Inactive Virus Blocking Internet Access

Status
Not open for further replies.

robp777

Posts: 27   +0
Hi,

Im having problems with a virus that is blocking my internet access. First of all Iexplorer wouldn't work, so I switched to firefox but both don't work now. Everything works fine in safe mode though (which I am using now).

My Norton antivirus also will not work and I think my system restore facility aswell.

malware bytes doesn't pick anything up, so please can you review my attachments and help me fix the problem?

Any help is much appreciated.

Regards


View attachment Attach.txt

View attachment hijackthis.log

View attachment mbam-log-2010-10-08 (17-46-28).txt

View attachment DDS.txt
 

Broni

Posts: 55,960   +507
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
GMER log is missing.
 

robp777

Posts: 27   +0
re

Sorry! I can't attach it. when i did the scan it says nothing was found and the scan log is just blank anyway.
 

Broni

Posts: 55,960   +507
That's fine....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

robp777

Posts: 27   +0
Hi, Here are the results of my MBR check. Combofix doesnt work unfortunately because I have Windows Vista 64 bit.

Regards,


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 113):
0x02C17000 \SystemRoot\system32\ntoskrnl.exe
0x0312F000 \SystemRoot\system32\hal.dll
0x00605000 \SystemRoot\system32\kdcom.dll
0x0060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063C000 \SystemRoot\system32\PSHED.dll
0x00650000 \SystemRoot\system32\CLFS.SYS
0x006AD000 \SystemRoot\system32\CI.dll
0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EF000 \SystemRoot\system32\drivers\acpi.sys
0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00958000 \SystemRoot\system32\drivers\pci.sys
0x00988000 \SystemRoot\System32\drivers\partmgr.sys
0x0099D000 \SystemRoot\system32\drivers\volmgr.sys
0x0075F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B1000 \SystemRoot\system32\drivers\pciide.sys
0x009B8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C8000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DB000 \SystemRoot\system32\drivers\nvraid.sys
0x007C5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x007F1000 \SystemRoot\system32\drivers\atapi.sys
0x00A03000 \SystemRoot\system32\drivers\ataport.SYS
0x00A27000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A4A000 \SystemRoot\system32\drivers\storport.sys
0x00AA7000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AED000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
0x00B5B000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B6F000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
0x00BAA000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C03000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E02000 \SystemRoot\system32\drivers\ndis.sys
0x00C8A000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDA000 \SystemRoot\system32\drivers\NETIO.SYS
0x01000000 \SystemRoot\System32\drivers\tcpip.sys
0x01174000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01385000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\mup.sys
0x011A0000 \SystemRoot\System32\drivers\ecache.sys
0x013E3000 \SystemRoot\system32\drivers\disk.sys
0x011CC000 \SystemRoot\system32\drivers\crcdisk.sys
0x011EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x013F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00D32000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00D3E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00D4C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00D57000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00D9D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00DAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02A0F000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02A99000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02AAB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02ABB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02AD7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02C01000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x02D6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02D77000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02DAF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02DBC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02DDF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02AE4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DEB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02B15000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02B33000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B4B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B5D000 \SystemRoot\system32\DRIVERS\ks.sys
0x02B91000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B9C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x00DC1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02BF3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x02A00000 \SystemRoot\System32\Drivers\Null.SYS
0x00DD5000 \SystemRoot\System32\drivers\vga.sys
0x00BB6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x00DE3000 \SystemRoot\System32\drivers\watchdog.sys
0x00DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00BDB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00BE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00BF7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0320E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x032A1000 \SystemRoot\system32\DRIVERS\smb.sys
0x032BC000 \SystemRoot\system32\drivers\afd.sys
0x03329000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0336D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0338B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0339A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x033E8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0322B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03248000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0325D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0325F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0327A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03401000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0344F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0345D000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03467000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x0348A000 \SystemRoot\System32\drivers\Dxapi.sys
0x00450000 \SystemRoot\System32\drivers\dxg.sys
0x006B0000 \SystemRoot\System32\TSDDD.dll
0x008E0000 \SystemRoot\System32\framebuf.dll
0x03496000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x034CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x034D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x034F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0350D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03536000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0357F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x77330000 \Windows\System32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
416 csrss.exe
452 C:\Windows\System32\wininit.exe
460 csrss.exe
504 C:\Windows\System32\winlogon.exe
536 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1340 C:\Windows\explorer.exe
268 C:\Program Files (x86)\Internet Explorer\iexplore.exe
692 C:\Program Files (x86)\Internet Explorer\iexplore.exe
812 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1936 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1816 C:\Windows\System32\dllhost.exe
1964 C:\Users\Robp\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 

