Virus Blocking Internet Access

Inactive
By robp777
Oct 8, 2010
Topic Status:
Not open for further replies.
  1. Hi,

    Im having problems with a virus that is blocking my internet access. First of all Iexplorer wouldn't work, so I switched to firefox but both don't work now. Everything works fine in safe mode though (which i am using now).

    My Norton antivirus also will not work and I think my system restore facility aswell.

    malware bytes doesn't pick anything up, so please can you review my attachments and help me fix the problem?

    Any help is much appreciated.

    Regards


    View attachment Attach.txt

    View attachment hijackthis.log

    View attachment mbam-log-2010-10-08 (17-46-28).txt

    View attachment DDS.txt
  2. Broni

    Broni Malware Annihilator Posts: 46,143   +251

  3. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    re

    Sorry! I can't attach it. when i did the scan it says nothing was found and the scan log is just blank anyway.
  4. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    That's fine....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    Hi, Here are the results of my MBR check. Combofix doesnt work unfortunately because I have Windows Vista 64 bit.

    Regards,


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: PACKARD BELL BV
    System Product Name: iXtreme X9610
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 113):
    0x02C17000 \SystemRoot\system32\ntoskrnl.exe
    0x0312F000 \SystemRoot\system32\hal.dll
    0x00605000 \SystemRoot\system32\kdcom.dll
    0x0060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0063C000 \SystemRoot\system32\PSHED.dll
    0x00650000 \SystemRoot\system32\CLFS.SYS
    0x006AD000 \SystemRoot\system32\CI.dll
    0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EF000 \SystemRoot\system32\drivers\acpi.sys
    0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00958000 \SystemRoot\system32\drivers\pci.sys
    0x00988000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099D000 \SystemRoot\system32\drivers\volmgr.sys
    0x0075F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B1000 \SystemRoot\system32\drivers\pciide.sys
    0x009B8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009C8000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009DB000 \SystemRoot\system32\drivers\nvraid.sys
    0x007C5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x007F1000 \SystemRoot\system32\drivers\atapi.sys
    0x00A03000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A27000 \SystemRoot\system32\drivers\nvstor64.sys
    0x00A4A000 \SystemRoot\system32\drivers\storport.sys
    0x00AA7000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00AED000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
    0x00B5B000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00B6F000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
    0x00BAA000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00C03000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E02000 \SystemRoot\system32\drivers\ndis.sys
    0x00C8A000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CDA000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01000000 \SystemRoot\System32\drivers\tcpip.sys
    0x01174000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01385000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D1000 \SystemRoot\System32\Drivers\mup.sys
    0x011A0000 \SystemRoot\System32\drivers\ecache.sys
    0x013E3000 \SystemRoot\system32\drivers\disk.sys
    0x011CC000 \SystemRoot\system32\drivers\crcdisk.sys
    0x011EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x013F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00FE8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x00D32000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x00D3E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x00D4C000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x00D57000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x00D9D000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x00DAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02A0F000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x02A99000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x02AAB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x02ABB000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02AD7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x02C01000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x02D6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x02D77000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02DAF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02DBC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02DDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02AE4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x02DEB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02B15000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02B33000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02B4B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02B5D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02B91000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02B9C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02BAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x00DC1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x02BF3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x02A00000 \SystemRoot\System32\Drivers\Null.SYS
    0x00DD5000 \SystemRoot\System32\drivers\vga.sys
    0x00BB6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x00DE3000 \SystemRoot\System32\drivers\watchdog.sys
    0x00DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x00BDB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x00BE6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x00BF7000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x0320E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x032A1000 \SystemRoot\system32\DRIVERS\smb.sys
    0x032BC000 \SystemRoot\system32\drivers\afd.sys
    0x03329000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0336D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0338B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x0339A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x033E8000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0322B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03248000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x0325D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0325F000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x03268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0327A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03401000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x0344F000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0345D000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x03467000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x0348A000 \SystemRoot\System32\drivers\Dxapi.sys
    0x00450000 \SystemRoot\System32\drivers\dxg.sys
    0x006B0000 \SystemRoot\System32\TSDDD.dll
    0x008E0000 \SystemRoot\System32\framebuf.dll
    0x03496000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x034CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x034D5000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x034F3000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0350D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03536000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0357F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x77330000 \Windows\System32\ntdll.dll

