TechSpot

Stubborn infection

Inactive
By Michael King
Jul 23, 2012
  1. I had the "S.M.A.R.T. Data Recovery" virus. I removed most of it with RogueKiller, and recovered my files with Unhide.exe. However, I still have something lingering that plays commericals in the background by launching an explorer process to connect to a remote website. If more is going on behind the scenes (probably is), I don't know what. Malwarebytes can't find anything more, Avira says it detects hidden objects and a hidden process, and recommends using a rescue disk. The rescue disk doesn't find anything when run. GMER doesn't find anything. However, Malwarebytes does detect the virus trying to connect to a remote computer and blocks it (usually, sometimes the commercials still play). Also, the virus attempts to hijack google searches, but NoScript blocks that. Anyway, my logs are in the following posts.
     
  2. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.23.10

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: MICHAEL-PC [administrator]

    Protection: Enabled

    7/23/2012 1:01:28 PM
    mbam-log-2012-07-23 (13-01-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 223413
    Time elapsed: 6 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Administrator at 14:17:05 on 2012-07-23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5980 [GMT -5:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
    C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROSEWI~1.LNK - C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{30166C5C-CC98-4470-8810-3E4284410249} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{5341C763-EEC9-4D71-B634-12E87573BAC2} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FE1634B9-0F93-4E97-A3F8-6D15AEACFF8E} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\00rwosbz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3057722&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 73aa2067-e537-40cf-8eeb-22985e224958
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdide64;amdide64;C:\Windows\system32\DRIVERS\amdide64.sys --> C:\Windows\system32\DRIVERS\amdide64.sys [?]
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-27 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-27 110032]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2012-3-18 22528]
    R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-11-27 68136]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe [2012-1-16 185632]
    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe [2012-1-16 212256]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 gcdbus;Driver for gBurner SCSI Host Controller;C:\Windows\system32\DRIVERS\gcdbus.sys --> C:\Windows\system32\DRIVERS\gcdbus.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-25 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-25 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-12-1 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-07-23 17:50:39 98816 ----a-w- C:\Windows\sed.exe
    2012-07-23 17:50:39 518144 ----a-w- C:\Windows\SWREG.exe
    2012-07-23 17:50:39 256000 ----a-w- C:\Windows\PEV.exe
    2012-07-23 17:50:39 208896 ----a-w- C:\Windows\MBR.exe
    2012-07-23 17:49:40 -------- d-s---w- C:\commy32243c
    2012-07-23 17:46:13 -------- d-s---w- C:\commy
    2012-07-20 07:03:12 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70065EB6-5CEC-4524-9A70-BE08D1EA82D8}\offreg.dll
    2012-07-20 06:57:31 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70065EB6-5CEC-4524-9A70-BE08D1EA82D8}\mpengine.dll
    2012-07-15 03:07:54 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-07-15 03:07:52 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
    2012-07-15 03:07:51 53248 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
    2012-07-15 03:07:50 126976 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
    2012-07-15 03:07:49 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
    2012-07-15 03:07:46 598016 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
    2012-07-15 03:07:44 114688 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
    2012-07-15 02:59:51 57344 ----a-w- C:\Windows\uneng.exe
    2012-07-15 02:59:50 66000 ----a-w- C:\Windows\SysWow64\drivers\Cdr4vsd.sys
    2012-07-15 02:59:50 49152 ----a-w- C:\Windows\SysWow64\cdrtc.dll
    2012-07-15 02:59:50 45056 ----a-w- C:\Windows\SysWow64\cdral.dll
    2012-07-15 02:59:50 27388 ----a-w- C:\Windows\SysWow64\drivers\cdralwnt.sys
    2012-07-15 02:59:50 -------- d-----w- C:\Program Files (x86)\Common Files\Adaptec Shared
    2012-07-14 22:17:09 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-07-14 22:17:09 839152 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-07-14 14:26:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-14 14:26:35 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-14 14:26:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-14 01:33:00 -------- d-----w- C:\Users\Administrator\AppData\Local\AMD
    2012-07-14 01:32:50 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-07-14 01:31:00 -------- d-----w- C:\ProgramData\AMD
    2012-07-14 01:30:53 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
    2012-07-14 01:24:29 -------- d-----w- C:\AMD
    2012-07-11 23:06:26 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-11 09:15:15 1558016 ----a-w- C:\RogueKiller.exe
    2012-07-11 08:11:59 2769408 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 00:15:20 -------- d-----w- C:\Program Files\Ventrilo
    2012-07-11 00:13:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-07-07 13:26:15 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-07 13:26:01 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-07 13:25:46 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
    2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    .
    ==================== Find3M ====================
    .
    2012-07-23 19:10:44 23080 ----a-w- C:\Windows\gdrv.sys
    2012-07-12 00:06:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 00:06:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-07-04 05:09:22 45056 ----a-w- C:\Windows\System32\atitmp64.dll
    2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-25 05:31:05 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-25 05:31:05 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-05-09 01:46:57 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    .
    ============= FINISH: 14:25:49.21 ===============
     