Broni

Posts: 55,960   +507
Sorry for Combofix. You can delete the file.

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 

robp777

Posts: 27   +0
Hi, All done. Here is the log file:



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 147):
0x02C1F000 \SystemRoot\system32\ntoskrnl.exe
0x03137000 \SystemRoot\system32\hal.dll
0x0060D000 \SystemRoot\system32\kdcom.dll
0x00617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00644000 \SystemRoot\system32\PSHED.dll
0x00658000 \SystemRoot\system32\CLFS.SYS
0x006B5000 \SystemRoot\system32\CI.dll
0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F7000 \SystemRoot\system32\drivers\acpi.sys
0x0094D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00956000 \SystemRoot\system32\drivers\msisadrv.sys
0x00960000 \SystemRoot\system32\drivers\pci.sys
0x00990000 \SystemRoot\System32\drivers\partmgr.sys
0x009A5000 \SystemRoot\system32\drivers\volmgr.sys
0x00767000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B9000 \SystemRoot\system32\drivers\pciide.sys
0x009C0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x007CD000 \SystemRoot\system32\drivers\nvraid.sys
0x00A0E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A3A000 \SystemRoot\system32\drivers\atapi.sys
0x00A42000 \SystemRoot\system32\drivers\ataport.SYS
0x00A66000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A89000 \SystemRoot\system32\drivers\storport.sys
0x00AE6000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B2C000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
0x00B9A000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BAE000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
0x00BE9000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E08000 \SystemRoot\system32\drivers\ndis.sys
0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100E000 \SystemRoot\System32\drivers\tcpip.sys
0x01182000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01387000 \SystemRoot\system32\drivers\volsnap.sys
0x013CB000 \SystemRoot\System32\Drivers\spldr.sys
0x013D3000 \SystemRoot\System32\Drivers\mup.sys
0x011AE000 \SystemRoot\System32\drivers\ecache.sys
0x013E5000 \SystemRoot\system32\drivers\disk.sys
0x011DA000 \SystemRoot\system32\drivers\crcdisk.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D3A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00D4D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00D63000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00D6F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00D7D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00D88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00DCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00DDF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02A03000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02A8D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02A9F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03897000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03899000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03978000 \SystemRoot\System32\drivers\watchdog.sys
0x03987000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039A3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C04000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03D71000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03D7A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03DB2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DBF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DE2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x039B0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x039E1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02AAF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02AC7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0x02B0D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B18000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02B28000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02B6F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04201000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0435F000 \SystemRoot\system32\drivers\portcls.sys
0x0439A000 \SystemRoot\system32\drivers\drmk.sys
0x043BD000 \SystemRoot\system32\drivers\ksthunk.sys
0x043C3000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x043D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x043DF000 \SystemRoot\System32\Drivers\Null.SYS
0x043E8000 \SystemRoot\System32\drivers\vga.sys
0x02B83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x043F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02BA8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02BB1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BBC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BCD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02BD6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04405000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
0x0447B000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x044B1000 \SystemRoot\system32\DRIVERS\smb.sys
0x044CC000 \SystemRoot\system32\drivers\afd.sys
0x04539000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0457D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0459B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x045AA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x045C5000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
0x045EC000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
0x04809000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04857000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x0486A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0487F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04881000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0488D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100730.001\IDSvia64.sys
0x04903000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04979000 \SystemRoot\System32\Drivers\dfsc.sys
0x04A03000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
0x04A9F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04AA8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04ABA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04AC2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04ADE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04AEC000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04AF6000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x04B19000 \SystemRoot\System32\drivers\Dxapi.sys
0x04B25000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x04B38000 \SystemRoot\system32\drivers\luafv.sys
0x04B5A000 \SystemRoot\system32\drivers\spsys.sys
0x04996000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x049AA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04BF4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x049DE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08C00000 \SystemRoot\system32\drivers\HTTP.sys
0x08C9F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08CC7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08CE5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08CFF000 \SystemRoot\system32\drivers\mrxdav.sys
0x08D26000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08D4F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08D98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08DB7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E0A000 \SystemRoot\System32\DRIVERS\srv.sys
0x08EA1000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x08EEE000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x08EFB000 \SystemRoot\system32\drivers\peauth.sys
0x08FB1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08FBC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x773E0000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
512 csrss.exe
564 C:\Windows\System32\wininit.exe
584 csrss.exe
620 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
216 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
464 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
476 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\audiodg.exe
492 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\SLsvc.exe
1084 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\nvvsvc.exe
1252 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\spoolsv.exe
1552 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\dwm.exe
2008 C:\Windows\System32\taskeng.exe
2032 C:\Windows\explorer.exe
208 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1376 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2064 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2096 C:\Windows\SysWOW64\svchost.exe
2164 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2200 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2244 C:\Windows\System32\svchost.exe
2260 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2324 C:\Program Files (x86)\O2\bin\sprtsvc.exe
2332 C:\Windows\RAVCpl64.exe
2384 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
2412 C:\Windows\System32\taskeng.exe
2428 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
2468 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
2564 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
2580 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2608 C:\Program Files (x86)\PPLive\PPLive.exe
2628 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2664 C:\Windows\System32\svchost.exe
2672 C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
2712 C:\Windows\System32\svchost.exe
2736 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2744 C:\Windows\System32\SearchIndexer.exe
2824 C:\Windows\SysWOW64\Macromed\Shockwave 10\SwHelper_1030024.exe
2848 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2952 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2352 WmiPrvSE.exe
2520 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
3288 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
3332 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
3380 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3840 C:\Program Files\iPod\bin\iPodService.exe
2772 dllhost.exe
3008 dllhost.exe
2704 C:\Users\Robp\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 

