Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot up - BSOD


  • This topic is locked This topic is locked
11 replies to this topic

#1 jclfc

jclfc

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 14 February 2011 - 07:45 AM

Hi there,

Having a really frustrating issue with my Dell Vostro 200 at the moment. I will try to explain in as much detail how the problem came about and what the issues are now.

Basically I cannot boot up my machine without getting a BSOD - whether it's normally or even in Safe Mode.

The problem began when I got some Malware on my machine and it would not allow me to open files off my second hard drive without giving an error message and saying I needed to download Windows something or other to defrag and repair the disk.

Much to my shame, it looked legit...but I quickly realised it wasn't. So I uninstalled the program and then tried to run Combo Fix to clean things up. I've used CF 100s of times before and never had an issue.

Anyway, CF asked if I wanted to update so I did and then it began doing its thing. However, an error message appeared saying there wasn't enough disk space to create a restore point and then it restarted and that's when the BSOD issue started.

The error is STOP: 0x0000007E and then it begins a crash dump, which takes a few seconds before the machine reboots.

I have tried reinstalling/repairing Vista from the CD but I am unable to run any of the options in the repair console such as System Restore etc.

Anyone have any ideas?

Edited by Orange Blossom, 14 February 2011 - 09:16 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:17 AM

Posted 14 February 2011 - 08:53 PM

Hi jclfc,

Welcome to Bleeping Computer. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more. Thank you.

Before going to restore the system I need to know if you have a x86 bit system or a x64 bit system.

#3 jclfc

jclfc
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 15 February 2011 - 10:26 AM

I think it is x64 bit system, but how can I tell for sure.

Before you replied, I reinstalled Vista and it moved all my files to a file called 'Windows.old'.

Is there anyway I can restore these files?

Also, the system is not picking up my spare hard disk, where the malware was originally found.

I will refrain from making any further changes until I hear back from you.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:17 AM

Posted 15 February 2011 - 05:38 PM

I can't say much about the restoring old files.

Also, the system is not picking up my spare hard disk, where the malware was originally found.

Could you tell me more about this? Which hard disk was infected and where was Windows installed and where the current Windows in installed.

Please download MiniToolBox and run it.

Press List Windows version, partitions and memory size button.
Click Go and then post the log (info.txt) it makes.

#5 jclfc

jclfc
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 February 2011 - 02:51 PM

Here you go - sorry for the delay, had trouble re-establishing connection.

Still not picking up my other hard disk.

MiniToolBox by Farbar
Ran by JC at 2011-02-18 19:50:40
Windows Vista ™ Ultimate (X86)

========================= Memory info ========================

Percentage of memory in use: 57%
Total physical RAM: 2036.56 MB
Available physical RAM: 865.81 MB
Total Pagefile: 4295.43 MB
Available Pagefile: 3073.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.6 MB

======================= Partitions ===========================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:4.27 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.68 GB) NTFS
3 Drive e: (BTHomeHub) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:17 AM

Posted 18 February 2011 - 04:28 PM

No worry about the delay. I see the information. :thumbup2:

But you forgot to give me feedback about the question I ask. Do I understand it correctly:?

You have two hard disks.
Both are connected.
The other one had a virus on it. But on that hard disk there was no Operating system (Windows).
The hard disk on which the operating system was installed got infected too and you couldn't boot any more to it.
You did a repair install, installing Windows without reformatting, on the current hard disk.
Now your other hard disk is not read.

Pleas tell me if I understand it correctly otherwise give detailed feedback.

#7 jclfc

jclfc
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 18 February 2011 - 04:42 PM

That is correct. My other hard disk - the one that got infected - is an IDE connected to a SATA motherboard.

See here: http://www.bleepingcomputer.com/forums/topic123549.html/page__view__findpost__p__699419__fromsearch__1

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:17 AM

Posted 18 February 2011 - 05:00 PM

Okay I got the picture. I'm not good in hardware issues but I can make sure the malware issue is ruled out.

  • Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run. When done it will open two logs:
      • DDS.txt
      • Attach.txt
    • Copy and paste the logs to your reply.
  • Please download MBRCheck by clicking here and save it to your desktop.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
    • Please post the contents of that file in your next reply.
  • Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked.
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.


