TechSpot

Virus Blocking Internet Access

Inactive
By robp777
Oct 8, 2010
  1. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    We have some issues here...

    First of all why your Vista doesn't have any service packs installed?
     
  2. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    I'm not sure why actually. My windows updated hasn't been working properly and often crashes. In a previous step (today) you said to make sure all windows updates are installed, so I checked for updates and it installed service pack 2. As far as I could tell it installed it.

    Should I try again?
     
  3. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Go Start and in "Start search: type in:
    winver
    Press Enter.
    Does it say SP2 there?
     
  4. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    Yes it says version 6.0 (build 6002: service pack 2)
     
  5. Broni

    Broni Malware Annihilator Posts: 48,011   +271

  6. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    this isnt working either, it says I have to remove norton utilities 14 with the add remove feature. So I did and it is no longer there but the norton uninstall system won't work because it keep saying to uninstall norton utilities
     
  7. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Restart computer and try again.
     
  8. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    I've tried that and it doesn't seem to work either.
     
  9. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    I tried to remove norton security from the add remove programs section and I got a blue screen crash!
     
  10. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    I keep getting the blue screen crahes now, windows update also says I have 38 updates so I tried installing them. 4 fails though and I got the error msg: code 80246007
    Code 80073712 and code 800b0100.

    Sorry for all the posts!
     
  11. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    We'll try to remove Norton manually then.

    But first, restart in normal mode and...

    1. Click Start>Run (Start>"Start search" in Vista).

    2. Type in (or copy and paste):

    cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

    and press Enter.

    3. Notepad will open.

    4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.


    When done....

    Download OTL to your Desktop (if you removed it already).
    Run "Quick scan" and post its log.
     
     
  12. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    Ping log:

    Pinging google.com [173.194.37.104] with 32 bytes of data:

    Reply from 173.194.37.104: bytes=32 time=24ms TTL=58

    Reply from 173.194.37.104: bytes=32 time=23ms TTL=58

    Reply from 173.194.37.104: bytes=32 time=25ms TTL=58

    Reply from 173.194.37.104: bytes=32 time=24ms TTL=58



    Ping statistics for 173.194.37.104:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 23ms, Maximum = 25ms, Average = 24ms

    [/ATTACH]
     

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Your connection is just fine.
    Something is blocking your browsers.

    One more question.
    Do you have Vista DVD?
     
  14. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    Sorry i have been away for a few days. Do u mean A vista installation DVD? Because I don't have one of those.
     
  15. Broni

    Broni Malware Annihilator Posts: 48,011   +271

  16. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    We tried this before and it didn't work. You said we should try removing norton manually?
     
  17. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    OK. Let's go for it.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    Sorry previous post is wrong! I got a blue screen crash when i ran this in normal mode so i had to do it in safe mode. Also there was no Extras log just the OTL.txt.


    View attachment OTL.Txt
     
  19. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    I managed to get on to the internet in Normal mode! I had to remove norton utilities from the windows registry and then the norton remove tool worked. However I still think there are some problems, can you please just check this MBR log?, because I think it still says I am infected. Appreciate the help!