Broni

Posts: 55,960   +507
Hmmm....it didn't work....

Let's try different method....

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 

robp777

Posts: 27   +0
hi here is the new log: It might also be worth saying that this stage below didnt require any loading at all. Is that normal? After I typed enter it finsihed straight away.

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Anyway here is my log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 147):
0x02C0B000 \SystemRoot\system32\ntoskrnl.exe
0x03123000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063B000 \SystemRoot\system32\PSHED.dll
0x0064F000 \SystemRoot\system32\CLFS.SYS
0x006AC000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
0x009A4000 \SystemRoot\system32\drivers\volmgr.sys
0x0075E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B8000 \SystemRoot\system32\drivers\pciide.sys
0x009BF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CF000 \SystemRoot\System32\drivers\mountmgr.sys
0x007C4000 \SystemRoot\system32\drivers\nvraid.sys
0x00A0B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A37000 \SystemRoot\system32\drivers\atapi.sys
0x00A3F000 \SystemRoot\system32\drivers\ataport.SYS
0x00A63000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A86000 \SystemRoot\system32\drivers\storport.sys
0x00AE3000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B29000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
0x00B97000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BAB000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
0x00BE6000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E04000 \SystemRoot\system32\drivers\ndis.sys
0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
0x01007000 \SystemRoot\System32\drivers\tcpip.sys
0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138C000 \SystemRoot\system32\drivers\volsnap.sys
0x013D0000 \SystemRoot\System32\Drivers\spldr.sys
0x013D8000 \SystemRoot\System32\Drivers\mup.sys
0x011A7000 \SystemRoot\System32\drivers\ecache.sys
0x013EA000 \SystemRoot\system32\drivers\disk.sys
0x011D3000 \SystemRoot\system32\drivers\crcdisk.sys
0x00FEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011F5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D3A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00D4D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00D63000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00D6F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00D7D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00D88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00DCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00DDF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C04000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02C8E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02CA0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02E0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03A9E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03AA0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03B7F000 \SystemRoot\System32\drivers\watchdog.sys
0x03B8E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C05000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03D72000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03D7B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03DB3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DC0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DE3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BB7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02CB0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02CCE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02CE0000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02D14000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02D24000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02D6B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04403000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04561000 \SystemRoot\system32\drivers\portcls.sys
0x0459C000 \SystemRoot\system32\drivers\drmk.sys
0x045BF000 \SystemRoot\system32\drivers\ksthunk.sys
0x045C5000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x045D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x045E1000 \SystemRoot\System32\Drivers\Null.SYS
0x045EA000 \SystemRoot\System32\drivers\vga.sys
0x02D7F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DA4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DAD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DB6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DC1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DD2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02DDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04607000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
0x0467D000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x046B3000 \SystemRoot\system32\DRIVERS\smb.sys
0x046CE000 \SystemRoot\system32\drivers\afd.sys
