Inactive Virus Blocking Internet Access
- Thread starter robp777
- Start date
- Status
I'm not sure why actually. My windows updated hasn't been working properly and often crashes. In a previous step (today) you said to make sure all windows updates are installed, so I checked for updates and it installed service pack 2. As far as I could tell it installed it.
Should I try again?
Should I try again?
Broni
Posts: 56,041 +516
OK, I want you to uninstall Norton, using this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN and see, if you can use your browsers in normal mode.
Make sure to turn Windows firewall ON.
Make sure to turn Windows firewall ON.
Broni
Posts: 56,041 +516
We'll try to remove Norton manually then.
But first, restart in normal mode and...
1. Click Start>Run (Start>"Start search" in Vista).
2. Type in (or copy and paste):
cmd /c ping google.com>%temp%\$.$¬epad %temp%\$.$
and press Enter.
3. Notepad will open.
4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
When done....
Download OTL to your Desktop (if you removed it already).
Run "Quick scan" and post its log.
But first, restart in normal mode and...
1. Click Start>Run (Start>"Start search" in Vista).
2. Type in (or copy and paste):
cmd /c ping google.com>%temp%\$.$¬epad %temp%\$.$
and press Enter.
3. Notepad will open.
4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
When done....
Download OTL to your Desktop (if you removed it already).
Run "Quick scan" and post its log.
Ping log:
Pinging google.com [173.194.37.104] with 32 bytes of data:
Reply from 173.194.37.104: bytes=32 time=24ms TTL=58
Reply from 173.194.37.104: bytes=32 time=23ms TTL=58
Reply from 173.194.37.104: bytes=32 time=25ms TTL=58
Reply from 173.194.37.104: bytes=32 time=24ms TTL=58
Ping statistics for 173.194.37.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 25ms, Average = 24ms
[/ATTACH]
Pinging google.com [173.194.37.104] with 32 bytes of data:
Reply from 173.194.37.104: bytes=32 time=24ms TTL=58
Reply from 173.194.37.104: bytes=32 time=23ms TTL=58
Reply from 173.194.37.104: bytes=32 time=25ms TTL=58
Reply from 173.194.37.104: bytes=32 time=24ms TTL=58
Ping statistics for 173.194.37.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 25ms, Average = 24ms
[/ATTACH]
Broni
Posts: 56,041 +516
Since your computer is clean, I'll give your browsers issue one last shot, before I send you to Windows forum.
Uninstall Norton, using Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
Let me know...
Uninstall Norton, using Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
Let me know...
Broni
Posts: 56,041 +516
OK. Let's go for it.
Download OTL to your Desktop.
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Sorry previous post is wrong! I got a blue screen crash when I ran this in normal mode so I had to do it in safe mode. Also there was no Extras log just the OTL.txt.
View attachment OTL.Txt
View attachment OTL.Txt
I managed to get on to the internet in Normal mode! I had to remove norton utilities from the windows registry and then the norton remove tool worked. However I still think there are some problems, can you please just check this MBR log?, because I think it still says I am infected. Appreciate the help!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 138):
0x02C05000 \SystemRoot\system32\ntoskrnl.exe
0x0311C000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064C000 \SystemRoot\system32\PSHED.dll
0x00660000 \SystemRoot\system32\CLFS.SYS
0x006BD000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F3000 \SystemRoot\system32\drivers\acpi.sys
0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095C000 \SystemRoot\system32\drivers\pci.sys
0x0098C000 \SystemRoot\System32\drivers\partmgr.sys
0x009A1000 \SystemRoot\system32\drivers\volmgr.sys
0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B5000 \SystemRoot\system32\drivers\pciide.sys
0x009BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CC000 \SystemRoot\System32\drivers\mountmgr.sys
0x007D5000 \SystemRoot\system32\drivers\nvraid.sys
0x00A04000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A30000 \SystemRoot\system32\drivers\atapi.sys
0x00A38000 \SystemRoot\system32\drivers\ataport.SYS
0x00A5C000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A7F000 \SystemRoot\system32\drivers\storport.sys
0x00ADC000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B23000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B37000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B43000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C00000 \SystemRoot\system32\drivers\ndis.sys
0x00E07000 \SystemRoot\system32\drivers\msrpc.sys
0x00E57000 \SystemRoot\system32\drivers\NETIO.SYS
0x01009000 \SystemRoot\System32\drivers\tcpip.sys
0x0117F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138A000 \SystemRoot\system32\drivers\volsnap.sys
0x013CE000 \SystemRoot\System32\Drivers\spldr.sys
0x013D6000 \SystemRoot\System32\Drivers\mup.sys
0x011AB000 \SystemRoot\System32\drivers\ecache.sys
0x013E8000 \SystemRoot\system32\drivers\disk.sys
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x011EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00ED3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00EE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00EFC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00F08000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00F16000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00F21000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00F67000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02AF4000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02B7E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02B90000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03893000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03895000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03976000 \SystemRoot\System32\drivers\watchdog.sys
0x03986000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039A2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C06000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03D73000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03D7C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03DB5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DC2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x039AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x039E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02BA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02BD6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DF1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00F78000 \SystemRoot\system32\DRIVERS\ks.sys
0x03DF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x039F0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00FAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02BE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04409000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04567000 \SystemRoot\system32\drivers\portcls.sys
0x045A2000 \SystemRoot\system32\drivers\drmk.sys
0x045C5000 \SystemRoot\system32\drivers\ksthunk.sys
0x045CB000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x045DD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x045E7000 \SystemRoot\System32\Drivers\Null.SYS
0x045F0000 \SystemRoot\System32\drivers\vga.sys
