MBR Code FAked - cant seem to fix it

View previous topic View next topic Go down

MBR Code FAked - cant seem to fix it

Post by MJ1 on 16th April 2011, 9:38 am

Hello,
I am running WINDOWS VISTA and the machine does not want to start up so I checked the mbrCheck and here is the txt. - I did hit Y and then tried to fix it when it asked for the physical drive I put 5 but it didn't work, I am just now going to restart the machine and run malware bytes ( I di d run it before and it came out clean) . Any help appreciated.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: GX612AA-A2L m8330f
Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`1f07a000 (NTFS)
\\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive5 MBR Code Faked!
SHA1: 8D37583015352DE595F27D8D4B834B0335A5A5E9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 16th April 2011, 10:43 am

Since turning it off - I now can't get it to load windows. Hmmm- I am just going to go to bed and will check back here for suggestions tomorrow.

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 16th April 2011, 3:36 pm

Hi

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.]Then post your DDS (DDS.txt and Attach.txt

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 16th April 2011, 11:16 pm

My computer won't start at all now - it says files got corrupted.
I don't have a boot disc. I am writing this from a different computer.

I saved some files from the infected computer to an external hard drive. Is my external hard drive now infected? I also need to get an excel file that was on the infected computer last night and work on it. If I now transfer it to this computer, will this computer become infected?

PLease let me know what to do now to get the infected computer to start up.

Thanks,
Lee

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 16th April 2011, 11:59 pm

If the files are executable files or end with .exe, .scr, .rar, .zip, .htm, .html that you had moved to your external hard drive? Then most likely your external hard drive is infected.

Okay, well first off you need to separate all of the computers from each other. They cannot be on the same network at the same time. I've used Avira AntiVir Rescue System with success to move on to the next stage.

Avira AntiVir Rescue System Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.].
    If you encounter problems running the Rescue Disk, you can get further assistance at the [You must be registered and logged in to see this link.].

  • Place a blank CD in your burner and double-click on the downloaded file named [B]rescue_system-common-en.exe
  • The program will automatically burn the CD for you.
  • Place the burned CD into the affected computer and start the computer from this CD.
  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
  • Click on the Configuration button.

    • Select Scan all files
    • Select Try to repair infected files and Rename files, if they cannot be removed
    • Select Scan for dialers
    • Select Scan for joke programs (Jokes)
    • Select Scan for games
    • Select Scan for spyware (SPR)

  • Click on Virus scanner
  • Click on Start scanner at the bottom of the screen
  • When the scan is finished, you can save the scan report by clicking on Save and then by choosing where to save it So be sure to save the report and post it. For further review.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 17th April 2011, 2:07 am

OK - I got lucky as I hadn't read this thread and my computer went on. So here are the first dds filrs you requested.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Spirit at 20:02:17.23 on 16/04/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1210 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\SLsvc.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxeccoms.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\Dwm.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\WINDOWS\ehome\ehsched.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\mobsync.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Free Download Manager\fdm.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\RacAgent.exe
C:\Users\Spirit\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\spirit\appdata\roaming\mozilla\firefox\profiles\1b7o77nf.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\spirit\appdata\roaming\mozilla\firefox\profiles\1b7o77nf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\spirit\appdata\roaming\mozilla\firefox\profiles\1b7o77nf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\spirit\appdata\roaming\mozilla\firefox\profiles\1b7o77nf.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RankChecker: [You must be registered and logged in to see this link.] - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Search Site: searchsite@DW-dev - %profile%\extensions\searchsite@DW-dev
FF - Ext: SEO For Firefox: [You must be registered and logged in to see this link.] - %profile%\extensions\seo4firefox@seobook.com
FF - Ext: SeoQuake Plugin - Technorati.com: [You must be registered and logged in to see this link.] - %profile%\extensions\seoquake-plugin-technorati@seoquake.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Affiliate Espionage: {63b70e6a-ea9d-4de2-8166-d6c4308099ee} - %profile%\extensions\{63b70e6a-ea9d-4de2-8166-d6c4308099ee}
FF - Ext: affilorama: {7822cf50-08ee-4915-9872-ee92472df6cb} - %profile%\extensions\{7822cf50-08ee-4915-9872-ee92472df6cb}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: OnlyWire: {e26ba8db-a646-a44e-997c-2fafeadb50f2} - %profile%\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Easy-Hide-IP Firefox Plugin: [You must be registered and logged in to see this link.] - c:\program files\easy-hide-ip\ff-extension
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-10-18 125304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-28 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-15 130936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-5-4 21504]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2007-7-6 417792]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-4 21504]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-3-9 23400]
R3 rdsdrvdm;rdsdrvdm;c:\windows\system32\drivers\rdsdrvdm.sys [2009-4-29 27648]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2009-11-11 158336]
S2 gupdate1c9b34e873fb8ef;Google Update Service (gupdate1c9b34e873fb8ef);c:\program files\google\update\GoogleUpdate.exe [2009-4-1 133104]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-4-14 193192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2008-12-18 20992]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-4-1 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-4-1 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-4-1 81288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-1 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-1 1095560]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-16 08:19:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-16 08:19:03 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-16 08:18:57 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-16 08:18:57 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-16 08:18:57 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-16 08:18:57 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-16 08:18:53 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-16 08:18:52 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-16 08:18:45 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-16 08:18:45 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-16 08:18:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-16 08:18:37 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-16 08:18:37 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-16 08:15:20 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-16 08:15:20 389632 ----a-w- c:\windows\system32\html.iec
2011-04-16 08:15:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-16 08:15:04 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-16 08:07:44 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-04-16 08:07:39 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-16 08:05:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-03-30 23:16:52 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-03-22 21:24:57 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 21:24:57 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 21:24:57 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-02-10 06:19:21 1525039 ----a-w- c:\windows\Hot Keyword Agent Uninstaller.exe
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-22 22:44:13 0 ----a-w- C:\sp26950.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 20:05:43.10 ===============