0x0473B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0477F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0479D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x047AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x047C7000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
0x009E2000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
0x0480E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0485C000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x0486F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0487B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100730.001\IDSvia64.sys
0x048F1000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04967000 \SystemRoot\System32\Drivers\dfsc.sys
0x04A08000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
0x04AA4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04AB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04ABB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04AC4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04AD6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04ADE000 \SystemRoot\system32\DRIVERS\udfs.sys
0x04B2C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04B3A000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04B44000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x04B67000 \SystemRoot\System32\drivers\Dxapi.sys
0x04B73000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x04B86000 \SystemRoot\system32\drivers\luafv.sys
0x08A04000 \SystemRoot\system32\drivers\spsys.sys
0x08A9E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08AB2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x08AE6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x08AF1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08B09000 \SystemRoot\system32\drivers\HTTP.sys
0x08BA8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08BD0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04BA8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04BC2000 \SystemRoot\system32\drivers\mrxdav.sys
0x04984000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x049AD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x00FC7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08E0B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E3D000 \SystemRoot\System32\DRIVERS\srv.sys
0x08ED4000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x08F21000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x08F2E000 \SystemRoot\system32\drivers\peauth.sys
0x08FE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08FEF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x777C0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
512 csrss.exe
564 C:\Windows\System32\wininit.exe
584 csrss.exe
620 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
916 C:\Windows\System32\svchost.exe
280 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
488 C:\Windows\System32\svchost.exe
520 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\audiodg.exe
1032 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\SLsvc.exe
1104 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\nvvsvc.exe
1272 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\spoolsv.exe
1568 C:\Windows\System32\svchost.exe
1860 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1940 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1960 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1984 C:\Windows\SysWOW64\svchost.exe
1324 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
1604 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
1280 C:\Windows\System32\svchost.exe
1220 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1824 C:\Program Files (x86)\O2\bin\sprtsvc.exe
2064 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
2184 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2204 C:\Windows\System32\svchost.exe
2232 C:\Windows\System32\svchost.exe
2272 C:\Windows\System32\SearchIndexer.exe
2312 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2380 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2556 WmiPrvSE.exe
2652 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
2912 C:\Windows\System32\taskeng.exe
2432 C:\Windows\System32\SearchProtocolHost.exe
1836 C:\Windows\System32\SearchFilterHost.exe
2804 C:\Windows\System32\taskeng.exe
2220 C:\Windows\System32\dwm.exe
956 C:\Windows\explorer.exe
1008 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
3296 C:\Windows\RAVCpl64.exe
3312 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
3336 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
3388 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3396 C:\Program Files (x86)\PPLive\PPLive.exe
3412 C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
3428 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3448 C:\Windows\SysWOW64\Macromed\Shockwave 10\SwHelper_1030024.exe
3480 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
3508 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3924 C:\Program Files\iPod\bin\iPodService.exe
464 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
3152 dllhost.exe
3472 dllhost.exe
840 C:\Users\Robp\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 