#9 jclfc

jclfc
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 19 February 2011 - 11:20 AM

DDS (Ver_10-12-12.02) - NTFSx86
Run by JC at 16:16:42.91 on 19/02/2011
Internet Explorer: 7.0.6000.16512
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.44.1033.18.2037.937 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [BrowserChoice] "c:\windows\system32\browserchoice.exe" /run
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-02-19 15:42:58 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2011-02-19 15:42:31 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2011-02-19 15:42:31 223232 ----a-w- c:\windows\system32\WMASF.DLL
2011-02-19 15:42:31 2048 ----a-w- c:\windows\system32\asferror.dll
2011-02-19 15:42:07 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-02-19 15:41:28 7680 ----a-w- c:\windows\system32\lsass.exe
2011-02-19 15:41:28 72704 ----a-w- c:\windows\system32\secur32.dll
2011-02-19 15:41:27 25600 ----a-w- c:\windows\system32\amxread.dll
2011-02-19 15:41:27 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-02-19 15:41:27 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2011-02-19 15:40:53 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-02-19 15:40:53 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-02-19 15:40:52 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-02-19 15:40:15 97792 ----a-w- c:\windows\system32\cabview.dll
2011-02-19 15:39:42 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-02-19 15:39:42 37376 ----a-w- c:\windows\system32\printcom.dll
2011-02-19 15:39:09 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-02-19 15:37:56 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-02-19 15:37:56 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-02-19 15:37:17 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-19 15:37:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-19 15:37:17 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-19 15:36:28 515584 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-19 15:36:28 472576 ----a-w- c:\windows\system32\secproc.dll
2011-02-19 15:36:28 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-19 15:36:28 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-19 15:36:28 312320 ----a-w- c:\windows\system32\msdrm.dll
2011-02-19 15:36:28 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-19 15:36:28 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-19 15:36:27 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-19 15:36:27 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-19 15:35:50 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2011-02-19 15:35:50 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2011-02-19 15:35:50 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-02-19 15:35:20 558080 ----a-w- c:\windows\system32\oleaut32.dll
2011-02-19 15:35:00 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-19 15:35:00 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-19 15:34:40 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-02-19 15:34:08 269824 ----a-w- c:\windows\system32\schannel.dll
2011-02-19 15:10:46 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-02-19 15:10:43 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-02-19 15:10:43 1686528 ----a-w- c:\windows\system32\gameux.dll
2011-02-19 15:10:02 98816 ----a-w- c:\windows\system32\mfps.dll
2011-02-19 15:10:02 2855424 ----a-w- c:\windows\system32\mf.dll
2011-02-19 15:10:01 94720 ----a-w- c:\windows\system32\logagent.exe
2011-02-19 15:10:01 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-02-19 15:10:01 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-02-19 15:10:01 2048 ----a-w- c:\windows\system32\mferror.dll
2011-02-19 15:10:00 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-02-19 15:09:37 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-19 15:09:37 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-19 15:09:37 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-19 15:09:18 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-02-19 15:09:18 737792 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-19 15:08:52 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-02-19 15:08:29 1645568 ----a-w- c:\windows\system32\connect.dll
2011-02-19 15:08:04 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-19 15:07:22 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-19 15:07:21 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-19 15:07:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-19 15:05:33 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-19 15:05:07 274432 ----a-w- c:\windows\system32\raschap.dll
2011-02-19 15:05:07 232960 ----a-w- c:\windows\system32\rastls.dll
2011-02-19 15:04:32 321536 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-19 15:03:54 99840 ----a-w- c:\windows\system32\poqexec.exe
2011-02-19 14:58:23 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-02-19 14:58:23 1341440 ----a-w- c:\windows\system32\msxml6.dll
2011-02-19 14:56:40 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-02-19 14:56:40 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-02-19 14:56:40 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-02-19 14:56:39 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-02-19 14:56:39 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-02-19 14:56:39 1327616 ----a-w- c:\windows\system32\quartz.dll
2011-02-19 14:56:39 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-02-19 14:56:38 88576 ----a-w- c:\windows\system32\avifil32.dll
2011-02-19 14:56:38 31232 ----a-w- c:\windows\system32\msvidc32.dll
2011-02-19 14:56:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-02-19 14:55:40 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-02-19 14:54:35 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-02-19 14:54:32 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-02-19 14:54:32 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-02-19 14:54:32 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-02-19 14:54:31 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-02-19 14:54:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-02-19 14:54:31 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-02-19 14:54:24 311296 ----a-w- c:\windows\system32\unregmp2.exe
2011-02-19 14:54:24 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-02-18 19:40:11 2565432 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-18 19:39:52 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{46fb61ae-c0d8-4f0a-b0ed-b2fab3933f22}\mpengine.dll
2011-02-18 19:39:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-18 19:21:04 -------- d-----w- c:\program files\common files\Motive
2011-02-18 19:20:57 -------- d-----w- c:\program files\BT Broadband Desktop Help
2011-02-18 19:20:38 -------- d-----w- c:\program files\Citrix
2011-02-18 19:20:33 -------- d-----w- c:\program files\BTHomeHub
2011-02-18 19:04:46 -------- d-----w- c:\windows\system32\RTCOM
2011-02-18 19:03:19 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-02-18 19:03:08 315392 ----a-w- c:\windows\HideWin.exe
2011-02-18 19:03:02 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-02-18 19:03:01 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-02-18 19:03:00 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-02-18 19:03:00 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-02-18 19:03:00 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-02-18 19:02:59 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-02-18 19:02:58 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-02-18 19:02:24 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-18 19:00:13 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-18 18:58:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-18 18:58:18 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-18 18:52:28 -------- d-----w- C:\Dell Management Packs
2011-02-18 18:51:08 -------- d-sh--w- c:\windows\Installer
2011-02-18 15:37:59 -------- d-----w- c:\users\jc\appdata\local\MigWiz
2011-02-18 08:46:06 -------- d-----w- c:\windows\Panther
2011-02-18 08:45:13 -------- d-----w- c:\windows\system32\OEM
2011-02-18 08:19:20 -------- d-----w- C:\Windows.old.000
2011-02-14 21:08:01 -------- d-----w- C:\Windows.old
2011-02-13 20:29:49 -------- d-s---w- C:\ComboFix129504C