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: PACKARD BELL BV
    System Product Name: iXtreme X9610
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 138):
    0x02C05000 \SystemRoot\system32\ntoskrnl.exe
    0x0311C000 \SystemRoot\system32\hal.dll
    0x00607000 \SystemRoot\system32\kdcom.dll
    0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064C000 \SystemRoot\system32\PSHED.dll
    0x00660000 \SystemRoot\system32\CLFS.SYS
    0x006BD000 \SystemRoot\system32\CI.dll
    0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F3000 \SystemRoot\system32\drivers\acpi.sys
    0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095C000 \SystemRoot\system32\drivers\pci.sys
    0x0098C000 \SystemRoot\System32\drivers\partmgr.sys
    0x009A1000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B5000 \SystemRoot\system32\drivers\pciide.sys
    0x009BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009CC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x007D5000 \SystemRoot\system32\drivers\nvraid.sys
    0x00A04000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00A30000 \SystemRoot\system32\drivers\atapi.sys
    0x00A38000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A5C000 \SystemRoot\system32\drivers\nvstor64.sys
    0x00A7F000 \SystemRoot\system32\drivers\storport.sys
    0x00ADC000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00B23000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00B37000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00B43000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C00000 \SystemRoot\system32\drivers\ndis.sys
    0x00E07000 \SystemRoot\system32\drivers\msrpc.sys
    0x00E57000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01009000 \SystemRoot\System32\drivers\tcpip.sys
    0x0117F000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0120A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138A000 \SystemRoot\system32\drivers\volsnap.sys
    0x013CE000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D6000 \SystemRoot\System32\Drivers\mup.sys
    0x011AB000 \SystemRoot\System32\drivers\ecache.sys
    0x013E8000 \SystemRoot\system32\drivers\disk.sys
    0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
    0x011EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x01000000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00ED3000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x00EE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x00EFC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x00F08000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x00F16000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x00F21000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x00F67000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02A07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02AF4000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x02B7E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x02B90000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x02C01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03893000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03895000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03976000 \SystemRoot\System32\drivers\watchdog.sys
    0x03986000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x039A2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03C06000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03D73000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03D7C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03DB5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03DC2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03DE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x039AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x039E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02BA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02BBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02BD6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03DF1000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x00F78000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03DF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x039F0000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x00FAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02BE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04409000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04567000 \SystemRoot\system32\drivers\portcls.sys
    0x045A2000 \SystemRoot\system32\drivers\drmk.sys
    0x045C5000 \SystemRoot\system32\drivers\ksthunk.sys
    0x045CB000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
    0x045DD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x045E7000 \SystemRoot\System32\Drivers\Null.SYS
    0x045F0000 \SystemRoot\System32\drivers\vga.sys
    0x00DC3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x04400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x00FF4000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x00DE8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x00BCA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x00DF3000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x00BDB000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x009DF000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04605000 \SystemRoot\system32\drivers\afd.sys
    0x04670000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x046B4000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x046D2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x046E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x046FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04749000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
    0x0475C000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04768000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04785000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x0479D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0479F000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x047ED000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x011D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x047F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x00EB0000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x00EBE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04803000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x04826000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04832000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00450000 \SystemRoot\System32\TSDDD.dll
    0x006D0000 \SystemRoot\System32\cdd.dll
    0x04845000 \SystemRoot\system32\drivers\luafv.sys
    0x04867000 \SystemRoot\system32\drivers\spsys.sys
    0x04901000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04915000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x04949000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x04954000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0880D000 \SystemRoot\system32\drivers\HTTP.sys
    0x088B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x088D9000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x088F7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x08911000 \SystemRoot\system32\drivers\mrxdav.sys
    0x08938000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x08961000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x089AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x089C9000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0496C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09008000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x09055000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x09062000 \SystemRoot\system32\drivers\peauth.sys
    0x09118000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x09123000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x77740000 \Windows\System32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    428 C:\Windows\System32\smss.exe
    492 csrss.exe
    540 C:\Windows\System32\wininit.exe
    560 csrss.exe
    592 C:\Windows\System32\services.exe
    608 C:\Windows\System32\lsass.exe
    616 C:\Windows\System32\lsm.exe
    664 C:\Windows\System32\winlogon.exe
    812 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\nvvsvc.exe
    884 C:\Windows\System32\svchost.exe
    1012 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    316 C:\Windows\System32\svchost.exe
    440 C:\Windows\System32\svchost.exe
    452 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\audiodg.exe
    448 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\SLsvc.exe
    1076 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\nvvsvc.exe
    1240 C:\Windows\System32\svchost.exe
    1528 C:\Windows\System32\spoolsv.exe
    1560 C:\Windows\System32\svchost.exe
    1984 C:\Windows\System32\taskeng.exe
    1992 C:\Windows\System32\dwm.exe
    1292 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    1800 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1004 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1232 C:\Windows\SysWOW64\svchost.exe
    1760 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    2168 C:\Windows\System32\svchost.exe
    2188 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2268 C:\Program Files (x86)\O2\bin\sprtsvc.exe
    2284 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
    2420 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2440 C:\Windows\System32\svchost.exe
    2472 C:\Windows\System32\svchost.exe
    2508 C:\Windows\System32\SearchIndexer.exe
    2556 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2660 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2892 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    708 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    1020 C:\Windows\RAVCpl64.exe
    2344 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
    2128 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    1788 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1924 C:\Program Files (x86)\PPLive\PPLive.exe
    212 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    1820 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    2548 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3400 C:\Program Files\iPod\bin\iPodService.exe
    3952 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
    3888 C:\Windows\System32\taskeng.exe
    3576 C:\Program Files (x86)\Steam\Steam.exe
    1312 C:\Windows\explorer.exe
    200 C:\Windows\System32\svchost.exe
    1584 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    3484 C:\Windows\System32\wuauclt.exe
    1964 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4560 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5104 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
    3648 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    3564 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    4268 C:\Windows\System32\SearchProtocolHost.exe
    4704 C:\Windows\System32\SearchFilterHost.exe
    4004 dllhost.exe
    4964 dllhost.exe
    2828 C:\Users\Robp\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  20. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Finally, some good news :)