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 17th April 2011, 2:13 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/04/2008 4:05:06 PM
System Uptime: 16/04/2011 7:42:41 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA3
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 52.512 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.284 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1st TurboRun Internet 1.0
ABBYY FineReader 6.0 Sprint
Acrobat.com
Active MediaMagnet
Ad-Aware
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Elements 2.0
Adobe Reader 9.2
Advanced SystemCare 3
Agent Ransack Version 1.7.3
AI RoboForm (All Users)
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Article Architect 2.4.1
Article Submitter 1.4
Artisteer 2
Auto Click Profit
AVG 2011
BlogHatter beta
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CommentKahuna
Compatibility Pack for the 2007 Office system
Content Magnet Article Extractor 1.0
ContentBuzz
CyberLink DVD Suite Deluxe
Desktop Spider 3.0
DisplayLink Core Software
DivX Web Player
Dragon NaturallySpeaking 10
DriverMax 5
Easy-Hide-IP 3.7.4
Easy Lead Finder
Enhanced Multimedia Keyboard Solution
EPSON Scan
ExamDiff 1.8 (Build 1.8.0.3)
FFB - Facebook Friend Bomber
FileBox eXtender
FileZilla Client 3.3.5.1
Free Download Manager 3.0
gKeywordTool 1.0
Google Apps
Google Chrome
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoogleSearchTool
GoToMeeting 4.5.0.457
H&R Block At Home™ 2009
H&R Block At Home™ Updater 2009
H&R Block Tax 2008
H&R Block Tax Updater 2008
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hot Keyword Agent
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Update
HPPhotoSmartPhotobookWebPack1
IBP 11.6
InfoRapid Search & Replace
InstantArticleWizard
IOGEAR Software Suit 3.0
IRISPen Express 6
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
JobTabs 2006
JobTabs Job Search & Resume
Keyword Magic Professional v1.5
LabelPrint
Lexmark Printable Web
Lexmark Pro800-Pro900 Series
Lexmark Toolbar
LightScribe System Software
LightScribe Template Labeler
Link Building Tool 1.1
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Malwarebytes' Anti-Malware
Market Samurai
Micro Niche Finder
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access database engine 2007 (English)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (3.1.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
Multiple File Search and Replace
muvee autoProducer 6.1
My HP Games
MyScript Notes
MySQL Connector/ODBC 3.51
MySQL Find and Replace Software 7.0
Niche Research Commando Ver 2.1.0
NVIDIA Drivers
PDF Settings CS5
Pixie 3.1 (remove only)
POP Peeper
Power Article Rewriter
Power2Go
PowerDirector
PPCDynamite
Press Equalizer 1.0.11
PressBot
Project Buzz v2.0
Proposal Kit - Pro
Proposal Kit - Pro V10.0
Proposal Pack Wizard - 1-2 Users V2.7
PSPad editor
PSSWCORE
Python 2.5
QuickTime
RadarSyncPZ
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
ResumeMaker Professional
Revo Uninstaller 1.91
Roxio Easy Media Creator 8 Suite
S3 Ripper 1.3
Sales Letters Creator
SAT
Search Automator Pro 2.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Seesmic Desktop
SEO Link Dominator - fast Indexer and Pinger
SEO PowerSuite
Skype™ 5.1
SnagIt 7
Snagit 9.1
Snapfish Picture Mover
Soap 3.0 Toolkit
Soft Data Fax Modem with SmartCP
Spyware Doctor 6.0
SQLQuery
Super Suggester 1.0.0
SUPERAntiSpyware Free Edition
Traffic Travis 3.3.10
TreeSize Free V2.3.3
trendfinder v2.01
TweetDeck
Universal Extractor 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Switch
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
WarriorPDF 5.0.0.614
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinWay Resume Deluxe
WordFlood (remove only)
WordFlood 2.0 (remove only)
Work Order 2x
XHeader
XHeader Bonus Download
Yahoo! Toolbar
ZipGenius 6 (6.0.3.1150)
.
==== End Of File ===========================

