Can't access internet (ran malware-bytes)

by GMan316 on Mon 07 Mar 2011, 10:33 am

Hi, I recently ran into some internet issues with my laptop. It says my internet is fine when I diagnose and repair in the network section (It has vista), but whenever I open one of my browers firefox or IE it says page cannot be displayed. I went to MS support and tried to reset my winsock and TCP/IP but to no avail. So I then ran malware-bytes and it found around 30 malwares and I removed them. However I'm still getting the same problem "Cannot connect" and "Page cannot be displayed when I try to browse the web.

Any help would be appreciated, Thanks.

by **DragonMaster Jay** on Mon 07 Mar 2011, 8:27 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.

by GMan316 on Tue 08 Mar 2011, 10:54 am

ComboFix 11-03-07.02 - RNC 03/07/2011 15:33:44.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3047.1782 [GMT -8:00]
Running from: c:\users\RNC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\LogFiles\Firewall\mpssvc.dat
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
c:\windows\system32\LogFiles\WMI\tscore1.etl
c:\windows\system32\LogFiles\WMI\tscore2.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-03-07 23:39 . 2011-03-07 23:39 -------- d-----w- c:\users\RNC\AppData\Local\temp
2011-03-07 23:39 . 2011-03-07 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 13:57 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-06 13:57 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-06 13:57 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\users\RNC\AppData\Roaming\Malwarebytes
2011-03-06 13:49 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\programdata\Malwarebytes
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 13:49 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-10-17 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-22 12:16 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-22 12:16 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-14 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-14 129560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^RNC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\RNC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-04-10 13:10 404248 ----a-w- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 21:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
2007-02-26 16:07 3946040 ----a-w- c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 02:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-02-20 21:48 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 22:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 22:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 11:22 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-02-20 539936]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys [2010-09-15 287792]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-04-10 1489688]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 102448]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-07 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - RNC.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{52C9EF2F-9C7C-47F9-8818-39DCE1D90EE6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-17 07:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\RNC\AppData\Roaming\Mozilla\Firefox\Profiles\fa7nkooi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-07 15:39
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\RNC\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-07 15:40:45
ComboFix-quarantined-files.txt 2011-03-07 23:40
ComboFix2.txt 2011-03-06 14:51
.
Pre-Run: 30,557,237,248 bytes free
Post-Run: 30,435,053,568 bytes free
.
- - End Of File - - 0EFE166FC5DB1DD32F504AA31451EDA7

by GMan316 on Tue 08 Mar 2011, 10:56 am

After running it, I'm still getting the:
"UNABLE TO CONNECT
Firefox can't establish connection to the server"

by **DragonMaster Jay** on Tue 08 Mar 2011, 10:57 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1

