Welcome to GeekPolice!
HomeCan't access internet (ran malware-bytes)
Page 1 of 3 • 1, 2, 3 
- GMan316
Intermediate
-
OS : Windows XP Pro
Posts : 88
Rubies : 3996
Likes : 0 
GMan316 on 6th March 2011, 11:33 pm
Hi, I recently ran into some internet issues with my laptop. It says my internet is fine when I diagnose and repair in the network section (It has vista), but whenever I open one of my browers firefox or IE it says page cannot be displayed. I went to MS support and tried to reset my winsock and TCP/IP but to no avail. So I then ran malware-bytes and it found around 30 malwares and I removed them. However I'm still getting the same problem "Cannot connect" and "Page cannot be displayed when I try to browse the web.
Any help would be appreciated, Thanks.
Any help would be appreciated, Thanks.
- Dr Jay
Head Admin
-
Power of Youth! 
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15099
Rubies : 288605
Likes : 149 -
Dr Jay on 7th March 2011, 9:27 am
Please visit this webpage for a tutorial on downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
See the area: Using ComboFix, and when done, post the log back here.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
See the area: Using ComboFix, and when done, post the log back here.
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- GMan316Intermediate
-
OS : Windows XP Pro
Posts : 88
Rubies : 3996
Likes : 0 -
GMan316 on 7th March 2011, 11:54 pm
ComboFix 11-03-07.02 - RNC 03/07/2011 15:33:44.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3047.1782 [GMT -8:00]
Running from: c:\users\RNC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\LogFiles\Firewall\mpssvc.dat
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
c:\windows\system32\LogFiles\WMI\tscore1.etl
c:\windows\system32\LogFiles\WMI\tscore2.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-03-07 23:39 . 2011-03-07 23:39 -------- d-----w- c:\users\RNC\AppData\Local\temp
2011-03-07 23:39 . 2011-03-07 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 13:57 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-06 13:57 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-06 13:57 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\users\RNC\AppData\Roaming\Malwarebytes
2011-03-06 13:49 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\programdata\Malwarebytes
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 13:49 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-10-17 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-22 12:16 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-22 12:16 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-14 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-14 129560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^RNC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\RNC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-04-10 13:10 404248 ----a-w- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 21:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
2007-02-26 16:07 3946040 ----a-w- c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 02:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-02-20 21:48 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 22:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 22:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 11:22 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-02-20 539936]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys [2010-09-15 287792]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-04-10 1489688]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 102448]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-07 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - RNC.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{52C9EF2F-9C7C-47F9-8818-39DCE1D90EE6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-17 07:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\RNC\AppData\Roaming\Mozilla\Firefox\Profiles\fa7nkooi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 15:39
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\RNC\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-07 15:40:45
ComboFix-quarantined-files.txt 2011-03-07 23:40
ComboFix2.txt 2011-03-06 14:51
.
Pre-Run: 30,557,237,248 bytes free
Post-Run: 30,435,053,568 bytes free
.
- - End Of File - - 0EFE166FC5DB1DD32F504AA31451EDA7
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3047.1782 [GMT -8:00]
Running from: c:\users\RNC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\LogFiles\Firewall\mpssvc.dat
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
c:\windows\system32\LogFiles\WMI\tscore1.etl
c:\windows\system32\LogFiles\WMI\tscore2.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-03-07 23:39 . 2011-03-07 23:39 -------- d-----w- c:\users\RNC\AppData\Local\temp
2011-03-07 23:39 . 2011-03-07 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 13:57 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-06 13:57 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-06 13:57 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\users\RNC\AppData\Roaming\Malwarebytes
2011-03-06 13:49 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\programdata\Malwarebytes
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 13:49 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-10-17 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-22 12:16 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-22 12:16 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-14 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-14 129560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^RNC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\RNC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-04-10 13:10 404248 ----a-w- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 21:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
2007-02-26 16:07 3946040 ----a-w- c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 02:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-02-20 21:48 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 22:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 22:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 11:22 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-02-20 539936]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys [2010-09-15 287792]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-04-10 1489688]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 102448]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-07 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - RNC.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{52C9EF2F-9C7C-47F9-8818-39DCE1D90EE6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-17 07:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\RNC\AppData\Roaming\Mozilla\Firefox\Profiles\fa7nkooi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 15:39
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\RNC\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-07 15:40:45
ComboFix-quarantined-files.txt 2011-03-07 23:40
ComboFix2.txt 2011-03-06 14:51
.