  4. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/27/2011 1:54:12 PM
    System Uptime: 7/23/2012 2:10:16 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790X-UD4P
    Processor: AMD Phenom(tm) II X3 720 Processor | Socket M2 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 171.097 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    K: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Microsoft Tun Miniport Adapter #2
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    4500_Help
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    AMD VISION Engine Control Center
    Avira Free Antivirus
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    Browser Configuration Utility
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Counter-Strike: Condition Zero
    Counter-Strike: Condition Zero Deleted Scenes
    Counter-Strike: Source
    Curse Client - 1
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Setup
    EasySaver B8.1224.1
    Fax
    Foxit Reader 5.0
    gBurner Virtual Drive
    Gigabyte Raid Configurer
    GoldenEye: Source - HalfLife 2 Mod
    Google Chrome
    Google Update Helper
    Half-Life 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Update
    HydraVision
    IsoBuster 3.0
    J4500
    Malwarebytes Anti-Malware version 1.62.0.1300
    Media Player Classic - Home Cinema v1.5.2.3456
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoHelper 2.0.51 Driver 5.1.0
    MotoHelper MergeModules
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    ProductContext
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    Rosewill Wireless N USB Adapter
    Roxio CDEngine
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Source SDK Base 2007
    Status
    Steam
    swMSM
    Toolbox
    TrayApp
    UltraISO Premium V8.63
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    WebReg
    WinRAR 4.10 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/23/2012 2:12:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdralwnt
    7/23/2012 2:12:50 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    7/23/2012 2:10:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00026FBF83AB has been

    denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/23/2012 2:10:38 PM, Error: EventLog [6008] - The previous system shutdown at 2:06:23 PM on 7/23/2012 was unexpected.
    7/23/2012 2:10:32 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Cdralwnt.SYS has been blocked from loading due to incompatibility with this system.

    Please contact your software vendor for a compatible version of the driver.
    7/23/2012 12:44:14 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    7/23/2012 12:44:14 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    7/20/2012 6:12:39 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00026FBF83AB has been

    denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/20/2012 6:12:32 PM, Error: EventLog [6008] - The previous system shutdown at 1:12:22 PM on 7/20/2012 was unexpected.
    7/19/2012 8:44:53 AM, Error: EventLog [6008] - The previous system shutdown at 3:48:38 AM on 7/19/2012 was unexpected.
    7/19/2012 4:33:32 PM, Error: EventLog [6008] - The previous system shutdown at 4:27:41 PM on 7/19/2012 was unexpected.
    7/17/2012 3:04:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00026FBF83AB has been

    denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/16/2012 6:26:51 PM, Error: EventLog [6008] - The previous system shutdown at 12:32:01 PM on 7/16/2012 was unexpected.
    7/16/2012 3:04:03 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================
     
  5. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    As I said in the OP, no GMER log was generated due to not finding anything.

    Thanks in advance for any help.
     
  6. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    Oh, here is an additional log which may be of help.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: GA-MA790X-UD4P
    Logical Drives Mask: 0x000007fc

    Kernel Drivers (total 152):
    0x0260D000 \SystemRoot\system32\ntoskrnl.exe
    0x02B25000 \SystemRoot\system32\hal.dll
    0x00603000 \SystemRoot\system32\kdcom.dll
    0x00606000 \SystemRoot\system32\PSHED.dll
    0x0061A000 \SystemRoot\system32\CLFS.SYS
    0x00677000 \SystemRoot\system32\CI.dll
    0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F1000 \SystemRoot\system32\drivers\acpi.sys
    0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095A000 \SystemRoot\system32\drivers\pci.sys
    0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
    0x00729000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B3000 \SystemRoot\system32\drivers\pciide.sys
    0x009BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009CA000 \SystemRoot\system32\DRIVERS\amdide64.sys
    0x009D1000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009E4000 \SystemRoot\system32\drivers\atapi.sys
    0x0078F000 \SystemRoot\system32\drivers\ataport.SYS
    0x007B3000 \SystemRoot\system32\DRIVERS\jraid.sys
    0x007CE000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x00A05000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00A4C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00A60000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C0F000 \SystemRoot\system32\drivers\ndis.sys
    0x00AE7000 \SystemRoot\system32\drivers\msrpc.sys
    0x00B37000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E01000 \SystemRoot\System32\drivers\tcpip.sys
    0x00F75000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01005000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01185000 \SystemRoot\system32\drivers\volsnap.sys
    0x011C9000 \SystemRoot\System32\Drivers\spldr.sys
    0x011D1000 \SystemRoot\System32\Drivers\mup.sys
    0x00FA1000 \SystemRoot\System32\drivers\ecache.sys
    0x011E3000 \SystemRoot\system32\drivers\disk.sys
    0x00FCD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x011F7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x00DD2000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00B90000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00B99000 \SystemRoot\system32\DRIVERS\processr.sys
    0x00BAC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x06407000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x0660F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x06466000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x071C2000 \SystemRoot\System32\drivers\watchdog.sys
    0x07207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x072F4000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x07325000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x07341000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0734C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x07392000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x073A3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x073B5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x073C5000 \SystemRoot\system32\DRIVERS\serial.sys
    0x073E2000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x06549000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x06582000 \SystemRoot\system32\DRIVERS\storport.sys
    0x073EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x071D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x06600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x065DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x07402000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x07420000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x07438000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0744B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x07459000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x07465000 \SystemRoot\system32\DRIVERS\gcdbus.sys
    0x07498000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0749A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x074CE000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x074E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x074ED000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x074FD000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x07545000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x07559000 \SystemRoot\system32\drivers\RtHDMIVX.sys
    0x07586000 \SystemRoot\system32\drivers\portcls.sys
    0x075C1000 \SystemRoot\system32\drivers\drmk.sys
    0x075E4000 \SystemRoot\system32\drivers\ksthunk.sys
    0x08208000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0838B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x08395000 \SystemRoot\System32\Drivers\Null.SYS
    0x083A9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x083B1000 \SystemRoot\System32\drivers\vga.sys
    0x083BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x083E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x083ED000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0839E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x075EA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x083F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x08403000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x08420000 \SystemRoot\system32\DRIVERS\smb.sys
    0x0843B000 \SystemRoot\system32\drivers\afd.sys
    0x084A6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x084EA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x08508000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x08517000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x08532000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0857F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0858B000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
    0x085A7000 \SystemRoot\System32\Drivers\dfsc.sys
    0x085C4000 \SystemRoot\system32\DRIVERS\avkmgr.sys
    0x085CE000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x00DDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x085F5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x085F7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x00BE6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x071F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x065EF000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x009EC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x08200000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x08802000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0882C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x08844000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x08948000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00000000 \SystemRoot\System32\win32k.sys
    0x08953000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0895F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00400000 \SystemRoot\System32\TSDDD.dll
    0x00600000 \SystemRoot\System32\cdd.dll
    0x08972000 \SystemRoot\system32\drivers\luafv.sys
    0x08994000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x0A60D000 \SystemRoot\system32\drivers\spsys.sys
    0x0A6A7000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0A6BB000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0A6EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0A6FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0A712000 \SystemRoot\system32\drivers\HTTP.sys
    0x0A7B5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0A7C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x089B4000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x089D2000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0B602000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0B629000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0B652000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0B69B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0B6BA000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0B6EC000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0B77F000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    0x0C808000 \SystemRoot\system32\drivers\peauth.sys
    0x0C8BE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0C8C9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0C8D9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0C8F9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x0C90F000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x0C92B000 \??\C:\Windows\gdrv.sys
    0x0C934000 \??\C:\Windows\system32\drivers\mbam.sys
    0x0C93E000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
    0x771C0000 \Windows\System32\ntdll.dll

    Processes (total 79):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    532 csrss.exe
    596 C:\Windows\System32\wininit.exe
    620 csrss.exe
    652 C:\Windows\System32\services.exe
    664 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    752 C:\Windows\System32\winlogon.exe
    868 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\svchost.exe
    304 C:\Windows\System32\atiesrxx.exe
    460 C:\Windows\System32\svchost.exe
    540 C:\Windows\System32\svchost.exe
    728 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\audiodg.exe
    876 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\SLsvc.exe
    1096 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\atieclxx.exe
    1444 C:\Windows\System32\wlanext.exe
    1548 C:\Windows\System32\spoolsv.exe
    1572 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1744 C:\Windows\System32\svchost.exe
    1952 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2040 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1208 C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    1048 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
    712 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    2236 C:\Windows\System32\taskeng.exe
    2260 C:\Windows\System32\dwm.exe
    2344 C:\Windows\System32\taskeng.exe
    2364 C:\Windows\explorer.exe
    2580 C:\Windows\System32\svchost.exe
    2660 C:\Windows\System32\svchost.exe
    2672 C:\Windows\System32\svchost.exe
    2696 C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
    2708 C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
    2732 C:\Windows\System32\svchost.exe
    2788 C:\Windows\System32\svchost.exe
    2836 C:\Windows\System32\SearchIndexer.exe
    2924 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    2964 WUDFHost.exe
    3068 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1132 C:\Program Files\Windows Defender\MSASCui.exe
    3088 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3116 C:\Program Files\Windows Sidebar\sidebar.exe
    3200 C:\Windows\ehome\ehtray.exe
    3300 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3364 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3456 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3492 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    3516 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    3560 C:\Windows\ehome\ehmsas.exe
    3608 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3616 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    3876 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4016 C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
    3284 WmiPrvSE.exe
    3572 C:\Windows\System32\svchost.exe
    4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4456 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4884 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4704 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    1356 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    5992 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    5356 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5908 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    5104 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    5688 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    3628 C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
    5020 C:\Windows\System32\prevhost.exe
    824 C:\commy32243c\CF21714.3XE
    1612 C:\Users\Administrator\Desktop\MBRCheck.exe
    3140 <unknown>

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  8. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    aswMBR won't load, even when downloaded under another filename :(

    Edit: I'll reboot into safe mode and try that.
     
  9. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    It won't load in safe mode either. When I execute nothing happens.
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Re-Run MBRCheck.exe

    • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Please push the 'Y' key and then press Enter
    • When program ask you Enter your choice: enter
      [1] Dump the MBR of a physical disk to file. and press the Enter key
    • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
    • Enter 3 and press the Enter key.
    • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
      [ 0] Default (Windows XP)
      [ 1] Windows XP
      [ 2] Windows Server 2003
      [ 3] Windows Vista
      [ 4] Windows 2008
      [ 5] Windows 7

      and then press Enter.
    • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
    • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
    • Save it to your desktop then attach the resultant output in your next reply
     
  11. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    I re-ran MBRCheck.exe, and followed your instructions. The program reported it was out of memory when attempting to generate a dump of PhysicalDrive3. However, I was able to generate a dump of PhysicalDrive0.

    I may have a different version than you, as it did not present me with a menu of operating system after asking for a dump file.

    Regardless, attached is the dump file generated.

    It would not let me upload a file with a .dat extension, so I zipped it.
     

    Attached Files:

    • dump.zip
      File size:
      599 bytes
      Views:
      2
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Fix using MBRCheck.exe

    Run MBRCheck.exe again by double-clicking on it.
    • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Enter 'Y' and then press Enter.
    • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
    • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
    • Enter 3 and press the Enter key.
    • The program will show Available MBR codes followed by a list of operating systems as shown below:
    • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
    • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
    • Left-click on the title bar (where program name and path is written).
    • From the menu chose Edit -> Select All.
    • Press the Enter key to copy selected text.
    • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
    • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
    • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
    • If your computer does not restart on its own, please restart it manually.
     
  13. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: GA-MA790X-UD4P
    Logical Drives Mask: 0x000007fc

    Kernel Drivers (total 152):
    0x02600000 \SystemRoot\system32\ntoskrnl.exe
    0x02B18000 \SystemRoot\system32\hal.dll
    0x00604000 \SystemRoot\system32\kdcom.dll
    0x00607000 \SystemRoot\system32\PSHED.dll
    0x0061B000 \SystemRoot\system32\CLFS.SYS
    0x00678000 \SystemRoot\system32\CI.dll
    0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F0000 \SystemRoot\system32\drivers\acpi.sys
    0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00959000 \SystemRoot\system32\drivers\pci.sys
    0x00989000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099E000 \SystemRoot\system32\drivers\volmgr.sys
    0x0072A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B2000 \SystemRoot\system32\drivers\pciide.sys
    0x009B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009C9000 \SystemRoot\system32\DRIVERS\amdide64.sys
    0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009E3000 \SystemRoot\system32\drivers\atapi.sys
    0x00790000 \SystemRoot\system32\drivers\ataport.SYS
    0x007B4000 \SystemRoot\system32\DRIVERS\jraid.sys
    0x007CF000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x00A09000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00A50000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00A64000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C04000 \SystemRoot\system32\drivers\ndis.sys
    0x00AEB000 \SystemRoot\system32\drivers\msrpc.sys
    0x00B3B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x00F82000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01188000 \SystemRoot\system32\drivers\volsnap.sys
    0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
    0x011D4000 \SystemRoot\System32\Drivers\mup.sys
    0x00FAE000 \SystemRoot\System32\drivers\ecache.sys
    0x011E6000 \SystemRoot\system32\drivers\disk.sys
    0x00DC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x00FDA000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00B94000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00B9D000 \SystemRoot\system32\DRIVERS\processr.sys
    0x00BB0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x06200000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x06404000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0625F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x06FB7000 \SystemRoot\System32\drivers\watchdog.sys
    0x0700A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x070F7000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x07128000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x07144000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0714F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x07195000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x071A6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x071B8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x071C8000 \SystemRoot\system32\DRIVERS\serial.sys
    0x071E5000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x06FC7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x06342000 \SystemRoot\system32\DRIVERS\storport.sys
    0x071F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0639F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x063C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x063CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00BB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00BC9000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00BE7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x009EB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x07209000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x07217000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x07223000 \SystemRoot\system32\DRIVERS\gcdbus.sys
    0x07256000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x07258000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0728C000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x072A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x072AB000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x072BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x07303000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x07317000 \SystemRoot\system32\drivers\RtHDMIVX.sys
    0x07344000 \SystemRoot\system32\drivers\portcls.sys
    0x0737F000 \SystemRoot\system32\drivers\drmk.sys
    0x073A2000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0820C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0838F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x08399000 \SystemRoot\System32\Drivers\Null.SYS
    0x083AD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x083B5000 \SystemRoot\System32\drivers\vga.sys
    0x083C3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x083E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x083F1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x08200000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x073A8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x083A2000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x073B9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x073D6000 \SystemRoot\system32\DRIVERS\smb.sys
    0x08404000 \SystemRoot\system32\drivers\afd.sys
    0x0846F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x084B3000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x084BE000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x084DC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x084EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x08506000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x08553000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0855F000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
    0x0857B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x08598000 \SystemRoot\system32\DRIVERS\avkmgr.sys
    0x085A2000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x085C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x085E5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x085E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x00FE4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x085F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0880E000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x08838000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x08846000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x08852000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x0885A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x08872000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x08976000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x08981000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0898D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x089A0000 \SystemRoot\system32\drivers\luafv.sys
    0x089C2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x0A400000 \SystemRoot\system32\drivers\spsys.sys
    0x0A49A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0A4AE000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0A4E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0A4ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0A505000 \SystemRoot\system32\drivers\HTTP.sys
    0x0A5A8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0A5B3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0A5DC000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x089E2000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0B601000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0B628000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0B651000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0B69A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0B6B9000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0B6EB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0B77E000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    0x0C60B000 \SystemRoot\system32\drivers\peauth.sys
    0x0C6C1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0C6CC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0C6DC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0C6FC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x0C712000 \??\C:\Windows\gdrv.sys
    0x0C71B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x0C737000 \??\C:\Windows\system32\drivers\mbam.sys
    0x77740000 \Windows\System32\ntdll.dll

    Processes (total 82):
    0 System Idle Process
    4 System
    448 C:\Windows\System32\smss.exe
    528 csrss.exe
    592 C:\Windows\System32\wininit.exe
    616 csrss.exe
    648 C:\Windows\System32\services.exe
    660 C:\Windows\System32\lsass.exe
    668 C:\Windows\System32\lsm.exe
    836 C:\Windows\System32\winlogon.exe
    856 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\atiesrxx.exe
    1016 C:\Windows\System32\svchost.exe
    256 C:\Windows\System32\svchost.exe
    296 C:\Windows\System32\svchost.exe
    636 C:\Windows\System32\audiodg.exe
    512 C:\Windows\System32\svchost.exe
    664 C:\Windows\System32\SLsvc.exe
    828 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\wlanext.exe
    1408 C:\Windows\System32\spoolsv.exe
    1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1504 C:\Windows\System32\atieclxx.exe
    1520 C:\Windows\System32\svchost.exe
    1916 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1960 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    1976 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1104 C:\Windows\System32\taskeng.exe
    1532 C:\Windows\System32\taskeng.exe
    2084 C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    2132 C:\Windows\System32\dwm.exe
    2172 C:\Windows\explorer.exe
    2224 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
    2244 C:\Windows\SysWOW64\svchost.exe
    2396 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    2524 C:\Windows\System32\svchost.exe
    2572 C:\Windows\System32\svchost.exe
    2604 C:\Windows\System32\svchost.exe
    2628 C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
    2668 C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
    2740 C:\Windows\System32\svchost.exe
    2772 C:\Windows\System32\svchost.exe
    2800 C:\Windows\System32\SearchIndexer.exe
    2904 WUDFHost.exe
    2128 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    1648 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2448 C:\Program Files\Windows Sidebar\sidebar.exe
    1600 C:\Program Files (x86)\Steam\Steam.exe
    2000 C:\Windows\ehome\ehtray.exe
    2564 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    2644 C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    1896 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    2004 C:\Windows\ehome\ehmsas.exe
    1092 C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
    3648 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3664 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3680 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    3720 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    3744 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3956 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1548 WmiPrvSE.exe
    4072 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    3404 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    3556 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    3592 C:\Windows\System32\svchost.exe
    3540 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4312 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4764 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4820 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    3452 C:\Windows\System32\mobsync.exe
    1576 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    4968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5044 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3884 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    4500 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    5112 C:\Windows\System32\taskmgr.exe
    812 C:\Users\Administrator\Documents\CKS\CKS.exe
    6028 C:\Windows\System32\svchost.exe
    4448 C:\Users\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 3Available MBR codes:
    [ 0] Default (Windows Vista)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 3
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
    Out of memory!Could not read disk!


    Done!
     
  14. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    I may have jumped the gun here, but I assumed you wanted me to run this on the disk I actually use (Physical disk 0), so I did. Here is the log file from that.



    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: GA-MA790X-UD4P
    Logical Drives Mask: 0x000007fc

    Kernel Drivers (total 152):
    0x02600000 \SystemRoot\system32\ntoskrnl.exe
    0x02B18000 \SystemRoot\system32\hal.dll
    0x00604000 \SystemRoot\system32\kdcom.dll
    0x00607000 \SystemRoot\system32\PSHED.dll
    0x0061B000 \SystemRoot\system32\CLFS.SYS
    0x00678000 \SystemRoot\system32\CI.dll
    0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F0000 \SystemRoot\system32\drivers\acpi.sys
    0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00959000 \SystemRoot\system32\drivers\pci.sys
    0x00989000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099E000 \SystemRoot\system32\drivers\volmgr.sys
    0x0072A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B2000 \SystemRoot\system32\drivers\pciide.sys
    0x009B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009C9000 \SystemRoot\system32\DRIVERS\amdide64.sys
    0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009E3000 \SystemRoot\system32\drivers\atapi.sys
    0x00790000 \SystemRoot\system32\drivers\ataport.SYS
    0x007B4000 \SystemRoot\system32\DRIVERS\jraid.sys
    0x007CF000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x00A09000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00A50000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00A64000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C04000 \SystemRoot\system32\drivers\ndis.sys
    0x00AEB000 \SystemRoot\system32\drivers\msrpc.sys
    0x00B3B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x00F82000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01188000 \SystemRoot\system32\drivers\volsnap.sys
    0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
    0x011D4000 \SystemRoot\System32\Drivers\mup.sys
    0x00FAE000 \SystemRoot\System32\drivers\ecache.sys
    0x011E6000 \SystemRoot\system32\drivers\disk.sys
    0x00DC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x00FDA000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00B94000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00B9D000 \SystemRoot\system32\DRIVERS\processr.sys
    0x00BB0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x06200000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x06404000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0625F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x06FB7000 \SystemRoot\System32\drivers\watchdog.sys
    0x0700A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x070F7000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x07128000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x07144000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0714F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x07195000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x071A6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x071B8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x071C8000 \SystemRoot\system32\DRIVERS\serial.sys
    0x071E5000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x06FC7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x06342000 \SystemRoot\system32\DRIVERS\storport.sys
    0x071F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0639F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x063C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x063CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00BB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00BC9000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00BE7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x009EB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x07209000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x07217000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x07223000 \SystemRoot\system32\DRIVERS\gcdbus.sys
    0x07256000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x07258000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0728C000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x072A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x072AB000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x072BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x07303000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x07317000 \SystemRoot\system32\drivers\RtHDMIVX.sys
    0x07344000 \SystemRoot\system32\drivers\portcls.sys
    0x0737F000 \SystemRoot\system32\drivers\drmk.sys
    0x073A2000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0820C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0838F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x08399000 \SystemRoot\System32\Drivers\Null.SYS
    0x083AD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x083B5000 \SystemRoot\System32\drivers\vga.sys
    0x083C3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x083E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x083F1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x08200000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x073A8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x083A2000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x073B9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x073D6000 \SystemRoot\system32\DRIVERS\smb.sys
    0x08404000 \SystemRoot\system32\drivers\afd.sys
    0x0846F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x084B3000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x084BE000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x084DC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x084EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x08506000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x08553000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0855F000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
    0x0857B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x08598000 \SystemRoot\system32\DRIVERS\avkmgr.sys
    0x085A2000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x085C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x085E5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x085E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x00FE4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x085F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0880E000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x08838000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x08846000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x08852000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x0885A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x08872000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x08976000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x08981000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0898D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x089A0000 \SystemRoot\system32\drivers\luafv.sys
    0x089C2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x0A400000 \SystemRoot\system32\drivers\spsys.sys
    0x0A49A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0A4AE000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0A4E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0A4ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0A505000 \SystemRoot\system32\drivers\HTTP.sys
    0x0A5A8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0A5B3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0A5DC000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x089E2000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0B601000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0B628000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0B651000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0B69A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0B6B9000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0B6EB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0B77E000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    0x0C60B000 \SystemRoot\system32\drivers\peauth.sys
    0x0C6C1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0C6CC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0C6DC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0C6FC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x0C712000 \??\C:\Windows\gdrv.sys
    0x0C71B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x0C737000 \??\C:\Windows\system32\drivers\mbam.sys
    0x77740000 \Windows\System32\ntdll.dll

    Processes (total 82):
    0 System Idle Process
    4 System
    448 C:\Windows\System32\smss.exe
    528 csrss.exe
    592 C:\Windows\System32\wininit.exe
    616 csrss.exe
    648 C:\Windows\System32\services.exe
    660 C:\Windows\System32\lsass.exe
    668 C:\Windows\System32\lsm.exe
    836 C:\Windows\System32\winlogon.exe
    856 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\atiesrxx.exe
    1016 C:\Windows\System32\svchost.exe
    256 C:\Windows\System32\svchost.exe
    296 C:\Windows\System32\svchost.exe
    636 C:\Windows\System32\audiodg.exe
    512 C:\Windows\System32\svchost.exe
    664 C:\Windows\System32\SLsvc.exe
    828 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\wlanext.exe
    1408 C:\Windows\System32\spoolsv.exe
    1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1504 C:\Windows\System32\atieclxx.exe
    1520 C:\Windows\System32\svchost.exe
    1916 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1960 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    1976 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1104 C:\Windows\System32\taskeng.exe
    1532 C:\Windows\System32\taskeng.exe
    2084 C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    2132 C:\Windows\System32\dwm.exe
    2172 C:\Windows\explorer.exe
    2224 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
    2244 C:\Windows\SysWOW64\svchost.exe
    2396 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    2524 C:\Windows\System32\svchost.exe
    2572 C:\Windows\System32\svchost.exe
    2604 C:\Windows\System32\svchost.exe
    2628 C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
    2668 C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
    2740 C:\Windows\System32\svchost.exe
    2772 C:\Windows\System32\svchost.exe
    2800 C:\Windows\System32\SearchIndexer.exe
    2904 WUDFHost.exe
    2128 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    1648 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2448 C:\Program Files\Windows Sidebar\sidebar.exe
    1600 C:\Program Files (x86)\Steam\Steam.exe
    2000 C:\Windows\ehome\ehtray.exe
    2564 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    2644 C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    1896 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    2004 C:\Windows\ehome\ehmsas.exe
    1092 C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
    3648 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3664 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3680 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    3720 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    3744 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3956 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1548 WmiPrvSE.exe
    4072 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    3404 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    3556 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    3592 C:\Windows\System32\svchost.exe
    3540 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4312 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4764 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4820 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    3452 C:\Windows\System32\mobsync.exe
    1576 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    4968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5044 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3884 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    4500 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    5112 C:\Windows\System32\taskmgr.exe
    812 C:\Users\Administrator\Documents\CKS\CKS.exe
    6028 C:\Windows\System32\svchost.exe
    5372 C:\Users\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows Vista)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 3
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good. Please post a new MBRCheck log...
     
  16. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: GA-MA790X-UD4P
    Logical Drives Mask: 0x000007fc

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  17. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    It would seem the fix didn't take, or the virus re-infected it. :(
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  19. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User: Administrator [Admin rights]
    Mode: Scan -- Date: 07/26/2012 18:54:52

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
    --- User ---
    [MBR] 88a12da6fb76f98356514eb92981f076
    [BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 17c1fed4de9b210808445638d47f8e43
    [BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
    1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976766976 | Size: 1 Mo

    +++++ PhysicalDrive1: USB2.0 CardReader CF USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: USB2.0 CardReader SM XD USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: USB2.0 CardReader MS USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: USB2.0 CardReader SD USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  20. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User: Administrator [Admin rights]
    Mode: Remove -- Date: 07/26/2012 18:55:04

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
    --- User ---
    [MBR] 88a12da6fb76f98356514eb92981f076
    [BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 17c1fed4de9b210808445638d47f8e43
    [BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
    1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976766976 | Size: 1 Mo

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  21. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User: Administrator [Admin rights]
    Mode: Shortcuts HJfix -- Date: 07/26/2012 19:00:32

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 0 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 47 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 4 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 830 / Fail 0
    Backup: [FOUND] Success 17 / Fail 172

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\CdRom1 -- 0x5 --> Skipped
    [F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
    [G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
    [H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
    [I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
    [J:] \Device\IsoCdRom0 -- 0x5 --> Skipped
    [K:] \Device\CdRom2 -- 0x5 --> Skipped

    ¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    And now MBRCheck again, please.
     
  23. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: GA-MA790X-UD4P
    Logical Drives Mask: 0x000007fc

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  25. Michael King

    Michael King TS Rookie Topic Starter Posts: 48

    When I pressed F8 to enter advanced boot options, a "Repair your computer" option was not amongst those listed. When I booted with my Windows Vista dvd with the F8 advanced boot options, it also did not have that option. When I booted normally into the dvd, it automatically went to windows installation, but got stuck on when it prompted me for a drive. It said my primary drive was not an available option (possibly due to the faked MBR?). In short, I was not able to complete that step.

    Did you want me to boot with the flash drive?

    Should I attempt another MBRCheck fix immediately prior to trying this step?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.