Link 2

Link 3

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

by GMan316 on Tue 08 Mar 2011, 11:06 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 187):
0x81C48000 \SystemRoot\system32\ntkrnlpa.exe
0x81C15000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80673000 \SystemRoot\system32\PSHED.dll
0x80684000 \SystemRoot\system32\BOOTVID.dll
0x8068C000 \SystemRoot\system32\CLFS.SYS
0x806CD000 \SystemRoot\system32\CI.dll
0x82201000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8227D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8228A000 \SystemRoot\system32\drivers\acpi.sys
0x822D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x822D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x822E1000 \SystemRoot\system32\drivers\pci.sys
0x82308000 \SystemRoot\System32\drivers\partmgr.sys
0x82317000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8231A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82324000 \SystemRoot\system32\drivers\volmgr.sys
0x82333000 \SystemRoot\System32\drivers\volmgrx.sys
0x8237D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x82384000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x82392000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x823BF000 \SystemRoot\System32\drivers\mountmgr.sys
0x82807000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x828CE000 \SystemRoot\system32\drivers\atapi.sys
0x828D6000 \SystemRoot\system32\drivers\ataport.SYS
0x828F4000 \SystemRoot\system32\drivers\fltmgr.sys
0x82926000 \SystemRoot\system32\drivers\fileinfo.sys
0x82936000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8293F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A202000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A519000 \SystemRoot\system32\drivers\volsnap.sys
0x8A552000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55A000 \SystemRoot\System32\Drivers\mup.sys
0x8A569000 \SystemRoot\System32\drivers\ecache.sys
0x8A590000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8A599000 \SystemRoot\system32\drivers\disk.sys
0x8A5AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A3CD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E400000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EA37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EAD6000 \SystemRoot\System32\drivers\watchdog.sys
0x8EAE3000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8EAEE000 \SystemRoot\system32\DRIVERS\serial.sys
0x8EB08000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8EB4A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EB55000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB93000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBA2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC08000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8EE37000 \SystemRoot\system32\DRIVERS\rismc32.sys
0x8EE43000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x8EE4E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EE5E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EE6C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EE86000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EE95000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x8EE9D000 \SystemRoot\system32\drivers\irenum.sys
0x8EEA6000 \SystemRoot\system32\DRIVERS\parport.sys
0x8EEBE000 \SystemRoot\system32\drivers\tpm.sys
0x8EECC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EEDF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8EEE4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EEEF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EF1F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EF21000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EF2C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EF44000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8EF4F000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8EF52000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EF62000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EF69000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EF6D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EF76000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EFA4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EFE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EBB4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EFF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EBEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82B7D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F296000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F2A6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F2A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F2D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F2DC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F2E9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F31D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F326000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F337000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8F387000 \SystemRoot\system32\drivers\portcls.sys
0x8F3B4000 \SystemRoot\system32\drivers\drmk.sys
0x82B92000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F404000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F507000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5BB000 \SystemRoot\system32\drivers\modem.sys
0x8F5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F5D1000 \SystemRoot\System32\Drivers\Null.SYS
0x8F5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F5DF000 \SystemRoot\System32\drivers\vga.sys
0x8F3D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F5EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A5F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82BCF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x829B0000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x823CF000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F3FA000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x8F5FB000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x82BE5000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x829DE000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x8A400000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x807AD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F802000 \SystemRoot\system32\drivers\afd.sys
0x8F84A000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8F856000 \SystemRoot\System32\Drivers\bthport.sys
0x8F890000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F8C2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8F9000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8F903000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F93F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8F950000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F95A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8F964000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys
0x8F9AD000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8FC01000 \SystemRoot\system32\drivers\btwavdt.sys
0x8FC68000 \SystemRoot\system32\drivers\btwaudio.sys
0x8FCE3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8FD41000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8FD44000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8FD61000 \SystemRoot\system32\drivers\csc.sys
0x8FDBB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FDD2000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8FDF3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A306000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8F9C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F9D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98070000 \SystemRoot\System32\win32k.sys
0x8F9D8000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F9E2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98290000 \SystemRoot\System32\TSDDD.dll
0x982B0000 \SystemRoot\System32\cdd.dll
0x807C1000 \SystemRoot\system32\drivers\luafv.sys
0x807DC000 \SystemRoot\system32\DRIVERS\irda.sys
0x82BF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADA05000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADA2F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADA39000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADA4C000 \SystemRoot\system32\drivers\spsys.sys
0xADAFB000 \SystemRoot\system32\drivers\HTTP.sys
0xADB68000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADB85000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADB9E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADBB3000 \SystemRoot\system32\drivers\mrxdav.sys
0xADBD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE006000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE03F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE057000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE07F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE0CD000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xAE0D4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE0D8000 \SystemRoot\system32\drivers\peauth.sys
0xAE1B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE1C0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE1CC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE1D4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE1EA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBAA28000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xBAA2A000 \??\C:\Users\RNC\AppData\Local\Temp\catchme.sys
0xBAA39000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBAA4E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77AE0000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
604 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
692 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
896 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1276 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1436 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\svchost.exe
1760 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1900 C:\Windows\System32\spoolsv.exe
1932 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\AEADISRV.EXE
596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
720 C:\Program Files\Intel\AMT\atchksrv.exe
744 C:\Windows\System32\svchost.exe
1096 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1584 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1820 C:\Program Files\Intel\AMT\LMS.exe
1608 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\svchost.exe
2144 C:\Windows\System32\svchost.exe
2212 C:\Program Files\Intel\AMT\UNS.exe
2280 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\SearchIndexer.exe
2360 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2464 C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
2620 WmiPrvSE.exe
3236 C:\Windows\System32\taskeng.exe
3252 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
3276 C:\Windows\System32\dwm.exe
3880 C:\Windows\SMINST\Scheduler.exe
4020 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2088 C:\Windows\System32\igfxtray.exe
2200 C:\Windows\System32\hkcmd.exe
2288 C:\Windows\System32\igfxpers.exe
1792 C:\Windows\System32\igfxsrvc.exe
2984 C:\Program Files\Windows Media Player\wmpnscfg.exe
3048 C:\Program Files\Windows Media Player\wmpnetwk.exe
3136 C:\Windows\System32\taskeng.exe
3748 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3552 C:\Windows\SMINST\Scheduler.exe
3988 C:\Windows\System32\wuauclt.exe
2136 C:\Windows\System32\notepad.exe
3096 C:\Windows\explorer.exe
3296 WUDFHost.exe
532 C:\Windows\System32\SearchProtocolHost.exe
4056 C:\Windows\System32\SearchFilterHost.exe
544 C:\Users\RNC\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)