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 17th April 2011, 2:38 am


  1. Download ComboFix from below:

    [You must be registered and logged in to see this link.]


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs [You must be registered and logged in to see this link.]

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 17th April 2011, 6:32 pm

I have disabled my AVG but Combo fix says I have to take it off my machine for combo fix to run - I don't want to take off the only antivirus on my machine without confirming with you that I should as I will be completely unprotected.

Please let me know what to do
thanks

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 17th April 2011, 7:10 pm

ComboFix will not run until AVG is uninstalled as a protective measure. This is an issue with AVG. Lets's run this scan before we use ComboFix.

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review



Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 17th April 2011, 9:01 pm

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-17 14:58:04
-----------------------------
14:58:04.667 OS Version: Windows 6.0.6002 Service Pack 2
14:58:04.667 Number of processors: 4 586 0x202
14:58:04.670 ComputerName: SPIRIT-PC UserName: Spirit
14:59:09.031 Initialize success
14:59:16.261 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
14:59:16.266 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 6
14:59:18.296 Disk 0 MBR read successfully
14:59:18.302 Disk 0 MBR scan
14:59:20.331 Disk 0 scanning sectors +625136400
14:59:20.436 Disk 0 scanning C:\WINDOWS\system32\drivers
14:59:37.214 Service scanning
14:59:41.643 Disk 0 trace - called modules:
14:59:41.661 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys tcpip.sys NETIO.SYS
14:59:41.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2ca160]
14:59:41.675 3 CLASSPNP.SYS[8e9ab8b3] -> nt!IofCallDriver -> [0x89388f08]
14:59:41.682 5 acpi.sys[86a0f6bc] -> nt!IofCallDriver -> \Device\0000005b[0x89dc7c90]
14:59:41.690 Scan finished successfully

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 17th April 2011, 10:12 pm

aswMBR came back clean. Are you still having problems with this PC?




Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 18th April 2011, 12:15 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: GX612AA-A2L m8330f
Logical Drives Mask: 0x000003ec

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`1f07a000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Press ENTER to exit...

Above is my new MBR check - What happened if you look above at the first MBRcheck did I lose a 931 Gig Drive or what??

Kenny, I just wanted to say how great you have been and how fast you have responded has really been outstanding.

I am just going to turn y machine off and on and see what it is doing now.

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 18th April 2011, 12:30 am

Well I just turned on my machine and it went on just fine. Seems that I am cured. Its a miracle!! Thanks for all your help. Bow or Thanks

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 18th April 2011, 1:02 pm

Glad all is well. Few more things before I let you go.... I see you have Advanced SystemCare 3.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: [You must be registered and logged in to see this link.]

I suggest to remove the Advanced SystemCare 3 now, via Add or Remove programs. Smile

Please remove ComboFix off your Desktop and DDS.txt Attach.txt as well.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.], both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures

[You must be registered and logged in to see this link.]

Visit Microsoft's Windows Update Site Frequently - It is important that you visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[You must be registered and logged in to see this link.]- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] - Two good disc defragmenters for you to choose from to help speed up your computer.

[You must be registered and logged in to see this link.]




Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by MJ1 on 19th April 2011, 6:10 am

I have implemented several of your suggestions. Thanks.

Finally, I am just now going to hook up the hard drive that I had transfered files to whie the computer had a problem - what would be the best scan to do on my hard drive to make sure I don't get it back. As the original virus didn't show up with AVG and only with MBRcheck - how can I tell if it is infected?
Thanks

MJ1
Intermediate
Intermediate

Posts Posts : 66
Joined Joined : 2010-01-22
OS OS : Windows 8 64 bit
Points Points : 26056
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBR Code FAked - cant seem to fix it

Post by Kenny94 on 19th April 2011, 12:28 pm

The best way to scan the other hard drive is to a online scan:

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum