Posted 02 January 2011 - 08:32 PM
Hello, this is a friends computer that was severely messed up.
Windows Vista SP2.
Initially windows refused to boot because of a missing driver component. I resolved that with a repair using the Vista boot disk.
Now that the system runs it is clear that this computer has been infected in some manner.
Naturally, before I got the machine all it had for protection was an expired copy of Norton Security.
Google Chrome fails to function. The program starts but no pages will load.
Internet Explorer functions but more often than not gets redirected.
Windows Update says it “Can't check for updates”.
After a small amount of time and usage all programs begin to fail to launch claiming that “The service cannot accept control messages at this time”.
I have regressed the system back one month using system restore. Probably not far enough and made little difference.
I have already scanned with MS Security Essentials and MBAM. Both found nothing. RootRepeal shows a very long list of files that are hidden and GMER shows possible tampering with the MBR (sector 00(MBR) Rootkit-like behavior; sector 10; sector 63 and sector 234441392(+255)).
I have used the repair console included on the Vista disk and ran BOOTREC /fixmbr and /fixboot and /rebuildbcd. Each time after a normal boot GMER still reports that same problems.
I don't mind re-installing the system to restore proper function but if its got an MBR infection isn't a re-install pointless?
Thanks for your attention.