    Processes (total 26):
    0 System Idle Process
    4 System
    356 C:\Windows\System32\smss.exe
    416 csrss.exe
    452 C:\Windows\System32\wininit.exe
    460 csrss.exe
    504 C:\Windows\System32\winlogon.exe
    536 C:\Windows\System32\services.exe
    548 C:\Windows\System32\lsass.exe
    556 C:\Windows\System32\lsm.exe
    708 C:\Windows\System32\svchost.exe
    764 C:\Windows\System32\svchost.exe
    896 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    128 C:\Windows\System32\svchost.exe
    696 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1340 C:\Windows\explorer.exe
    268 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    692 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    812 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1936 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1816 C:\Windows\System32\dllhost.exe
    1964 C:\Users\Robp\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  6. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Sorry for Combofix. You can delete the file.

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
  7. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    Hi, All done. Here is the log file:



    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: PACKARD BELL BV
    System Product Name: iXtreme X9610
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 147):
    0x02C1F000 \SystemRoot\system32\ntoskrnl.exe
    0x03137000 \SystemRoot\system32\hal.dll
    0x0060D000 \SystemRoot\system32\kdcom.dll
    0x00617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00644000 \SystemRoot\system32\PSHED.dll
    0x00658000 \SystemRoot\system32\CLFS.SYS
    0x006B5000 \SystemRoot\system32\CI.dll
    0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F7000 \SystemRoot\system32\drivers\acpi.sys
    0x0094D000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00956000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00960000 \SystemRoot\system32\drivers\pci.sys
    0x00990000 \SystemRoot\System32\drivers\partmgr.sys
    0x009A5000 \SystemRoot\system32\drivers\volmgr.sys
    0x00767000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B9000 \SystemRoot\system32\drivers\pciide.sys
    0x009C0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x007CD000 \SystemRoot\system32\drivers\nvraid.sys
    0x00A0E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00A3A000 \SystemRoot\system32\drivers\atapi.sys
    0x00A42000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A66000 \SystemRoot\system32\drivers\nvstor64.sys
    0x00A89000 \SystemRoot\system32\drivers\storport.sys
    0x00AE6000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B2C000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
    0x00B9A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00BAE000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
    0x00BE9000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E08000 \SystemRoot\system32\drivers\ndis.sys
    0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0100E000 \SystemRoot\System32\drivers\tcpip.sys
    0x01182000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01387000 \SystemRoot\system32\drivers\volsnap.sys
    0x013CB000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D3000 \SystemRoot\System32\Drivers\mup.sys
    0x011AE000 \SystemRoot\System32\drivers\ecache.sys
    0x013E5000 \SystemRoot\system32\drivers\disk.sys
    0x011DA000 \SystemRoot\system32\drivers\crcdisk.sys
    0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00FEE000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00D3A000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x00D4D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x00D63000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x00D6F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x00D7D000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x00D88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x00DCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x00DDF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02A03000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x02A8D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x02A9F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x02C05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03897000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03899000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03978000 \SystemRoot\System32\drivers\watchdog.sys
    0x03987000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x039A3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03C04000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03D71000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03D7A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03DB2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03DBF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03DE2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x039B0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03DEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x039E1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02AAF000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02AC7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03DFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02AD9000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02B0D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02B18000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02B28000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02B6F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04201000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0435F000 \SystemRoot\system32\drivers\portcls.sys
    0x0439A000 \SystemRoot\system32\drivers\drmk.sys
    0x043BD000 \SystemRoot\system32\drivers\ksthunk.sys
    0x043C3000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
    0x043D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x043DF000 \SystemRoot\System32\Drivers\Null.SYS
    0x043E8000 \SystemRoot\System32\drivers\vga.sys
    0x02B83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x043F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02BA8000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02BB1000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02BBC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02BCD000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x02BD6000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04405000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
    0x0447B000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x044B1000 \SystemRoot\system32\DRIVERS\smb.sys
    0x044CC000 \SystemRoot\system32\drivers\afd.sys
    0x04539000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0457D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0459B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x045AA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x045C5000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
    0x045EC000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
    0x04809000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04857000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
    0x0486A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x0487F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04881000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0488D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100730.001\IDSvia64.sys
    0x04903000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04979000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04A03000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
    0x04A9F000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04AA8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04ABA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04AC2000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x04ADE000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04AEC000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04AF6000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x04B19000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04B25000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004C0000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x04B38000 \SystemRoot\system32\drivers\luafv.sys
    0x04B5A000 \SystemRoot\system32\drivers\spsys.sys
    0x04996000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x049AA000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x04BF4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x049DE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x08C00000 \SystemRoot\system32\drivers\HTTP.sys
    0x08C9F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08CC7000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x08CE5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x08CFF000 \SystemRoot\system32\drivers\mrxdav.sys
    0x08D26000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x08D4F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x08D98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x08DB7000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08E0A000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08EA1000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x08EEE000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x08EFB000 \SystemRoot\system32\drivers\peauth.sys
    0x08FB1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08FBC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x773E0000 \Windows\System32\ntdll.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    512 csrss.exe
    564 C:\Windows\System32\wininit.exe
    584 csrss.exe
    620 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    720 C:\Windows\System32\winlogon.exe
    840 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\nvvsvc.exe
    912 C:\Windows\System32\svchost.exe
    216 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    464 C:\Windows\System32\svchost.exe
    480 C:\Windows\System32\svchost.exe
    476 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\audiodg.exe
    492 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\SLsvc.exe
    1084 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\nvvsvc.exe
    1252 C:\Windows\System32\svchost.exe
    1528 C:\Windows\System32\spoolsv.exe
    1552 C:\Windows\System32\svchost.exe
    1972 C:\Windows\System32\dwm.exe
    2008 C:\Windows\System32\taskeng.exe
    2032 C:\Windows\explorer.exe
    208 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    1376 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2064 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2096 C:\Windows\SysWOW64\svchost.exe
    2164 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    2200 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
    2244 C:\Windows\System32\svchost.exe
    2260 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2324 C:\Program Files (x86)\O2\bin\sprtsvc.exe
    2332 C:\Windows\RAVCpl64.exe
    2384 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
    2412 C:\Windows\System32\taskeng.exe
    2428 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
    2468 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    2564 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
    2580 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2608 C:\Program Files (x86)\PPLive\PPLive.exe
    2628 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2664 C:\Windows\System32\svchost.exe
    2672 C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
    2712 C:\Windows\System32\svchost.exe
    2736 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2744 C:\Windows\System32\SearchIndexer.exe
    2824 C:\Windows\SysWOW64\Macromed\Shockwave 10\SwHelper_1030024.exe
    2848 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2952 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2352 WmiPrvSE.exe
    2520 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    3288 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    3332 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    3380 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3840 C:\Program Files\iPod\bin\iPodService.exe
    2772 dllhost.exe
    3008 dllhost.exe
    2704 C:\Users\Robp\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  8. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Hmmm....it didn't work....

    Let's try different method....

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning ISO Images to a CD or DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
  9. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    hi here is the new log: It might also be worth saying that this stage below didnt require any loading at all. Is that normal? After I typed enter it finsihed straight away.

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Anyway here is my log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: PACKARD BELL BV
    System Product Name: iXtreme X9610
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 147):
    0x02C0B000 \SystemRoot\system32\ntoskrnl.exe
    0x03123000 \SystemRoot\system32\hal.dll
    0x00604000 \SystemRoot\system32\kdcom.dll
    0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0063B000 \SystemRoot\system32\PSHED.dll
    0x0064F000 \SystemRoot\system32\CLFS.SYS
    0x006AC000 \SystemRoot\system32\CI.dll
    0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F6000 \SystemRoot\system32\drivers\acpi.sys
    0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095F000 \SystemRoot\system32\drivers\pci.sys
    0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
    0x009A4000 \SystemRoot\system32\drivers\volmgr.sys
    0x0075E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B8000 \SystemRoot\system32\drivers\pciide.sys
    0x009BF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009CF000 \SystemRoot\System32\drivers\mountmgr.sys
    0x007C4000 \SystemRoot\system32\drivers\nvraid.sys
    0x00A0B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00A37000 \SystemRoot\system32\drivers\atapi.sys
    0x00A3F000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A63000 \SystemRoot\system32\drivers\nvstor64.sys
    0x00A86000 \SystemRoot\system32\drivers\storport.sys
    0x00AE3000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B29000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
    0x00B97000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00BAB000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
    0x00BE6000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E04000 \SystemRoot\system32\drivers\ndis.sys
    0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
    0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01007000 \SystemRoot\System32\drivers\tcpip.sys
    0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D8000 \SystemRoot\System32\Drivers\mup.sys
    0x011A7000 \SystemRoot\System32\drivers\ecache.sys
    0x013EA000 \SystemRoot\system32\drivers\disk.sys
    0x011D3000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00FEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x011F5000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00D3A000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x00D4D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x00D63000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x00D6F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x00D7D000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x00D88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x00DCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x00DDF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02C04000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x02C8E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x02CA0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x02E0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03A9E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03AA0000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03B7F000 \SystemRoot\System32\drivers\watchdog.sys
    0x03B8E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03BAA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03C05000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03D72000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03D7B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03DB3000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03DC0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03DE3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03BB7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03DEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02CB0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03BE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02CCE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02CE0000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02D14000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02D24000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02D6B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04403000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04561000 \SystemRoot\system32\drivers\portcls.sys
    0x0459C000 \SystemRoot\system32\drivers\drmk.sys
    0x045BF000 \SystemRoot\system32\drivers\ksthunk.sys
    0x045C5000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
    0x045D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x045E1000 \SystemRoot\System32\Drivers\Null.SYS
    0x045EA000 \SystemRoot\System32\drivers\vga.sys
    0x02D7F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02DA4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02DAD000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02DB6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02DC1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02DD2000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x02DDB000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04607000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
    0x0467D000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x046B3000 \SystemRoot\system32\DRIVERS\smb.sys
    0x046CE000 \SystemRoot\system32\drivers\afd.sys
    0x0473B000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0477F000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0479D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x047AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x047C7000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
    0x009E2000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
    0x0480E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0485C000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
    0x0486F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0487B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100730.001\IDSvia64.sys
    0x048F1000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04967000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04A08000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
    0x04AA4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x04AB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04ABB000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04AC4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04AD6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04ADE000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x04B2C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04B3A000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04B44000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x04B67000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04B73000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004F0000 \SystemRoot\System32\TSDDD.dll
    0x00640000 \SystemRoot\System32\cdd.dll
    0x04B86000 \SystemRoot\system32\drivers\luafv.sys
    0x08A04000 \SystemRoot\system32\drivers\spsys.sys
    0x08A9E000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x08AB2000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x08AE6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x08AF1000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x08B09000 \SystemRoot\system32\drivers\HTTP.sys
    0x08BA8000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08BD0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04BA8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04BC2000 \SystemRoot\system32\drivers\mrxdav.sys
    0x04984000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x049AD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x00FC7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x08E0B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08E3D000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08ED4000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x08F21000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x08F2E000 \SystemRoot\system32\drivers\peauth.sys
    0x08FE4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08FEF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x777C0000 \Windows\System32\ntdll.dll

    Processes (total 65):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    512 csrss.exe
    564 C:\Windows\System32\wininit.exe
    584 csrss.exe
    620 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    720 C:\Windows\System32\winlogon.exe
    844 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\nvvsvc.exe
    916 C:\Windows\System32\svchost.exe
    280 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    488 C:\Windows\System32\svchost.exe
    520 C:\Windows\System32\svchost.exe
    504 C:\Windows\System32\svchost.exe
    452 C:\Windows\System32\audiodg.exe
    1032 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\SLsvc.exe
    1104 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\nvvsvc.exe
    1272 C:\Windows\System32\svchost.exe
    1544 C:\Windows\System32\spoolsv.exe
    1568 C:\Windows\System32\svchost.exe
    1860 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    1940 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1960 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1984 C:\Windows\SysWOW64\svchost.exe
    1324 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    1604 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
    1280 C:\Windows\System32\svchost.exe
    1220 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1824 C:\Program Files (x86)\O2\bin\sprtsvc.exe
    2064 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
    2184 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2204 C:\Windows\System32\svchost.exe
    2232 C:\Windows\System32\svchost.exe
    2272 C:\Windows\System32\SearchIndexer.exe
    2312 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2380 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2556 WmiPrvSE.exe
    2652 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    2912 C:\Windows\System32\taskeng.exe
    2432 C:\Windows\System32\SearchProtocolHost.exe
    1836 C:\Windows\System32\SearchFilterHost.exe
    2804 C:\Windows\System32\taskeng.exe
    2220 C:\Windows\System32\dwm.exe
    956 C:\Windows\explorer.exe
    1008 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    3296 C:\Windows\RAVCpl64.exe
    3312 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
    3336 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    3388 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3396 C:\Program Files (x86)\PPLive\PPLive.exe
    3412 C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
    3428 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    3448 C:\Windows\SysWOW64\Macromed\Shockwave 10\SwHelper_1030024.exe
    3480 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    3508 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3924 C:\Program Files\iPod\bin\iPodService.exe
    464 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
    3152 dllhost.exe
    3472 dllhost.exe
    840 C:\Users\Robp\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  10. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    I'm not sure, why this is not working....hmmmm...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ======================================================================

    • Please download Rootkit Unhooker . Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Checkmark Drivers, Stealth. Uncheck the rest. Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report to some known location. Click Close.
    Copy the entire content of the report and paste it in a reply here.

    Note. You may get this warning it is ok, just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
  11. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    I ran the TDS killer and it said nothing found, here is the log below. I also ran rootkit unhooker and it failed to work giving me this message: Error loading status driver, NTSTATUS code:0xC000035F

    ================================================================================
    2010/10/10 10:54:09.0671 Scan finished
    2010/10/10 10:54:09.0671 ================================================================================
     
  12. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

  13. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    ...Rootkit Unhooker...
  14. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    Rootkit unhooked didn't work, I got an error msg. Sorry I posted two replys last time.
  15. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  16. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    Hi I' sorry but I am having problems with Dr web curit. The scan takes about 8 hours and it does find 3 items one of which is called TFC____0.exe which is a trojan.Downloader1.26252.

    However I cannot save the report list, when i press file save report list nothing happens and it doesnt save to my desktop. Is it because I am running in safe mode?

    thanks
  17. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    OTL Extras logfile created on: 14/10/2010 18:37:37 - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Robp\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
    8.00 Gb Paging File | 8.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.17 Gb Total Space | 283.44 Gb Free Space | 48.69% Space Free | Partition Type: NTFS
    Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ROBP-PC | User Name: Robp | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{CC245AE0-D9CD-4727-980D-1FFA24A5DB15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E49B7735-80FD-4A9E-9299-4D5E2F7A2FDA}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0119D7C9-14C7-4556-B002-8E552BDA1409}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
    "{029C9F8D-FDF7-4B23-BBA9-2C50C158BD10}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
    "{03EC4228-29C6-4D62-82C5-1B430DA7FB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3\gothic3.exe |
    "{0B6FF908-DA25-43DB-BCCA-8D153AA1C7D0}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
    "{0FB728E9-3983-43F4-A10E-937E6F132F71}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
    "{11306ED5-D0E5-4633-8A15-244C70D4763A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{18BDFDD6-426B-41D8-B1A9-2BE2475372FF}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\bin\wificfg.exe |
    "{1E63D87F-4E23-44BA-AEDB-E469D372B7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "{2225A15F-FDDC-4303-AE77-4B0D98790BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{2325054A-02EB-4E33-B32A-D7F5AA41B626}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
    "{26473AB7-3CA6-4F93-B48C-71E7CD4135D4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{28907A52-C1B3-489A-8484-3F05B00A2DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
    "{2D6425AC-43B8-40FC-B089-2728C7A7AD82}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\supportsoft\bin\ssrc.exe |
    "{2F7FB5A8-F52F-4996-B7E7-F9CEE3896557}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
    "{329062DF-D1F2-45C3-B1DF-C7374B0B9771}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{344D61C7-5065-4DB4-A676-30B2BA946092}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
    "{3652163A-5754-437B-9302-8E27D826D7C4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
    "{37068B28-D4C7-426C-A187-01F5B19FCDE5}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
    "{3EAB262A-41C3-4B1A-A585-82A6A79336C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{3F84A69D-279A-4A26-B636-3E17B8B8F24E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{4046765D-EE38-4F16-B6D6-0E5E0DCF0E33}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
    "{4262774A-9E13-4D14-AFEC-99E867CD99FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
    "{450B03EE-7583-4A1D-AD0D-EDC5B8C862BC}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe |
    "{4BEF54DF-5CA6-4165-B9BA-821CC3FE9610}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\supportsoft\bin\ssrc.exe |
    "{5D8EF1C7-018B-49F7-AEE1-28CEA8A2A1E9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{669C591A-A7DB-4247-A47C-209D95DEB47D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{6A46DEE7-9C50-4D97-8B11-80199E615D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont.exe |
    "{70F64EBE-058E-456E-91C5-40A148829DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7568DB56-93B4-4D23-8A32-1985F56D4AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{812D3FE1-C271-4A75-8065-947AAF23D00B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{82229366-489B-4FAA-8F53-0C0448E7166E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{88FCAA59-14A7-44D4-B04C-64BB5AC3BF27}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
    "{8986320F-14FA-419C-B45A-E35FC7D9EBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe |
    "{8AFC4C4D-ECBD-4BA5-8F13-02EFE0C36F94}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
    "{8F0C9D28-F6C5-4059-B843-8F930E782FFC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8FDD3D91-3F48-41B5-9232-36CD7179453B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{94C05725-A49F-4BEC-85D6-7D3A3ECB5724}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont_nm.exe |