Broni

Posts: 55,960   +507
I'm not sure, why this is not working....hmmmm...

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

======================================================================

  • Please download Rootkit Unhooker . Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Checkmark Drivers, Stealth. Uncheck the rest. Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report to some known location. Click Close.
Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 

robp777

Posts: 27   +0
I ran the TDS killer and it said nothing found, here is the log below. I also ran rootkit unhooker and it failed to work giving me this message: Error loading status driver, NTSTATUS code:0xC000035F

================================================================================
2010/10/10 10:54:09.0671 Scan finished
2010/10/10 10:54:09.0671 ================================================================================
 

Broni

Posts: 55,960   +507
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow
    drweb.jpg
    at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
 

robp777

Posts: 27   +0
Hi I' sorry but I am having problems with Dr web curit. The scan takes about 8 hours and it does find 3 items one of which is called TFC____0.exe which is a trojan.Downloader1.26252.

However I cannot save the report list, when i press file save report list nothing happens and it doesnt save to my desktop. Is it because I am running in safe mode?

thanks
 

Broni

Posts: 55,960   +507
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 

robp777

Posts: 27   +0
OTL Extras logfile created on: 14/10/2010 18:37:37 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Robp\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.17 Gb Total Space | 283.44 Gb Free Space | 48.69% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROBP-PC | User Name: Robp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC245AE0-D9CD-4727-980D-1FFA24A5DB15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E49B7735-80FD-4A9E-9299-4D5E2F7A2FDA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0119D7C9-14C7-4556-B002-8E552BDA1409}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{029C9F8D-FDF7-4B23-BBA9-2C50C158BD10}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{03EC4228-29C6-4D62-82C5-1B430DA7FB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3\gothic3.exe |
"{0B6FF908-DA25-43DB-BCCA-8D153AA1C7D0}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{0FB728E9-3983-43F4-A10E-937E6F132F71}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{11306ED5-D0E5-4633-8A15-244C70D4763A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{18BDFDD6-426B-41D8-B1A9-2BE2475372FF}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\bin\wificfg.exe |
"{1E63D87F-4E23-44BA-AEDB-E469D372B7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{2225A15F-FDDC-4303-AE77-4B0D98790BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2325054A-02EB-4E33-B32A-D7F5AA41B626}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{26473AB7-3CA6-4F93-B48C-71E7CD4135D4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{28907A52-C1B3-489A-8484-3F05B00A2DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{2D6425AC-43B8-40FC-B089-2728C7A7AD82}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\supportsoft\bin\ssrc.exe |
"{2F7FB5A8-F52F-4996-B7E7-F9CEE3896557}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{329062DF-D1F2-45C3-B1DF-C7374B0B9771}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{344D61C7-5065-4DB4-A676-30B2BA946092}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{3652163A-5754-437B-9302-8E27D826D7C4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{37068B28-D4C7-426C-A187-01F5B19FCDE5}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{3EAB262A-41C3-4B1A-A585-82A6A79336C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3F84A69D-279A-4A26-B636-3E17B8B8F24E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{4046765D-EE38-4F16-B6D6-0E5E0DCF0E33}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{4262774A-9E13-4D14-AFEC-99E867CD99FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{450B03EE-7583-4A1D-AD0D-EDC5B8C862BC}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe |
"{4BEF54DF-5CA6-4165-B9BA-821CC3FE9610}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\supportsoft\bin\ssrc.exe |
"{5D8EF1C7-018B-49F7-AEE1-28CEA8A2A1E9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{669C591A-A7DB-4247-A47C-209D95DEB47D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{6A46DEE7-9C50-4D97-8B11-80199E615D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont.exe |
"{70F64EBE-058E-456E-91C5-40A148829DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7568DB56-93B4-4D23-8A32-1985F56D4AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{812D3FE1-C271-4A75-8065-947AAF23D00B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{82229366-489B-4FAA-8F53-0C0448E7166E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{88FCAA59-14A7-44D4-B04C-64BB5AC3BF27}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{8986320F-14FA-419C-B45A-E35FC7D9EBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault\uawea.exe |
"{8AFC4C4D-ECBD-4BA5-8F13-02EFE0C36F94}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{8F0C9D28-F6C5-4059-B843-8F930E782FFC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8FDD3D91-3F48-41B5-9232-36CD7179453B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{94C05725-A49F-4BEC-85D6-7D3A3ECB5724}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont_nm.exe |
"{96348793-2395-4428-BA20-E350E2C3EFEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3\gothic3.exe |
"{984E071F-DEB4-4EFC-9C96-CA2440CAD2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9B773CDE-C0DC-4AF2-A7EC-C8CAA2FE919F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{9C5A2BF0-F0A5-4672-86D3-DDD9D68CBB27}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A34CAF8D-9E19-4C39-AD17-E6E9E7916995}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A4EF0F32-86F9-4F4B-8E8F-50B2A3C7A62F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{A6BAAB5B-2F20-443E-8D28-53BCC5BCBC5E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{B262CAD1-B5D4-4541-B20E-7FB3CD12BCD9}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{B603B769-9B82-483D-9C38-BFF6CDAB0E48}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{B91E45C9-9BBE-4998-B725-07ECA6F1303B}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{BC0510D2-3A82-4990-9DDC-5431B62A62E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BE88A5AB-D973-4A39-AD30-47750928C961}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{C46979C3-928D-469A-9591-10287C08AAC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{C839D34D-A49B-4C3D-8EEC-68B6B1508F83}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont.exe |
"{CC608731-AE39-4490-83B4-02CD997EFE26}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{CE5520B5-3E83-4C82-AD6F-777E6F078607}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D5A139E1-FF63-4118-AEB0-86D13122674B}" = protocol=17 | dir=in | app=c:\program files (x86)\o2\bin\wificfg.exe |
"{DC990A83-7767-4179-8C91-9384F1BAB166}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E3CB9AA7-452F-4D15-A64B-3BA4D1ABED4D}" = protocol=6 | dir=in | app=c:\program files (x86)\o2\agent\bin\bcont_nm.exe |
"{E9519EC9-79E8-435F-A993-155B2D69BA75}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{EC76FA84-4641-4C73-A15E-61C6ECD9D472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F82F0722-8328-419D-8EC0-BD3AFE6EDF56}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{F9E83286-2D6C-42FF-9AC9-B99BE847A2CD}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"TCP Query User{49B7A7E7-1370-472C-B97F-F653B4104FAD}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"UDP Query User{765203D7-3648-4A0B-9E3E-1895051A2DBA}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{54E4B319-0CE0-448D-B299-EE05BC30E4D1}" = Windows Live Family Safety
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}" = MobileMe Control Panel
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C61C87D-DB8E-4E8A-900C-293C569DC211}" = Internet From BT
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3559CDE0-11FC-4D7B-A65C-D646035B1033}" = Nero 8 Essentials
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52B94500-1782-411F-BFA5-EBAC312964DE}" = The Witcher Demo
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0732D58-7DC1-431F-ADE5-B9704B2EBEDF}" = Big Mutha Truckers
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0DF9B8E-0D6D-45C6-B3C8-5CBD30C0F1CC}" = Sensible Soccer 2006
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobePE6" = Adobe Photoshop Elements 6
"AdobeReader" = Adobe Reader 8.1.2
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BT_GB" = British Telecom
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Protect your files now
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.9
"Easybits Magic Desktop" = EasyBits Magic Desktop
"FIJI" = Keyboard FIJI
"GoogleToolbar" = Google Toolbar
"HijackThis" = HijackThis 2.0.2
"Hitman - Codename 47" = Hitman - Codename 47
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageWriter" = Packard Bell ImageWriter
"ImgBurn" = ImgBurn
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LCDTest" = Packard Bell LCD Test
"magicdesktop" = Easybits Magic Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Nero8" = Nero 8 Essentials
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OFF2k7_UK" = Microsoft® Office Trial 2007
"PBREG" = Packard Bell Registration
"Rapport_msi" = Rapport
"SETUPMYPC_GB" = SetUp My PC
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"Steam App 39500" = Gothic 3
"SWOS-Total Pack" = SWOS-Total Pack
"SystemRequirementsLab" = System Requirements Lab
"TescoDownloader" = Tesco Download Manager
"TVUPlayer" = TVUPlayer 2.4.7.2
"Updator" = Packard Bell Updator
"uTorrent" = µTorrent
"VIDEO_NVIDIA" = Video NVIDIA v174.90
"V-Ray for SketchUp 1.48.66" = V-Ray for SketchUp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"works9se" = Microsoft Works 9 SE
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/06/2010 12:06:05 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 21/06/2010 12:06:05 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 21/06/2010 12:06:05 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 21/06/2010 12:06:42 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 21/06/2010 12:06:42 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 21/06/2010 12:10:18 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 21/06/2010 12:10:18 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 21/06/2010 12:10:18 | Computer Name = Robp-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 21/06/2010 12:29:15 | Computer Name = Robp-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/06/2010 12:29:25 | Computer Name = Robp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 14/10/2010 13:23:48 | Computer Name = Robp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2010 13:23:48 | Computer Name = Robp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2010 13:23:48 | Computer Name = Robp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/10/2010 13:33:33 | Computer Name = Robp-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:31:25 on 14/10/2010 was unexpected.