0x00DC3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00FF4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00DE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00BCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00DF3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x009DF000 \SystemRoot\system32\DRIVERS\smb.sys
0x04605000 \SystemRoot\system32\drivers\afd.sys
0x04670000 \SystemRoot\System32\DRIVERS\netbt.sys
0x046B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x046D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x046E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x046FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04749000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x0475C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04768000 \SystemRoot\System32\Drivers\dfsc.sys
0x04785000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0479D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0479F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x047ED000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x011D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00EB0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00EBE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04803000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x04826000 \SystemRoot\System32\drivers\Dxapi.sys
0x04832000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x04845000 \SystemRoot\system32\drivers\luafv.sys
0x04867000 \SystemRoot\system32\drivers\spsys.sys
0x04901000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04915000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04949000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04954000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0880D000 \SystemRoot\system32\drivers\HTTP.sys
0x088B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x088D9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x088F7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08911000 \SystemRoot\system32\drivers\mrxdav.sys
0x08938000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08961000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x089AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x089C9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0496C000 \SystemRoot\System32\DRIVERS\srv.sys
0x09008000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x09055000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x09062000 \SystemRoot\system32\drivers\peauth.sys
0x09118000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09123000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77740000 \Windows\System32\ntdll.dll
Processes (total 70):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
492 csrss.exe
540 C:\Windows\System32\wininit.exe
560 csrss.exe
592 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
884 C:\Windows\System32\svchost.exe
1012 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
316 C:\Windows\System32\svchost.exe
440 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\audiodg.exe
448 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\SLsvc.exe
1076 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\nvvsvc.exe
1240 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1984 C:\Windows\System32\taskeng.exe
1992 C:\Windows\System32\dwm.exe
1292 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1800 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1004 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1232 C:\Windows\SysWOW64\svchost.exe
1760 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2168 C:\Windows\System32\svchost.exe
2188 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2268 C:\Program Files (x86)\O2\bin\sprtsvc.exe
2284 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
2420 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2440 C:\Windows\System32\svchost.exe
2472 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\SearchIndexer.exe
2556 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2660 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2892 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
708 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
1020 C:\Windows\RAVCpl64.exe
2344 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
2128 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
1788 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1924 C:\Program Files (x86)\PPLive\PPLive.exe
212 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1820 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2548 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3400 C:\Program Files\iPod\bin\iPodService.exe
3952 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
3888 C:\Windows\System32\taskeng.exe
3576 C:\Program Files (x86)\Steam\Steam.exe
1312 C:\Windows\explorer.exe
200 C:\Windows\System32\svchost.exe
1584 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3484 C:\Windows\System32\wuauclt.exe
1964 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4560 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5104 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
3648 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
3564 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
4268 C:\Windows\System32\SearchProtocolHost.exe
4704 C:\Windows\System32\SearchFilterHost.exe
4004 dllhost.exe
4964 dllhost.exe
2828 C:\Users\Robp\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)
PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 138):
0x02C05000 \SystemRoot\system32\ntoskrnl.exe
0x0311C000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064C000 \SystemRoot\system32\PSHED.dll
0x00660000 \SystemRoot\system32\CLFS.SYS
0x006BD000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F3000 \SystemRoot\system32\drivers\acpi.sys
0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095C000 \SystemRoot\system32\drivers\pci.sys
0x0098C000 \SystemRoot\System32\drivers\partmgr.sys
0x009A1000 \SystemRoot\system32\drivers\volmgr.sys
0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B5000 \SystemRoot\system32\drivers\pciide.sys
0x009BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CC000 \SystemRoot\System32\drivers\mountmgr.sys
0x007D5000 \SystemRoot\system32\drivers\nvraid.sys
0x00A04000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A30000 \SystemRoot\system32\drivers\atapi.sys
0x00A38000 \SystemRoot\system32\drivers\ataport.SYS
0x00A5C000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A7F000 \SystemRoot\system32\drivers\storport.sys
0x00ADC000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B23000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B37000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B43000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C00000 \SystemRoot\system32\drivers\ndis.sys
0x00E07000 \SystemRoot\system32\drivers\msrpc.sys
0x00E57000 \SystemRoot\system32\drivers\NETIO.SYS
0x01009000 \SystemRoot\System32\drivers\tcpip.sys
0x0117F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138A000 \SystemRoot\system32\drivers\volsnap.sys
0x013CE000 \SystemRoot\System32\Drivers\spldr.sys
0x013D6000 \SystemRoot\System32\Drivers\mup.sys
0x011AB000 \SystemRoot\System32\drivers\ecache.sys
0x013E8000 \SystemRoot\system32\drivers\disk.sys
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x011EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00ED3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00EE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00EFC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x00F08000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00F16000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00F21000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00F67000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02AF4000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02B7E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02B90000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03893000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03895000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03976000 \SystemRoot\System32\drivers\watchdog.sys
0x03986000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039A2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C06000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03D73000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03D7C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03DB5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DC2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x039AF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x039E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02BA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02BD6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DF1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00F78000 \SystemRoot\system32\DRIVERS\ks.sys
0x03DF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x039F0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00FAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02BE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04409000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04567000 \SystemRoot\system32\drivers\portcls.sys
0x045A2000 \SystemRoot\system32\drivers\drmk.sys
0x045C5000 \SystemRoot\system32\drivers\ksthunk.sys
0x045CB000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x045DD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x045E7000 \SystemRoot\System32\Drivers\Null.SYS
0x045F0000 \SystemRoot\System32\drivers\vga.sys
0x00DC3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00FF4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00DE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00BCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00DF3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x009DF000 \SystemRoot\system32\DRIVERS\smb.sys
0x04605000 \SystemRoot\system32\drivers\afd.sys
0x04670000 \SystemRoot\System32\DRIVERS\netbt.sys
0x046B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x046D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x046E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x046FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04749000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x0475C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04768000 \SystemRoot\System32\Drivers\dfsc.sys
0x04785000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0479D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0479F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x047ED000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x011D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00EB0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00EBE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04803000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x04826000 \SystemRoot\System32\drivers\Dxapi.sys
0x04832000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x04845000 \SystemRoot\system32\drivers\luafv.sys
0x04867000 \SystemRoot\system32\drivers\spsys.sys
0x04901000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04915000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04949000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04954000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0880D000 \SystemRoot\system32\drivers\HTTP.sys
0x088B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x088D9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x088F7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08911000 \SystemRoot\system32\drivers\mrxdav.sys
0x08938000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08961000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x089AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x089C9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0496C000 \SystemRoot\System32\DRIVERS\srv.sys
0x09008000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x09055000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x09062000 \SystemRoot\system32\drivers\peauth.sys
0x09118000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09123000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77740000 \Windows\System32\ntdll.dll
Processes (total 70):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
492 csrss.exe
540 C:\Windows\System32\wininit.exe
560 csrss.exe
592 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
884 C:\Windows\System32\svchost.exe
1012 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
316 C:\Windows\System32\svchost.exe
440 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\audiodg.exe
448 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\SLsvc.exe
1076 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\nvvsvc.exe
1240 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1984 C:\Windows\System32\taskeng.exe
1992 C:\Windows\System32\dwm.exe
1292 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1800 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1004 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1232 C:\Windows\SysWOW64\svchost.exe
1760 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2168 C:\Windows\System32\svchost.exe
2188 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2268 C:\Program Files (x86)\O2\bin\sprtsvc.exe
2284 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
2420 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2440 C:\Windows\System32\svchost.exe
2472 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\SearchIndexer.exe
2556 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2660 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2892 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
708 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
1020 C:\Windows\RAVCpl64.exe
2344 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
2128 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
1788 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1924 C:\Program Files (x86)\PPLive\PPLive.exe
212 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1820 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2548 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3400 C:\Program Files\iPod\bin\iPodService.exe
3952 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
3888 C:\Windows\System32\taskeng.exe
3576 C:\Program Files (x86)\Steam\Steam.exe
1312 C:\Windows\explorer.exe
200 C:\Windows\System32\svchost.exe
1584 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3484 C:\Windows\System32\wuauclt.exe
1964 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4560 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5104 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
3648 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
3564 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
4268 C:\Windows\System32\SearchProtocolHost.exe
4704 C:\Windows\System32\SearchFilterHost.exe
4004 dllhost.exe
4964 dllhost.exe
2828 C:\Users\Robp\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)
PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Broni
Posts: 56,041 +516
Finally, some good news 
Yes, your MBR seems to be infected.
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)
Since you're able to operate in normal mode now, we'll run more scans....
Yes, your MBR seems to be infected.
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)
- Place a blank CD in your CD drive.
- Double click on NTBR_CD.exe file and a folder of the same name will appear.
- Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
- Follow the prompts to burn the CD.
- Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
- If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
- Insert the newly created CD into your infected PC and reboot your computer.
- Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
- Read the warning and then continue as prompted.
- You first need to select your keyboard layout - press Enter for English.
- Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
- On the following screen enter 5 to select Install Standard MBR code.
- Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
- When asked to confirm please do so.
- Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
- Eject the disc and then press ctrl+alt+del to reboot the PC.
Since you're able to operate in normal mode now, we'll run more scans....
All done.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 138):
0x02C12000 \SystemRoot\system32\ntoskrnl.exe
0x03129000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00646000 \SystemRoot\system32\PSHED.dll
0x0065A000 \SystemRoot\system32\CLFS.SYS
0x006B7000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00769000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B0000 \SystemRoot\system32\drivers\pciide.sys
0x009B7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C7000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DA000 \SystemRoot\system32\drivers\nvraid.sys
0x007CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A02000 \SystemRoot\system32\drivers\atapi.sys
0x00A0A000 \SystemRoot\system32\drivers\ataport.SYS
0x00A2E000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A51000 \SystemRoot\system32\drivers\storport.sys
0x00AAE000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AF5000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B09000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B15000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
0x00B9C000 \SystemRoot\system32\drivers\msrpc.sys
0x00E03000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E5C000 \SystemRoot\System32\drivers\tcpip.sys
0x00FD2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
0x011DB000 \SystemRoot\System32\Drivers\mup.sys
0x00DD0000 \SystemRoot\System32\drivers\ecache.sys
0x00BEC000 \SystemRoot\system32\drivers\disk.sys
0x011ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x02829000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02836000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0283F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02852000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02868000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02874000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02882000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0288D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x028D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x028E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02A07000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02A91000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02AA3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x038A0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x038A2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03983000 \SystemRoot\System32\drivers\watchdog.sys
0x03993000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039AF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C0E000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03D7B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03D84000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03DBD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x039BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x039ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02AB3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02AD1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02AE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02AFC000 \SystemRoot\system32\DRIVERS\ks.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B30000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02B40000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02B88000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04203000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04361000 \SystemRoot\system32\drivers\portcls.sys
0x0439C000 \SystemRoot\system32\drivers\drmk.sys
0x043BF000 \SystemRoot\system32\drivers\ksthunk.sys
0x043C5000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x043D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x043E1000 \SystemRoot\System32\Drivers\Null.SYS
0x043EA000 \SystemRoot\System32\drivers\vga.sys
0x02B9C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02BCA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BD5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BE6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x029D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04000000 \SystemRoot\system32\DRIVERS\smb.sys
0x0401B000 \SystemRoot\system32\drivers\afd.sys
0x04086000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040CA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04112000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0415F000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x04172000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0417E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0419B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x041A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x041B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x041CE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x041D8000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x02800000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00050000 \SystemRoot\System32\win32k.sys
0x02BEF000 \SystemRoot\System32\drivers\Dxapi.sys
0x07606000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x07619000 \SystemRoot\system32\drivers\luafv.sys
0x0763B000 \SystemRoot\system32\drivers\spsys.sys
0x076D5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x076E9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0771D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07728000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07740000 \SystemRoot\system32\drivers\HTTP.sys
0x08C03000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08C2C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08C4A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08C64000 \SystemRoot\system32\drivers\mrxdav.sys
0x08C8B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08CB4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08CFD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08D1C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08D4E000 \SystemRoot\System32\DRIVERS\srv.sys
0x07A00000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x07A4D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x07A5A000 \SystemRoot\system32\drivers\peauth.sys
0x07B10000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07B1B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07B37000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77020000 \Windows\System32\ntdll.dll
Processes (total 67):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
496 csrss.exe
548 C:\Windows\System32\wininit.exe
568 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1020 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
464 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\audiodg.exe
1040 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\SLsvc.exe
1120 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\nvvsvc.exe
1560 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\dwm.exe
452 C:\Windows\System32\taskeng.exe
1204 C:\Windows\explorer.exe
1980 C:\Program Files\Windows Defender\MSASCui.exe
1684 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2096 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2116 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2124 C:\Windows\RAVCpl64.exe
2148 C:\Windows\SysWOW64\svchost.exe
2180 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2304 C:\Windows\System32\svchost.exe
2344 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2364 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
2400 C:\Program Files (x86)\O2\bin\sprtsvc.exe
2428 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
2448 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
2456 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
2512 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2532 C:\Program Files (x86)\PPLive\PPLive.exe
2548 C:\Program Files (x86)\Steam\Steam.exe
2556 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2720 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2800 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2844 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\svchost.exe
2928 C:\Windows\System32\SearchIndexer.exe
2964 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2976 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2064 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3120 WmiPrvSE.exe
3352 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
3444 C:\Program Files\iPod\bin\iPodService.exe
3720 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
1036 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
1576 C:\Windows\System32\taskeng.exe
3820 C:\Windows\System32\SearchProtocolHost.exe
3604 C:\Windows\System32\SearchFilterHost.exe
1496 C:\Windows\System32\wuauclt.exe
2320 dllhost.exe
1592 dllhost.exe
3024 C:\Users\Robp\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)
PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: iXtreme X9610
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 138):
0x02C12000 \SystemRoot\system32\ntoskrnl.exe
0x03129000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00646000 \SystemRoot\system32\PSHED.dll
0x0065A000 \SystemRoot\system32\CLFS.SYS
0x006B7000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\drivers\volmgr.sys
0x00769000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B0000 \SystemRoot\system32\drivers\pciide.sys
0x009B7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C7000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DA000 \SystemRoot\system32\drivers\nvraid.sys
0x007CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A02000 \SystemRoot\system32\drivers\atapi.sys
0x00A0A000 \SystemRoot\system32\drivers\ataport.SYS
0x00A2E000 \SystemRoot\system32\drivers\nvstor64.sys
0x00A51000 \SystemRoot\system32\drivers\storport.sys
0x00AAE000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AF5000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B09000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B15000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0D000 \SystemRoot\system32\drivers\ndis.sys
0x00B9C000 \SystemRoot\system32\drivers\msrpc.sys
0x00E03000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E5C000 \SystemRoot\System32\drivers\tcpip.sys
0x00FD2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
0x011DB000 \SystemRoot\System32\Drivers\mup.sys
0x00DD0000 \SystemRoot\System32\drivers\ecache.sys
0x00BEC000 \SystemRoot\system32\drivers\disk.sys
0x011ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x02829000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02836000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0283F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02852000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02868000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02874000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02882000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0288D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x028D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x028E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02A07000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02A91000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02AA3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x038A0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x038A2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03983000 \SystemRoot\System32\drivers\watchdog.sys
0x03993000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039AF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C0E000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
0x03D7B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03D84000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03DBD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x039BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x039ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02AB3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02AD1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02AE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02AFC000 \SystemRoot\system32\DRIVERS\ks.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B30000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02B40000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02B88000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04203000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04361000 \SystemRoot\system32\drivers\portcls.sys
0x0439C000 \SystemRoot\system32\drivers\drmk.sys
0x043BF000 \SystemRoot\system32\drivers\ksthunk.sys
0x043C5000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x043D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x043E1000 \SystemRoot\System32\Drivers\Null.SYS
0x043EA000 \SystemRoot\System32\drivers\vga.sys
0x02B9C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02BCA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BD5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BE6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x029D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04000000 \SystemRoot\system32\DRIVERS\smb.sys
0x0401B000 \SystemRoot\system32\drivers\afd.sys
0x04086000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040CA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04112000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0415F000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x04172000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0417E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0419B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x041A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x041B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x041CE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x041D8000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x02800000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00050000 \SystemRoot\System32\win32k.sys
0x02BEF000 \SystemRoot\System32\drivers\Dxapi.sys
0x07606000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x07619000 \SystemRoot\system32\drivers\luafv.sys
0x0763B000 \SystemRoot\system32\drivers\spsys.sys
0x076D5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x076E9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0771D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07728000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07740000 \SystemRoot\system32\drivers\HTTP.sys
0x08C03000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08C2C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08C4A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08C64000 \SystemRoot\system32\drivers\mrxdav.sys
0x08C8B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08CB4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08CFD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08D1C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08D4E000 \SystemRoot\System32\DRIVERS\srv.sys
0x07A00000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x07A4D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x07A5A000 \SystemRoot\system32\drivers\peauth.sys
0x07B10000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07B1B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07B37000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77020000 \Windows\System32\ntdll.dll
Processes (total 67):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
496 csrss.exe
548 C:\Windows\System32\wininit.exe
568 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1020 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
464 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\audiodg.exe
1040 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\SLsvc.exe
1120 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\nvvsvc.exe
1560 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\dwm.exe
452 C:\Windows\System32\taskeng.exe
1204 C:\Windows\explorer.exe
1980 C:\Program Files\Windows Defender\MSASCui.exe
1684 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2096 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2116 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2124 C:\Windows\RAVCpl64.exe
2148 C:\Windows\SysWOW64\svchost.exe
2180 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2304 C:\Windows\System32\svchost.exe
2344 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2364 C:\Program Files (x86)\Packard Bell\FIJI\ABoard.exe
2400 C:\Program Files (x86)\O2\bin\sprtsvc.exe
2428 C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
2448 C:\Program Files (x86)\Packard Bell\FIJI\AOSD.exe
2456 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
2512 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2532 C:\Program Files (x86)\PPLive\PPLive.exe
2548 C:\Program Files (x86)\Steam\Steam.exe
2556 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2720 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2800 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2844 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\svchost.exe
2928 C:\Windows\System32\SearchIndexer.exe
2964 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2976 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2064 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3120 WmiPrvSE.exe
3352 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
3444 C:\Program Files\iPod\bin\iPodService.exe
3720 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
1036 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
1576 C:\Windows\System32\taskeng.exe
3820 C:\Windows\System32\SearchProtocolHost.exe
3604 C:\Windows\System32\SearchFilterHost.exe
1496 C:\Windows\System32\wuauclt.exe
2320 dllhost.exe
1592 dllhost.exe
3024 C:\Users\Robp\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80344800 (NTFS)
PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1B5D089986DF8BB088E0B621E24BE3077B01668A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Broni
Posts: 56,041 +516
Hmmm....that didn't work.
If you have Vista/7 DVD...
start with step 2
If you don't have Vista/7 DVD...
1. Create Vista/7 Recovery Disc.
Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/
Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD
2. Boot from created disk.
Vista users. At first screen click on Repair your computer:
Windows 7 users. At first screen click on Install now:
Select your language and click next:
Click the button for "Use recovery tools":
The following applies to both, Vista and Windows 7 users.
This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
After this, it will present you with a list of options including startup repair, system restore and command prompt:
Select Command Prompt
Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter
Once completed then type Exit, press Enter and restart computer.
Post fresh MBRCheck log.
If you have Vista/7 DVD...
start with step 2
If you don't have Vista/7 DVD...
1. Create Vista/7 Recovery Disc.
Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/
Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD
2. Boot from created disk.
Vista users. At first screen click on Repair your computer:
Windows 7 users. At first screen click on Install now:
Select your language and click next:
Click the button for "Use recovery tools":
The following applies to both, Vista and Windows 7 users.
This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
After this, it will present you with a list of options including startup repair, system restore and command prompt:
Select Command Prompt
Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter
Once completed then type Exit, press Enter and restart computer.
Post fresh MBRCheck log.
- Status
Similar threads
- Locked
Latest posts
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- GodisanAtheist replied
-
Upgraded 4K Chromecast with Google TV set to launch soon with improved hardware- hahahanoobs replied
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- Uncle Al replied
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return
- GodisanAtheist replied