Pre-Run: 30,557,237,248 bytes free
Post-Run: 30,435,053,568 bytes free
.
- - End Of File - - 0EFE166FC5DB1DD32F504AA31451EDA7
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15099
Rubies : 288605
Likes : 149 -
Dr Jay on 7th March 2011, 11:57 pm
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
- Double-click on MBRCheck.exe to run it.
- It will open a black window...please do not fix anything (if it gives you an option).
- When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
- A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
- Please copy and paste the contents of that log in your next reply.
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- GMan316Intermediate
-
OS : Windows XP Pro
Posts : 88
Rubies : 3996
Likes : 0 -
GMan316 on 8th March 2011, 12:06 am
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 187):
0x81C48000 \SystemRoot\system32\ntkrnlpa.exe
0x81C15000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80673000 \SystemRoot\system32\PSHED.dll
0x80684000 \SystemRoot\system32\BOOTVID.dll
0x8068C000 \SystemRoot\system32\CLFS.SYS
0x806CD000 \SystemRoot\system32\CI.dll
0x82201000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8227D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8228A000 \SystemRoot\system32\drivers\acpi.sys
0x822D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x822D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x822E1000 \SystemRoot\system32\drivers\pci.sys
0x82308000 \SystemRoot\System32\drivers\partmgr.sys
0x82317000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8231A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82324000 \SystemRoot\system32\drivers\volmgr.sys
0x82333000 \SystemRoot\System32\drivers\volmgrx.sys
0x8237D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x82384000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x82392000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x823BF000 \SystemRoot\System32\drivers\mountmgr.sys
0x82807000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x828CE000 \SystemRoot\system32\drivers\atapi.sys
0x828D6000 \SystemRoot\system32\drivers\ataport.SYS
0x828F4000 \SystemRoot\system32\drivers\fltmgr.sys
0x82926000 \SystemRoot\system32\drivers\fileinfo.sys
0x82936000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8293F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A202000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A519000 \SystemRoot\system32\drivers\volsnap.sys
0x8A552000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55A000 \SystemRoot\System32\Drivers\mup.sys
0x8A569000 \SystemRoot\System32\drivers\ecache.sys
0x8A590000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8A599000 \SystemRoot\system32\drivers\disk.sys
0x8A5AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A3CD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E400000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EA37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EAD6000 \SystemRoot\System32\drivers\watchdog.sys
0x8EAE3000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8EAEE000 \SystemRoot\system32\DRIVERS\serial.sys
0x8EB08000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8EB4A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EB55000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB93000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBA2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC08000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8EE37000 \SystemRoot\system32\DRIVERS\rismc32.sys
0x8EE43000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x8EE4E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EE5E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EE6C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EE86000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EE95000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x8EE9D000 \SystemRoot\system32\drivers\irenum.sys
0x8EEA6000 \SystemRoot\system32\DRIVERS\parport.sys
0x8EEBE000 \SystemRoot\system32\drivers\tpm.sys
0x8EECC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EEDF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8EEE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EEEF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EF1F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EF21000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EF2C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EF44000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8EF4F000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8EF52000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EF62000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EF69000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EF6D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EF76000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EFA4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EFE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EBB4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EFF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EBEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82B7D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F296000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F2A6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F2A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F2D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F2DC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F2E9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F31D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F326000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F337000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8F387000 \SystemRoot\system32\drivers\portcls.sys
0x8F3B4000 \SystemRoot\system32\drivers\drmk.sys
0x82B92000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F404000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F507000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5BB000 \SystemRoot\system32\drivers\modem.sys
0x8F5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F5D1000 \SystemRoot\System32\Drivers\Null.SYS
0x8F5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F5DF000 \SystemRoot\System32\drivers\vga.sys
0x8F3D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F5EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A5F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82BCF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x829B0000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x823CF000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F3FA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x8F5FB000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x82BE5000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x829DE000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x8A400000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x807AD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F802000 \SystemRoot\system32\drivers\afd.sys
0x8F84A000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8F856000 \SystemRoot\System32\Drivers\bthport.sys
0x8F890000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F8C2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8F9000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8F903000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F93F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8F950000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F95A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8F964000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys
0x8F9AD000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8FC01000 \SystemRoot\system32\drivers\btwavdt.sys
0x8FC68000 \SystemRoot\system32\drivers\btwaudio.sys
0x8FCE3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8FD41000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8FD44000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8FD61000 \SystemRoot\system32\drivers\csc.sys
0x8FDBB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FDD2000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8FDF3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A306000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8F9C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F9D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98070000 \SystemRoot\System32\win32k.sys
0x8F9D8000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F9E2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98290000 \SystemRoot\System32\TSDDD.dll
0x982B0000 \SystemRoot\System32\cdd.dll
0x807C1000 \SystemRoot\system32\drivers\luafv.sys
0x807DC000 \SystemRoot\system32\DRIVERS\irda.sys
0x82BF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADA05000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADA2F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADA39000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADA4C000 \SystemRoot\system32\drivers\spsys.sys
0xADAFB000 \SystemRoot\system32\drivers\HTTP.sys
0xADB68000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADB85000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADB9E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADBB3000 \SystemRoot\system32\drivers\mrxdav.sys
0xADBD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE006000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE03F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE057000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE07F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE0CD000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xAE0D4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE0D8000 \SystemRoot\system32\drivers\peauth.sys
0xAE1B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE1C0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE1CC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE1D4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE1EA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBAA28000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xBAA2A000 \??\C:\Users\RNC\AppData\Local\Temp\catchme.sys
0xBAA39000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBAA4E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77AE0000 \Windows\System32\ntdll.dll
Processes (total 64):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
604 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
692 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1276 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1436 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\svchost.exe
1760 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1900 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\AEADISRV.EXE
596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
720 C:\Program Files\Intel\AMT\atchksrv.exe
744 C:\Windows\System32\svchost.exe
1096 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1584 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1820 C:\Program Files\Intel\AMT\LMS.exe
1608 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\svchost.exe
2144 C:\Windows\System32\svchost.exe
2212 C:\Program Files\Intel\AMT\UNS.exe
2280 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\SearchIndexer.exe
2360 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2464 C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
2620 WmiPrvSE.exe
3236 C:\Windows\System32\taskeng.exe
3252 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
3276 C:\Windows\System32\dwm.exe
3880 C:\Windows\SMINST\Scheduler.exe
4020 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2088 C:\Windows\System32\igfxtray.exe
2200 C:\Windows\System32\hkcmd.exe
2288 C:\Windows\System32\igfxpers.exe
1792 C:\Windows\System32\igfxsrvc.exe
2984 C:\Program Files\Windows Media Player\wmpnscfg.exe
3048 C:\Program Files\Windows Media Player\wmpnetwk.exe
3136 C:\Windows\System32\taskeng.exe
3748 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3552 C:\Windows\SMINST\Scheduler.exe
3988 C:\Windows\System32\wuauclt.exe
2136 C:\Windows\System32\notepad.exe
3096 C:\Windows\explorer.exe
3296 WUDFHost.exe
532 C:\Windows\System32\SearchProtocolHost.exe
4056 C:\Windows\System32\SearchFilterHost.exe
544 C:\Users\RNC\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)
PhysicalDrive0 Model Number: ST980811AS, Rev: 3.BHE
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 187):
0x81C48000 \SystemRoot\system32\ntkrnlpa.exe
0x81C15000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80673000 \SystemRoot\system32\PSHED.dll
0x80684000 \SystemRoot\system32\BOOTVID.dll
0x8068C000 \SystemRoot\system32\CLFS.SYS
0x806CD000 \SystemRoot\system32\CI.dll
0x82201000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8227D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8228A000 \SystemRoot\system32\drivers\acpi.sys
0x822D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x822D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x822E1000 \SystemRoot\system32\drivers\pci.sys
0x82308000 \SystemRoot\System32\drivers\partmgr.sys
0x82317000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8231A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82324000 \SystemRoot\system32\drivers\volmgr.sys
0x82333000 \SystemRoot\System32\drivers\volmgrx.sys
0x8237D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x82384000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x82392000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x823BF000 \SystemRoot\System32\drivers\mountmgr.sys