    "{96348793-2395-4428-BA20-E350E2C3EFEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3\gothic3.exe |
    "{984E071F-DEB4-4EFC-9C96-CA2440CAD2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{9B773CDE-C0DC-4AF2-A7EC-C8CAA2FE919F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{9C5A2BF0-F0A5-4672-86D3-DDD9D68CBB27}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{A34CAF8D-9E19-4C39-AD17-E6E9E7916995}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A4EF0F32-86F9-4F4B-8E8F-50B2A3C7A62F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{A6BAAB5B-2F20-443E-8D28-53BCC5BCBC5E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{B262CAD1-B5D4-4541-B20E-7FB3CD12BCD9}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
    "{B603B769-9B82-483D-9C38-BFF6CDAB0E48}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
    "{B91E45C9-9BBE-4998-B725-07ECA6F1303B}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
    "{BC0510D2-3A82-4990-9DDC-5431B62A62E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{BE88A5AB-D973-4A39-AD30-47750928C961}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
    "{C46979C3-928D-469A-9591-10287C08AAC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
    "{C839D34D-A49B-4C3D-8EEC-68B6B1508F83}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont.exe |
    "{CC608731-AE39-4490-83B4-02CD997EFE26}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
    "{CE5520B5-3E83-4C82-AD6F-777E6F078607}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
    "{D5A139E1-FF63-4118-AEB0-86D13122674B}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\bin\wificfg.exe |
    "{DC990A83-7767-4179-8C91-9384F1BAB166}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E3CB9AA7-452F-4D15-A64B-3BA4D1ABED4D}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont_nm.exe |
    "{E9519EC9-79E8-435F-A993-155B2D69BA75}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{EC76FA84-4641-4C73-A15E-61C6ECD9D472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{F82F0722-8328-419D-8EC0-BD3AFE6EDF56}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{F9E83286-2D6C-42FF-9AC9-B99BE847A2CD}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
    "TCP Query User{49B7A7E7-1370-472C-B97F-F653B4104FAD}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
    "UDP Query User{765203D7-3648-4A0B-9E3E-1895051A2DBA}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{54E4B319-0CE0-448D-B299-EE05BC30E4D1}" = Windows Live Family Safety
    "{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}" = MobileMe Control Panel
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "HitmanPro35" = Hitman Pro 3.5
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
    "{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
    "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
    "{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1C61C87D-DB8E-4E8A-900C-293C569DC211}" = Internet From BT
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
    "{3559CDE0-11FC-4D7B-A65C-D646035B1033}" = Nero 8 Essentials
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
    "{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
    "{52B94500-1782-411F-BFA5-EBAC312964DE}" = The Witcher Demo
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
    "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
    "{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A0732D58-7DC1-431F-ADE5-B9704B2EBEDF}" = Big Mutha Truckers
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E0DF9B8E-0D6D-45C6-B3C8-5CBD30C0F1CC}" = Sensible Soccer 2006
    "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
    "{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
    "{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
    "AC3Filter" = AC3Filter (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AdobePE6" = Adobe Photoshop Elements 6
    "AdobeReader" = Adobe Reader 8.1.2
    "AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "BT_GB" = British Telecom
    "Carbonite" = Carbonite
    "Carbonite Setup Lite" = Protect your files now
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "Download Manager" = Download Manager 2.3.9
    "Easybits Magic Desktop" = EasyBits Magic Desktop
    "FIJI" = Keyboard FIJI
    "GoogleToolbar" = Google Toolbar
    "HijackThis" = HijackThis 2.0.2
    "Hitman - Codename 47" = Hitman - Codename 47
    "HitmanPro35" = Hitman Pro 3.5
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ImageWriter" = Packard Bell ImageWriter
    "ImgBurn" = ImgBurn
    "Infocentre" = Infocentre Rev. 2.0
    "InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "LCDTest" = Packard Bell LCD Test
    "magicdesktop" = Easybits Magic Desktop
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "Nero8" = Nero 8 Essentials
    "NIS" = Norton Internet Security
    "Norton Utilities_is1" = Norton Utilities
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OFF2k7_UK" = Microsoft® Office Trial 2007
    "PBREG" = Packard Bell Registration
    "Rapport_msi" = Rapport
    "SETUPMYPC_GB" = SetUp My PC
    "Shockwave" = Shockwave
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Starcraft" = Starcraft
    "Steam App 39500" = Gothic 3
    "SWOS-Total Pack" = SWOS-Total Pack
    "SystemRequirementsLab" = System Requirements Lab
    "TescoDownloader" = Tesco Download Manager
    "TVUPlayer" = TVUPlayer 2.4.7.2
    "Updator" = Packard Bell Updator
    "uTorrent" = µTorrent
    "VIDEO_NVIDIA" = Video NVIDIA v174.90
    "V-Ray for SketchUp 1.48.66" = V-Ray for SketchUp
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "works9se" = Microsoft Works 9 SE
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZMBV" = Zip Motion Block Video codec (Remove Only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/06/2010 12:06:05 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
    Description =