    Yes, your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.

    Since you're able to operate in normal mode now, we'll run more scans....
     
  21. robp777

    robp777 TS Rookie Topic Starter Posts: 27

    All done.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: PACKARD BELL BV
    System Product Name: iXtreme X9610
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 138):
    0x02C12000 \SystemRoot\system32\ntoskrnl.exe
    0x03129000 \SystemRoot\system32\hal.dll
    0x00601000 \SystemRoot\system32\kdcom.dll
    0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00646000 \SystemRoot\system32\PSHED.dll
    0x0065A000 \SystemRoot\system32\CLFS.SYS
    0x006B7000 \SystemRoot\system32\CI.dll
    0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EE000 \SystemRoot\system32\drivers\acpi.sys
    0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00957000 \SystemRoot\system32\drivers\pci.sys
    0x00987000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
    0x00769000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009B0000 \SystemRoot\system32\drivers\pciide.sys
    0x009B7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009C7000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009DA000 \SystemRoot\system32\drivers\nvraid.sys
    0x007CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00A02000 \SystemRoot\system32\drivers\atapi.sys
    0x00A0A000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A2E000 \SystemRoot\system32\drivers\nvstor64.sys
    0x00A51000 \SystemRoot\system32\drivers\storport.sys
    0x00AAE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00AF5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00B09000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00B15000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
    0x00B9C000 \SystemRoot\system32\drivers\msrpc.sys
    0x00E03000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E5C000 \SystemRoot\System32\drivers\tcpip.sys
    0x00FD2000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
    0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
    0x011DB000 \SystemRoot\System32\Drivers\mup.sys
    0x00DD0000 \SystemRoot\System32\drivers\ecache.sys
    0x00BEC000 \SystemRoot\system32\drivers\disk.sys
    0x011ED000 \SystemRoot\system32\drivers\crcdisk.sys
    0x02829000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02836000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x0283F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02852000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x02868000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02874000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x02882000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0288D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x028D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x028E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02A07000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x02A91000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x02AA3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x02C0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x038A0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x038A2000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03983000 \SystemRoot\System32\drivers\watchdog.sys
    0x03993000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x039AF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03C0E000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03D7B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03D84000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03DBD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03DCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x039BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x039ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02AB3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02AD1000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02AE9000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03DF9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02AFC000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02B30000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02B40000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02B88000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04203000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04361000 \SystemRoot\system32\drivers\portcls.sys
    0x0439C000 \SystemRoot\system32\drivers\drmk.sys
    0x043BF000 \SystemRoot\system32\drivers\ksthunk.sys
    0x043C5000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
    0x043D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x043E1000 \SystemRoot\System32\Drivers\Null.SYS
    0x043EA000 \SystemRoot\System32\drivers\vga.sys
    0x02B9C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02C00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02BCA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02BD5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02BE6000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x029D1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04000000 \SystemRoot\system32\DRIVERS\smb.sys
    0x0401B000 \SystemRoot\system32\drivers\afd.sys
    0x04086000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x040CA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x040E8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x040F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04112000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0415F000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