PhysicalDrive0 Model Number: ST980811AS, Rev: 3.BHE

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

by **DragonMaster Jay** on Tue 08 Mar 2011, 12:31 pm

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter 'Y' and then press Enter.
When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
Enter 0 and press the Enter key.
The program will show Available MBR codes followed by a list of operating systems as shown below:
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:

Please select your version of Windows from the list and enter the corresponding number and then press Enter.
When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
Left-click on the title bar (where program name and path is written).
From the menu chose Edit -> Select All.
Press the Enter key to copy selected text.
Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
If your computer does not restart on its own, please restart it manually.

by GMan316 on Tue 08 Mar 2011, 12:44 pm

I messed up and didn't do these parts:

# Left-click on the title bar (where program name and path is written).
# From the menu chose Edit -> Select All.
# Press the Enter key to copy selected text.
# Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
# When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
# Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
# If your computer does not restart on its own, please restart it manually.

Should I just re-run the program again?

by **DragonMaster Jay** on Tue 08 Mar 2011, 12:46 pm

Yeah. Try once more.

by GMan316 on Tue 08 Mar 2011, 12:52 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000003c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!
Press ENTER to exit...

by **DragonMaster Jay** on Tue 08 Mar 2011, 8:40 pm

Now, please re-run MBRCheck and post a log only.

by GMan316 on Tue 08 Mar 2011, 9:35 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq 6910p
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 182):
0x81C38000 \SystemRoot\system32\ntkrnlpa.exe
0x81C05000 \SystemRoot\system32\hal.dll
0x8060F000 \SystemRoot\system32\kdcom.dll
0x80617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x8220A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82286000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82293000 \SystemRoot\system32\drivers\acpi.sys
0x822D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x822E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x822EA000 \SystemRoot\system32\drivers\pci.sys
0x82311000 \SystemRoot\System32\drivers\partmgr.sys
0x82320000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82323000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8232D000 \SystemRoot\system32\drivers\volmgr.sys
0x8233C000 \SystemRoot\System32\drivers\volmgrx.sys
0x82386000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8238D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8239B000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x823C8000 \SystemRoot\System32\drivers\mountmgr.sys
0x8280C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x828D3000 \SystemRoot\system32\drivers\atapi.sys
0x828DB000 \SystemRoot\system32\drivers\ataport.SYS
0x828F9000 \SystemRoot\system32\drivers\fltmgr.sys
0x8292B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8293B000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82944000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0E000 \SystemRoot\system32\drivers\ndis.sys
0x82B19000 \SystemRoot\system32\drivers\msrpc.sys
0x82B44000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A206000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A514000 \SystemRoot\system32\drivers\volsnap.sys
0x8A54D000 \SystemRoot\System32\Drivers\spldr.sys
0x8A555000 \SystemRoot\System32\Drivers\mup.sys
0x8A564000 \SystemRoot\System32\drivers\ecache.sys
0x8A58B000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8A594000 \SystemRoot\system32\drivers\disk.sys
0x8A5A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A5F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E20A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E841000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E8E0000 \SystemRoot\System32\drivers\watchdog.sys
0x8E8ED000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8E8F8000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E912000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E91C000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8E954000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E95F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E99D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EA05000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8EC34000 \SystemRoot\system32\DRIVERS\rismc32.sys
0x8EC40000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x8EC4B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EC5B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EC69000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EC83000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EC92000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x8EC9A000 \SystemRoot\system32\drivers\irenum.sys
0x8ECA3000 \SystemRoot\system32\DRIVERS\parport.sys
0x8ECBB000 \SystemRoot\system32\drivers\tpm.sys
0x8ECC9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ECDC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8ECE1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ECEC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ED1C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED1E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ED29000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ED41000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8ED4C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8ED4F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED5F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED66000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ED6A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ED73000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EDA1000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDE2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E9BE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E9D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A3D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3E0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82B7E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F009000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F092000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F0A2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F0A4000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F0CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F0D8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F0E5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F119000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F122000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F133000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8F183000 \SystemRoot\system32\drivers\portcls.sys
0x8F1B0000 \SystemRoot\system32\drivers\drmk.sys
0x82B93000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F20E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F311000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F3C5000 \SystemRoot\system32\drivers\modem.sys
0x8F3D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F3DB000 \SystemRoot\System32\Drivers\Null.SYS
0x8F3E2000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F3E9000 \SystemRoot\System32\drivers\vga.sys
0x8F1D5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F3F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F200000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A3F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x82BD0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F1F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82BDE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x829B5000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x823D8000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F208000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x8F3FD000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x82BF4000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x807B1000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x8F000000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x829E3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F60D000 \SystemRoot\system32\drivers\afd.sys
0x8F655000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F687000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F69D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F6AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F6BE000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8F6C8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F704000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8F710000 \SystemRoot\System32\Drivers\bthport.sys
0x8F74A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F754000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys
0x8F79D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8F7AE000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8F7B8000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x90006000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x90064000 \SystemRoot\system32\drivers\btwavdt.sys
0x900CB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x900E8000 \SystemRoot\system32\drivers\btwaudio.sys
0x90163000 \SystemRoot\system32\drivers\csc.sys
0x901BD000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x901C0000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F7D2000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x901E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A30A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x980B0000 \SystemRoot\System32\win32k.sys
0x901F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x982D0000 \SystemRoot\System32\TSDDD.dll
0x982F0000 \SystemRoot\System32\cdd.dll
0x807E2000 \SystemRoot\system32\drivers\luafv.sys
0xAB60E000 \SystemRoot\system32\drivers\spsys.sys
0xAB6BD000 \SystemRoot\system32\DRIVERS\irda.sys
0xAB6DB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAB6EB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAB715000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB71F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB732000 \SystemRoot\system32\drivers\HTTP.sys
0xAB79F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB7BC000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB7D5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAC602000 \SystemRoot\system32\drivers\mrxdav.sys
0xAC622000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAC641000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAC67A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC692000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC6BA000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC708000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xAC70F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC713000 \SystemRoot\system32\drivers\peauth.sys
0xAC7F1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB7EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB7F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAFC07000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAFC56000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAFC5F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAFC67000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77190000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
608 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\audiodg.exe
1340 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\SLsvc.exe
1416 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\svchost.exe
1816 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1944 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\AEADISRV.EXE
1760 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
220 C:\Program Files\Intel\AMT\atchksrv.exe
768 C:\Windows\System32\svchost.exe
688 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1576 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2128 C:\Program Files\Intel\AMT\LMS.exe
2184 C:\Windows\System32\svchost.exe
2216 C:\Windows\System32\svchost.exe
2336 C:\Windows\System32\svchost.exe
2348 C:\Windows\System32\taskeng.exe
2388 C:\Windows\System32\svchost.exe
2428 C:\Windows\System32\dwm.exe
2444 C:\Program Files\Intel\AMT\UNS.exe
2556 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
2612 C:\Windows\explorer.exe
2628 C:\Windows\System32\svchost.exe
2656 C:\Windows\System32\SearchIndexer.exe
2720 C:\Windows\System32\drivers\XAudio.exe
2740 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2968 C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
3128 WmiPrvSE.exe
3564 C:\Windows\SMINST\Scheduler.exe
3660 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3696 C:\Windows\System32\igfxtray.exe
3708 C:\Windows\System32\hkcmd.exe
3724 C:\Windows\System32\igfxpers.exe
3852 C:\Windows\System32\igfxsrvc.exe
1972 C:\Program Files\Windows Media Player\wmpnscfg.exe
2208 C:\Program Files\Windows Media Player\wmpnetwk.exe
2592 C:\Windows\System32\taskeng.exe
3124 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1088 C:\Windows\System32\wuauclt.exe
3260 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2140 dllhost.exe
3300 dllhost.exe
240 C:\Users\RNC\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`3e900000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`aba00000 (NTFS)

PhysicalDrive0 Model Number: ST980811AS, Rev: 3.BHE

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 39D13A0D73A169D91F3DD491EE95C651910CCFEE

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

by **DragonMaster Jay** on Wed 09 Mar 2011, 2:46 pm

Please re-run ComboFix and post a log. Looks like this infection is a bit intense.

by GMan316 on Wed 09 Mar 2011, 4:31 pm

will do

by GMan316 on Wed 09 Mar 2011, 5:49 pm

ComboFix 11-03-07.02 - RNC 03/08/2011 22:25:20.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3047.2145 [GMT -8:00]
Running from: c:\users\RNC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles . . . . Failed to delete
c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl . . . . Failed to delete
c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl . . . . Failed to delete
c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl . . . . Failed to delete
c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl . . . . Failed to delete
c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 06:31 . 2011-03-09 06:33 -------- d-----w- c:\users\RNC\AppData\Local\temp
2011-03-09 06:31 . 2011-03-09 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-07 23:52 . 2007-09-14 03:09 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-03-06 13:57 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-06 13:57 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-06 13:57 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\users\RNC\AppData\Roaming\Malwarebytes
2011-03-06 13:49 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\programdata\Malwarebytes
2011-03-06 13:49 . 2011-03-06 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 13:49 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2010-10-17 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-22 12:16 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-22 12:16 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-14 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-14 129560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^RNC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\RNC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2007-04-10 13:10 404248 ----a-w- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 21:59 115816 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
2007-02-26 16:07 3946040 ----a-w- c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 02:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-02-20 21:48 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 22:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 22:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 11:22 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-02-20 539936]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20101013.001\IDSvix86.sys [2010-09-15 287792]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-04-10 1489688]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 102448]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - RNC.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{52C9EF2F-9C7C-47F9-8818-39DCE1D90EE6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-17 07:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\RNC\AppData\Roaming\Mozilla\Firefox\Profiles\fa7nkooi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-08 22:33
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2316)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\SMINST\scheduler.exe
.
**************************************************************************
.
Completion time: 2011-03-08 22:37:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-09 06:37
ComboFix2.txt 2011-03-07 23:40
ComboFix3.txt 2011-03-06 14:51
.
Pre-Run: 30,736,580,608 bytes free
Post-Run: 30,545,448,960 bytes free
.
- - End Of File - - 6E1C17D068811E003BB74317CC998FB6

by **DragonMaster Jay** on Wed 09 Mar 2011, 9:47 pm

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis
Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
When finished, a message will be displayed at the bottom advising if any viruses were found.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found.
If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when you have finished.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

by GMan316 on Sat 12 Mar 2011, 6:05 pm

Sorry for the delayed reply

I ran drweb as instructed, both express and custom scan. When it ran the express scan it found nothing. When I did the custom scan it did find one thing, but it didn't give me the option to cure it only to "move it" which I'm guessing is some sort of quarantine.

The custom scan itself took 4 hours and 20 minutes. Was it supposed to take that long? I had it scan the C drive only. The log file is 55 MBs big... I'm not sure I can actually post the whole thing can I?

I just saw that I had to save the report list, which I didn't do. Is it's content in the actual log file? Or do I have to run the whole custom scan again?

Thanks

by **DragonMaster Jay** on Mon 14 Mar 2011, 2:27 pm

Well how is the computer running at this point?

by GMan316 on Mon 14 Mar 2011, 4:52 pm

DragonMaster Jay wrote:Well how is the computer running at this point?

Yes, the computer is running. It's actually fine with the exception of not being able to access the internet.

by **DragonMaster Jay** on Mon 14 Mar 2011, 6:28 pm

Please download RenewMyDNS by DragonMaster Jay.

Save it to your Desktop.
Double-click RenewMyDNS.exe to start the program.
Follow the prompts, and when finished it will launch a log.
Post that log in your next reply.
After posting the log, delete RenewMyDNS.exe

by GMan316 on Sun 20 Mar 2011, 12:36 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows [Version 6.0.6001]

``````````Network and DNS Information``````````

Windows IP Configuration

Host Name . . . . . . . . . . . . : arigato
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AG
Physical Address. . . . . . . . . : 00-21-5C-64-60-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ca.comcast.net.
Description . . . . . . . . . . . : Intel(R) 82566MM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1E-EC-8D-9A-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3d93:fede:255d:bd6%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, March 19, 2011 6:19:05 PM
Lease Expires . . . . . . . . . . : Tuesday, March 22, 2011 6:19:02 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-21-86-6E-77-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.sgt.cpqcorp.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ca.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.ca.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{47F9439F-7D39-44BA-A644-27E5F7C901AC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{98E4E2D4-A632-49E5-B3D9-4B842B5C2F56}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

``````````Speed-test - Ping``````````

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=73ms TTL=52

Reply from 209.191.122.70: bytes=32 time=112ms TTL=52

Reply from 209.191.122.70: bytes=32 time=59ms TTL=52

Reply from 209.191.122.70: bytes=32 time=57ms TTL=52

Ping statistics for 209.191.122.70:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 112ms, Average = 75ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:

Reply from 64.202.189.170: bytes=32 time=41ms TTL=114

Reply from 64.202.189.170: bytes=32 time=42ms TTL=114

Reply from 64.202.189.170: bytes=32 time=52ms TTL=114

Reply from 64.202.189.170: bytes=32 time=43ms TTL=114

Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 52ms, Average = 44ms

Pinging facebook.com [69.63.181.12] with 32 bytes of data:

Reply from 69.63.181.12: bytes=32 time=38ms TTL=244

Reply from 69.63.181.12: bytes=32 time=24ms TTL=244

Reply from 69.63.181.12: bytes=32 time=23ms TTL=244

Reply from 69.63.181.12: bytes=32 time=17ms TTL=244

Ping statistics for 69.63.181.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 38ms, Average = 25ms

Pinging google.com [74.125.224.83] with 32 bytes of data:

Reply from 74.125.224.83: bytes=32 time=17ms TTL=54

Reply from 74.125.224.83: bytes=32 time=16ms TTL=54

Reply from 74.125.224.83: bytes=32 time=35ms TTL=54

Reply from 74.125.224.83: bytes=32 time=25ms TTL=54

Ping statistics for 74.125.224.83:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 35ms, Average = 23ms

********************
EOF

by **DragonMaster Jay** on Tue 22 Mar 2011, 4:20 am

Have you called your Internet Service Provider to make sure your service has not been turned off?

by GMan316 on Wed 06 Apr 2011, 5:09 pm

DragonMaster Jay wrote:Have you called your Internet Service Provider to make sure your service has not been turned off?

The internet works on my desktop and netbook. It just doesn't work on the laptop. Should I just reformat and hope that fixes it?

by Sponsored content Today at 7:54 am

Can't access internet (ran malware-bytes)

Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)

Re: Can't access internet (ran malware-bytes)