    Error - 21/06/2010 12:06:05 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
    Description =

    Error - 21/06/2010 12:06:05 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 21/06/2010 12:06:42 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
    Description =

    Error - 21/06/2010 12:06:42 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
    Description =

    Error - 21/06/2010 12:10:18 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
    Description =

    Error - 21/06/2010 12:10:18 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
    Description =

    Error - 21/06/2010 12:10:18 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 21/06/2010 12:29:15 | Computer Name = Robp-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 21/06/2010 12:29:25 | Computer Name = Robp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    [ System Events ]
    Error - 14/10/2010 13:23:48 | Computer Name = Robp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 14/10/2010 13:23:48 | Computer Name = Robp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 14/10/2010 13:23:48 | Computer Name = Robp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 14/10/2010 13:33:33 | Computer Name = Robp-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 18:31:25 on 14/10/2010 was unexpected.

    Error - 14/10/2010 13:33:52 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
    Description =

    Error - 14/10/2010 13:33:59 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
    Description =

    Error - 14/10/2010 13:34:02 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
    Description =

    Error - 14/10/2010 13:34:03 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
    Description =

    Error - 14/10/2010 13:34:53 | Computer Name = Robp-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 14/10/2010 13:34:53 | Computer Name = Robp-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  19. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    OTL report

    View attachment OTL.Txt

    OTL was too big to paste so I have attached it. extras file pasted in previous post.

    thanks
  20. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    I don't see much here....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    Hi,


    It said it did't find any threats.
  22. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  23. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    Hi, I have attached the OTL log, but I still cannot access the internet when not is safe mode. Both firefox and internet explorer say they cannot connect.

    Is there anything else I can try? Malwarebytes says everything is clean but it still wont work.

    Thanks




    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Robp
    ->Temp folder emptied: 4284007 bytes
    ->Temporary Internet Files folder emptied: 531532664 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 3401 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 356352 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14330324 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 7135759 bytes

    Total Files Cleaned = 532.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Robp
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.15.2 log created on 10172010_115612

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5366.tmp not found!
    File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5377.tmp not found!
    File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5425.tmp not found!
    File\Folder C:\Users\Robp\AppData\Local\Temp\~DF542A.tmp not found!
    File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5452.tmp not found!
    File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5457.tmp not found!
    C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFMNJ2UR\adsCAJKZOE4.htm moved successfully.
    C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOYCA9SF\sh24[1].html moved successfully.
    C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOYCA9SF\topic154578-2[1].html moved successfully.
    C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQDULZL1\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A30OABVH\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JP155J7\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60P7YDPO\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download Security Check from HERE, and save it to your Desktop.

    * Double-click SecurityCheck.exe
    * Follow the onscreen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  25. robp777

    robp777 Newcomer, in training Topic Starter Posts: 27

    hi here is the log:

    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    ESET Online Scanner v3
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 13
    Out of date Java installed!
    Adobe Flash Player 10.0.12.36
    Adobe Reader 8.1.2
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.