemRoot\system32\DRIVERS\Rtlnic51.sys
0xF6760000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF68E3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6734000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF68D3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF68C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF68B3000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6711000 \SystemRoot\system32\DRIVERS\ks.sys
0xF68A3000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF667B000 \SystemRoot\system32\drivers\smwdm.sys
0xF6657000 \SystemRoot\system32\drivers\portcls.sys
0xF6893000 \SystemRoot\system32\drivers\drmk.sys
0xF7AAF000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6626000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6527000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6481000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78BF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7C9A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7AB3000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF76DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF725F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF646A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76FF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6459000 \SystemRoot\system32\DRIVERS\psched.sys
0xF770F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78DF000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF771F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF7AB5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF63FB000 \SystemRoot\system32\DRIVERS\update.sys
0xF724F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF772F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6FDA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7ABB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C54000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ABD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78FF000 \SystemRoot\System32\drivers\vga.sys
0xF7ABF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7907000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF790F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A1F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE320000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE2C7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE29B000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEE276000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF7A23000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xF7AC3000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xF7917000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xEE210000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xF791F000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xEE1CB000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100819.001\SymIDSCo.sys
0xEE1A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE181000 \SystemRoot\System32\drivers\afd.sys
0xF778F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xEE071000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xF779F000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE04B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEDFED000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEDFD0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF7957000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEDF84000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDF6C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A67000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7977000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C32000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF05E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDE54000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEDF24000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xEDE50000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE256000 \??\C:\WINDOWS\system32\drivers\CO_Mon.sys
0xED9C7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B25000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEDB30000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xED872000 \SystemRoot\system32\drivers\wdmaud.sys
0xED8E7000 \SystemRoot\system32\drivers\sysaudio.sys
0xED62C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF78EF000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xECD5B000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xECC0F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.023\NAVEX15.SYS
0xECBFB000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.023\NAVENG.SYS
0xECBBA000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
904 C:\WINDOWS\system32\smss.exe
1012 csrss.exe
1036 C:\WINDOWS\system32\winlogon.exe
1100 C:\WINDOWS\system32\services.exe
1112 C:\WINDOWS\system32\lsass.exe
1264 C:\WINDOWS\system32\svchost.exe
1312 svchost.exe
1352 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1628 svchost.exe
2008 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
164 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
1044 C:\WINDOWS\system32\spoolsv.exe
1920 svchost.exe
556 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
992 C:\Program Files\Bonjour\mDNSResponder.exe
1440 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1472 C:\WINDOWS\system32\HPZipm12.exe
1800 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1704 C:\WINDOWS\explorer.exe
1680 C:\Program Files\QuickTime\QTTask.exe
1736 C:\Program Files\iTunes\iTunesHelper.exe
1156 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
680 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
684 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1692 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
1948 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
716 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
1716 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1560 C:\WINDOWS\system32\hkcmd.exe
1576 C:\WINDOWS\system32\svchost.exe
1988 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
2052 C:\WINDOWS\system32\svchost.exe
2080 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
2356 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2608 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
2652 C:\Palm\HOTSYNC.EXE
3068 C:\WINDOWS\system32\wuauclt.exe
3116 C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
3144 C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
3812 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2972 C:\WINDOWS\system32\wuauclt.exe
2308 C:\Program Files\iPod\bin\iPodService.exe
2780 alg.exe
1536 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0baf4400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23FA-60, Rev: 00M4A0A2
PhysicalDrive1 Model Number: ToshibaExternal USB HDD, Rev: 1.04

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
RE: Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 
Hi Broni: When trying to use Kaspersky I get a message from teh webpage "Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this progam" The connection seems to be working just fine. What should I do?
 
Kaspesry starts working very slowly,then it stops after 1 hour or so with 20% of progress. I'm trying scanning typical areas first. What do your think?
 
Stop it.

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • IMPORTANT! UN-check Remove found threats
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
Try this one....

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
BitDefender:

"Bitdender failed to update the virus definitios.
Although it might be possible to check or viruses, the result will probably not be 100% accurate.

Do you want to start scanning?"

Please tell me what to do.
 
Probably, we'll do better with this.....

Please download VRT by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer in SafeMode.
    • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    • Use your up arrow key to highlight SafeMode then hit Enter.
  • Double click the setup file to start installation.
  • It will by default install it to your desktop folder.
  • After installation, black window may open for a few moments. It's normal.
  • When program opens, make sure following boxes are checked:


    • [*]Hidden startup objects
      [*]Startup Objects
      [*]Disk Boot Sectors.
      [*]My Computer.
      [*]Any internal, or external drives
  • After that click on Recommended (next to "Security level")then Settings then Additional tab and make sure, Deep scan under "Rootkit scan" is checked. Click OK.
  • Click on Start scan green button.
  • It will automatically neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all.
  • If it says it cannot be neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it VRT.
  • Save the file to your desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected.
Note: This tool will self uninstall when you close it so please save the log before closing it.
 
Hi Broni: I hope I'm not becoming a headache :-( After launching VRT I get not a black screen but a screen with the Kaspersky Removal Tool at the top and a translucent content (meaning I can see the desktop through the screeen). I opened Task Manager and the program is supposed to be running (it's been more than 2 hrs). 99% of CPU usage is with some process called Ellince.scr. Curiously there is a winlog.exe process in the pane, which I've heard might be a virus.

Should I wait longer?

Thanks for your guidelines as usual
 
Give it some more time.
If no change, stop it, restart computer and try again.
Make sure, you don't have any other programs running and leave the computer alone.
 
Gives me two options for the operating system: 1) Windows Recovery Console and 2) Windows XP Home Edition. Which one should I use?
 
Windows XP (it should go there automatically after a few seconds)
Recovery console is for troubleshooting purposes.
 
Not working VTR

Hi Broni:

Ater 12 hrs still getting the same result with VRT. I'm attaching a printscreen for you to see how it looks like. I'm also attaching the OTC and Checkup logs just in case they might help you.

Note: If I run VTR in regular mode (no safe mode) it seems to work.

Please your directions.
 

Attachments

  • 08272010_012749.log
    18.9 KB · Views: 1
  • checkup.txt
    801 bytes · Views: 1
  • PrintScreen.JPG
    PrintScreen.JPG
    72.3 KB · Views: 2
Run it in normal mode then.

Also....

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
 
Broni:

I don't see the Neutralize All option. Neither the Virus/Malware part in the report. Also, I'm not sure how to save the report.

Please advice.
 
Sorry for that. Kaspersky's tool has changed recently.

Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.
 
Status
Not open for further replies.
Back