Error - 14/10/2010 13:33:52 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
Description =

Error - 14/10/2010 13:33:59 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
Description =

Error - 14/10/2010 13:34:02 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
Description =

Error - 14/10/2010 13:34:03 | Computer Name = Robp-PC | Source = DCOM | ID = 10005
Description =

Error - 14/10/2010 13:34:53 | Computer Name = Robp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 14/10/2010 13:34:53 | Computer Name = Robp-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 

Broni

Posts: 55,960   +507
I don't see much here....

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 

Broni

Posts: 55,960   +507
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 

robp777

Posts: 27   +0
Hi, I have attached the OTL log, but I still cannot access the internet when not is safe mode. Both firefox and internet explorer say they cannot connect.

Is there anything else I can try? Malwarebytes says everything is clean but it still wont work.

Thanks




All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Robp
->Temp folder emptied: 4284007 bytes
->Temporary Internet Files folder emptied: 531532664 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3401 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14330324 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7135759 bytes

Total Files Cleaned = 532.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Robp
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_115612

Files\Folders moved on Reboot...
File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5366.tmp not found!
File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5377.tmp not found!
File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5425.tmp not found!
File\Folder C:\Users\Robp\AppData\Local\Temp\~DF542A.tmp not found!
File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5452.tmp not found!
File\Folder C:\Users\Robp\AppData\Local\Temp\~DF5457.tmp not found!
C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFMNJ2UR\adsCAJKZOE4.htm moved successfully.
C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOYCA9SF\sh24[1].html moved successfully.
C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOYCA9SF\topic154578-2[1].html moved successfully.
C:\Users\Robp\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQDULZL1\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A30OABVH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JP155J7\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60P7YDPO\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 

Broni

Posts: 55,960   +507
Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 

robp777

Posts: 27   +0
hi here is the log:

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Status
Not open for further replies.