Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have the You Won Virus


  • Please log in to reply
1 reply to this topic

#1 Tom N

Tom N

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 05 August 2010 - 09:30 AM

I have the Congratulations You Won virus. I tried to follow the preperation guide but the GMER scan does not finish.

I did run the MRB check and have posted the results here.

Thank you for your assistance.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200001c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA328000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9E92000 iaStor.sys
0xBA330000 cercsr6.sys
0xB9E7A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E5A000 fltmgr.sys
0xB9E48000 sr.sys
0xBA118000 Lbd.sys
0xB9DF9000 SYMEFA.SYS
0xBA128000 PxHelp20.sys
0xB9DE2000 KSecDD.sys
0xB9DCF000 WudfPf.sys
0xB9D42000 Ntfs.sys
0xB9D15000 NDIS.sys
0xB9CFA000 snapman.sys
0xBA138000 sbp2port.sys
0xBA338000 pssnap.sys
0xB9CE0000 Mup.sys
0xB740A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB4DC2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB4DAE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB4D75000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA370000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB4D51000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA378000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB4D29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA298000 \SystemRoot\system32\DRIVERS\61883.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB4CF5000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB4CD2000 \SystemRoot\system32\DRIVERS\ks.sys
0xB4BD3000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB4B2C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA380000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA2B8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA598000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA288000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA388000 \SystemRoot\system32\drivers\InCDPass.sys
0xBA2E8000 \SystemRoot\system32\drivers\InCDRm.sys
0xBA390000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA6BB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA616000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CAB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB4B15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB51BD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA398000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB4B04000 \SystemRoot\system32\DRIVERS\psched.sys
0xB51AD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB519D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xBA602000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB4AA6000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C9B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB518D000 \SystemRoot\system32\DRIVERS\avc.sys
0xB9C87000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB9780000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xACF4A000 \SystemRoot\system32\DRIVERS\mafw.sys
0xA82D1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA668000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA2E7B000 \SystemRoot\system32\drivers\sthda.sys
0xA2E57000 \SystemRoot\system32\drivers\portcls.sys
0xAF1B8000 \SystemRoot\system32\drivers\drmk.sys
0xA3E35000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA61C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA38EF000 \SystemRoot\System32\Drivers\Null.SYS
0xBA632000 \SystemRoot\System32\Drivers\Beep.SYS
0xAFD45000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAFD3D000 \SystemRoot\System32\drivers\vga.sys
0xBA618000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA3E2D000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xA2E07000 \SystemRoot\system32\drivers\InCDFs.sys
0xAFD35000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAEA87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA3E29000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2DCC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2D73000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2D3F000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xA2D19000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2CF4000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xADFB9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xADFA9000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAEA7F000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xA2CDF000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xAEA77000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xA2C62000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2C40000 \SystemRoot\System32\drivers\afd.sys
0xADF99000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAEA6F000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xA2BAB000 \SystemRoot\System32\Drivers\UimFIO.SYS
0xADF89000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xADF79000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA2B89000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xAEA5F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA2B5E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA2AEE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2ABB000 \SystemRoot\system32\drivers\mfehidk.sys
0xADF69000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2A5D000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA2A40000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA29C5000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xA2983000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xB744A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9CCF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB24D1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA311D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB24C5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA28CC000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA222000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA478000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6AA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9A80000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0DF6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA0D95000 \SystemRoot\System32\Drivers\adfs.SYS
0xA04E0000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2817000 \SystemRoot\system32\drivers\sysaudio.sys
0xA0D49000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA027B000 \SystemRoot\system32\DRIVERS\srv.sys
0x9FDA3000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
0x9F9AA000 \SystemRoot\System32\Drivers\HTTP.sys
0x9F7EF000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0x9ECD1000 \SystemRoot\system32\drivers\kmixer.sys
0xBA630000 \SystemRoot\system32\DRIVERS\serscan.sys
0x9EAE4000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100804.040\NAVEX15.SYS
0x9EAD0000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100804.040\NAVENG.SYS
0x9EA7B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100804.001\IDSxpx86.sys
0x9F644000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
964 C:\WINDOWS\system32\smss.exe
1056 csrss.exe
1084 C:\WINDOWS\system32\winlogon.exe
1128 C:\WINDOWS\system32\services.exe
1168 C:\WINDOWS\system32\lsass.exe
1308 C:\WINDOWS\system32\svchost.exe
1388 svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1468 C:\WINDOWS\system32\svchost.exe
1576 svchost.exe
1600 svchost.exe
1644 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1748 C:\WINDOWS\system32\spoolsv.exe
1840 svchost.exe
1884 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1888 C:\WINDOWS\system32\svchost.exe
1976 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1992 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2032 C:\Program Files\Bonjour\mDNSResponder.exe
392 C:\WINDOWS\system32\svchost.exe
616 C:\WINDOWS\system32\svchost.exe
672 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
688 C:\WINDOWS\explorer.exe
708 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
756 C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
804 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
1040 C:\WINDOWS\system32\svchost.exe
1172 C:\WINDOWS\system32\nvsvc32.exe
2068 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2128 C:\WINDOWS\stsystra.exe
2160 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2288 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2312 C:\WINDOWS\system32\maFwTray.exe
2364 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2384 C:\WINDOWS\system32\ctfmon.exe
2416 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2464 C:\WINDOWS\system32\svchost.exe
2508 C:\Program Files\Macrium\Reflect\ReflectService.exe
2512 C:\Program Files\palmOne\HOTSYNC.EXE
2564 C:\WINDOWS\system32\svchost.exe
3540 unsecapp.exe
3652 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
3976 alg.exe
324 wmiprvse.exe
2440 C:\WINDOWS\system32\wuauclt.exe
3804 C:\WINDOWS\system32\wuauclt.exe
3880 C:\WINDOWS\system32\svchost.exe
1736 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
3448 C:\Documents and Settings\Tom Newhouse\Desktop\Recovery\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-00L9A0, Rev: 01.03E01
PhysicalDrive1 Model Number: SAMSUNGHD160JJ/P, Rev: ZM100-34

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 9654B01951421A0E9A1DC964E4BA1EC7CD703E5E
149 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 9654B01951421A0E9A1DC964E4BA1EC7CD703E5E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:12 AM

Posted 05 August 2010 - 02:28 PM

Hello,please start a new topic here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include your above posted MBR log.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users