0x82807000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x828CE000 \SystemRoot\system32\drivers\atapi.sys
0x828D6000 \SystemRoot\system32\drivers\ataport.SYS
0x828F4000 \SystemRoot\system32\drivers\fltmgr.sys
0x82926000 \SystemRoot\system32\drivers\fileinfo.sys
0x82936000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8293F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A202000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A519000 \SystemRoot\system32\drivers\volsnap.sys
0x8A552000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55A000 \SystemRoot\System32\Drivers\mup.sys
0x8A569000 \SystemRoot\System32\drivers\ecache.sys
0x8A590000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8A599000 \SystemRoot\system32\drivers\disk.sys
0x8A5AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A3CD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E400000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EA37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EAD6000 \SystemRoot\System32\drivers\watchdog.sys
0x8EAE3000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8EAEE000 \SystemRoot\system32\DRIVERS\serial.sys
0x8EB08000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8EB4A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EB55000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB93000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBA2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC08000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8EE37000 \SystemRoot\system32\DRIVERS\rismc32.sys
0x8EE43000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x8EE4E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EE5E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EE6C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EE86000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EE95000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x8EE9D000 \SystemRoot\system32\drivers\irenum.sys
0x8EEA6000 \SystemRoot\system32\DRIVERS\parport.sys
0x8EEBE000 \SystemRoot\system32\drivers\tpm.sys
0x8EECC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EEDF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8EEE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EEEF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EF1F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EF21000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EF2C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EF44000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8EF4F000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8EF52000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EF62000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EF69000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EF6D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EF76000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EFA4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EFE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EBB4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EFF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EBEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82B7D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F296000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F2A6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F2A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F2D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F2DC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F2E9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F31D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F326000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F337000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8F387000 \SystemRoot\system32\drivers\portcls.sys
0x8F3B4000 \SystemRoot\system32\drivers\drmk.sys
0x82B92000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F404000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F507000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5BB000 \SystemRoot\system32\drivers\modem.sys
0x8F5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F5D1000 \SystemRoot\System32\Drivers\Null.SYS
0x8F5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F5DF000 \SystemRoot\System32\drivers\vga.sys
0x8F3D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F5EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A5F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82BCF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x829B0000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x823CF000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F3FA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x8F5FB000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x82BE5000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x829DE000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x8A400000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x807AD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F802000 \SystemRoot\system32\drivers\afd.sys
0x8F84A000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8F856000 \SystemRoot\System32\Drivers\bthport.sys
0x8F890000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F8C2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8F9000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8F903000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F93F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8F950000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F95A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8F964000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys
0x8F9AD000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8FC01000 \SystemRoot\system32\drivers\btwavdt.sys
0x8FC68000 \SystemRoot\system32\drivers\btwaudio.sys
0x8FCE3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8FD41000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8FD44000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8FD61000 \SystemRoot\system32\drivers\csc.sys
0x8FDBB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FDD2000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8FDF3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A306000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8F9C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F9D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98070000 \SystemRoot\System32\win32k.sys
0x8F9D8000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F9E2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98290000 \SystemRoot\System32\TSDDD.dll
0x982B0000 \SystemRoot\System32\cdd.dll
0x807C1000 \SystemRoot\system32\drivers\luafv.sys
0x807DC000 \SystemRoot\system32\DRIVERS\irda.sys
0x82BF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADA05000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADA2F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADA39000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADA4C000 \SystemRoot\system32\drivers\spsys.sys
0xADAFB000 \SystemRoot\system32\drivers\HTTP.sys
0xADB68000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADB85000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADB9E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADBB3000 \SystemRoot\system32\drivers\mrxdav.sys
0xADBD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE006000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE03F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE057000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE07F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE0CD000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xAE0D4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE0D8000 \SystemRoot\system32\drivers\peauth.sys
0xAE1B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE1C0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE1CC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE1D4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE1EA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBAA28000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xBAA2A000 \??\C:\Users\RNC\AppData\Local\Temp\catchme.sys
0xBAA39000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBAA4E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77AE0000 \Windows\System32\ntdll.dll
Processes (total 64):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
604 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
692 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1276 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1436 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\svchost.exe
1760 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1900 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\AEADISRV.EXE
596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
720 C:\Program Files\Intel\AMT\atchksrv.exe
744 C:\Windows\System32\svchost.exe
1096 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1584 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1820 C:\Program Files\Intel\AMT\LMS.exe
1608 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\svchost.exe
2144 C:\Windows\System32\svchost.exe
2212 C:\Program Files\Intel\AMT\UNS.exe
2280 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\SearchIndexer.exe
2360 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2464 C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
2620 WmiPrvSE.exe
3236 C:\Windows\System32\taskeng.exe
3252 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
3276 C:\Windows\System32\dwm.exe
3880 C:\Windows\SMINST\Scheduler.exe
4020 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2088 C:\Windows\System32\igfxtray.exe
2200 C:\Windows\System32\hkcmd.exe
2288 C:\Windows\System32\igfxpers.exe
1792 C:\Windows\System32\igfxsrvc.exe
2984 C:\Program Files\Windows Media Player\wmpnscfg.exe
3048 C:\Program Files\Windows Media Player\wmpnetwk.exe
3136 C:\Windows\System32\taskeng.exe
3748 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3552 C:\Windows\SMINST\Scheduler.exe
3988 C:\Windows\System32\wuauclt.exe
2136 C:\Windows\System32\notepad.exe
3096 C:\Windows\explorer.exe
3296 WUDFHost.exe
532 C:\Windows\System32\SearchProtocolHost.exe
4056 C:\Windows\System32\SearchFilterHost.exe
544 C:\Users\RNC\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)
PhysicalDrive0 Model Number: ST980811AS, Rev: 3.BHE
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15099
Rubies : 288605
Likes : 149 -
Dr Jay on 8th March 2011, 1:31 am
Fix using MBRCheck.exe
Run MBRCheck.exe again by double-clicking on it.
Run MBRCheck.exe again by double-clicking on it.
- Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
- Enter 'Y' and then press Enter.
- When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
- Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
- Enter 0 and press the Enter key.
- The program will show Available MBR codes followed by a list of operating systems as shown below: Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:
- Please select your version of Windows from the list and enter the corresponding number and then press Enter.
- When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
- Left-click on the title bar (where program name and path is written).
- From the menu chose Edit -> Select All.
- Press the Enter key to copy selected text.
- Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
- When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
- Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
- If your computer does not restart on its own, please restart it manually.
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- GMan316Intermediate
-
OS : Windows XP Pro
Posts : 88
Rubies : 3996
Likes : 0 -
GMan316 on 8th March 2011, 1:44 am
I messed up and didn't do these parts:
# Left-click on the title bar (where program name and path is written).
# From the menu chose Edit -> Select All.
# Press the Enter key to copy selected text.
# Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
# When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
# Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
# If your computer does not restart on its own, please restart it manually.
Should I just re-run the program again?
# Left-click on the title bar (where program name and path is written).
# From the menu chose Edit -> Select All.
# Press the Enter key to copy selected text.
# Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
# When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
# Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
# If your computer does not restart on its own, please restart it manually.
Should I just re-run the program again?
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security; Bitdefender Mobile Security
Posts : 15099
Rubies : 288605
Likes : 149 -
Dr Jay on 8th March 2011, 1:46 am
Yeah. Try once more.
Dr Jay
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
Head Administrator / Lead Security Administrator / Project Manager
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ Fun Stuff
- GMan316Intermediate
-
OS : Windows XP Pro
Posts : 88
Rubies : 3996
Likes : 0 -
GMan316 on 8th March 2011, 1:52 am
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000003c
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Press ENTER to exit...
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000003c
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Press ENTER to exit...
Page 1 of 3 • 1, 2, 3
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 3
Permissions in this forum:
You can reply to topics in this forum