    0x04172000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0417E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0419B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x041A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x041B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x041BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x041C0000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x041CE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x041D8000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x02800000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x00050000 \SystemRoot\System32\win32k.sys
    0x02BEF000 \SystemRoot\System32\drivers\Dxapi.sys
    0x07606000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00430000 \SystemRoot\System32\TSDDD.dll
    0x006C0000 \SystemRoot\System32\cdd.dll
    0x07619000 \SystemRoot\system32\drivers\luafv.sys
    0x0763B000 \SystemRoot\system32\drivers\spsys.sys
    0x076D5000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x076E9000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0771D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x07728000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x07740000 \SystemRoot\system32\drivers\HTTP.sys
    0x08C03000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08C2C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x08C4A000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x08C64000 \SystemRoot\system32\drivers\mrxdav.sys
    0x08C8B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x08CB4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x08CFD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x08D1C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08D4E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07A00000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x07A4D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x07A5A000 \SystemRoot\system32\drivers\peauth.sys
    0x07B10000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07B1B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x07B37000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x77020000 \Windows\System32\ntdll.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    428 C:\Windows\System32\smss.exe
    496 csrss.exe
    548 C:\Windows\System32\wininit.exe
    568 csrss.exe
    604 C:\Windows\System32\services.exe
    620 C:\Windows\System32\lsass.exe
    628 C:\Windows\System32\lsm.exe
    740 C:\Windows\System32\winlogon.exe
    832 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\nvvsvc.exe
    904 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1020 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    464 C:\Windows\System32\svchost.exe
    500 C:\Windows\System32\svchost.exe
    652 C:\Windows\System32\svchost.exe
    484 C:\Windows\System32\audiodg.exe
    1040 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\SLsvc.exe
    1120 C:\Windows\System32\svchost.exe
    1272 C:\Windows\System32\svchost.exe
    1348 C:\Windows\System32\nvvsvc.exe
    1560 C:\Windows\System32\spoolsv.exe
    1584 C:\Windows\System32\svchost.exe
    2012 C:\Windows\System32\dwm.exe
    452 C:\Windows\System32\taskeng.exe
    1204 C:\Windows\explorer.exe
    1980 C:\Program Files\Windows Defender\MSASCui.exe
    1684 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    2096 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2116 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2124 C:\Windows\RAVCpl64.exe
    2148 C:\Windows\SysWOW64\svchost.exe
    2180 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    2304 C:\Windows\System32\svchost.exe
    2344 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2364 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
    2400 C:\Program Files (x86)\O2\bin\sprtsvc.exe
    2428 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
    2448 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
    2456 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    2512 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2532 C:\Program Files (x86)\PPLive\PPLive.exe
    2548 C:\Program Files (x86)\Steam\Steam.exe
    2556 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2720 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    2800 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2844 C:\Windows\System32\svchost.exe
    2876 C:\Windows\System32\svchost.exe
    2928 C:\Windows\System32\SearchIndexer.exe
    2964 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    2976 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2064 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3120 WmiPrvSE.exe
    3352 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    3444 C:\Program Files\iPod\bin\iPodService.exe
    3720 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    1036 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    1576 C:\Windows\System32\taskeng.exe
    3820 C:\Windows\System32\SearchProtocolHost.exe
    3604 C:\Windows\System32\SearchFilterHost.exe
    1496 C:\Windows\System32\wuauclt.exe
    2320 dllhost.exe
    1592 dllhost.exe
    3024 C:\Users\Robp\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  22. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Hmmm....that didn't work.

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning ISO Images to a CD or DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.