==================== Find3M ====================

2011-02-19 15:41:27 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-02-19 15:10:45 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-02-19 15:10:44 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-02-19 15:10:44 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-02-19 15:10:44 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-19 15:10:44 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

============= FINISH: 16:18:06.29 ===============

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 200
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 129):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80277000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8026E000 \SystemRoot\system32\PSHED.dll
0x80266000 \SystemRoot\system32\BOOTVID.dll
0x8022B000 \SystemRoot\system32\CLFS.SYS
0x8071F000 \SystemRoot\system32\CI.dll
0x806A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8021E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80661000 \SystemRoot\system32\drivers\acpi.sys
0x80215000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8020D000 \SystemRoot\system32\drivers\msisadrv.sys
0x8063C000 \SystemRoot\system32\drivers\pci.sys
0x8062D000 \SystemRoot\system32\drivers\volmgr.sys
0x8061D000 \SystemRoot\System32\drivers\mountmgr.sys
0x80206000 \SystemRoot\system32\drivers\pciide.sys
0x8060F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x81BB6000 \SystemRoot\System32\drivers\volmgrx.sys
0x80607000 \SystemRoot\system32\drivers\atapi.sys
0x81B98000 \SystemRoot\system32\drivers\ataport.SYS
0x81B67000 \SystemRoot\system32\drivers\fltmgr.sys
0x81B57000 \SystemRoot\system32\drivers\fileinfo.sys
0x81A53000 \SystemRoot\system32\drivers\ndis.sys
0x81A28000 \SystemRoot\system32\drivers\msrpc.sys
0x877C7000 \SystemRoot\system32\drivers\NETIO.SYS
0x876BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87655000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8761F000 \SystemRoot\system32\drivers\volsnap.sys
0x81A20000 \SystemRoot\System32\Drivers\spldr.sys
0x81A11000 \SystemRoot\System32\drivers\partmgr.sys
0x81A02000 \SystemRoot\System32\Drivers\mup.sys
0x879DB000 \SystemRoot\System32\drivers\ecache.sys
0x879B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8760E000 \SystemRoot\system32\drivers\disk.sys
0x87997000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87605000 \SystemRoot\system32\drivers\crcdisk.sys
0x89E08000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89E2F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89F9A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B7D5000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8A553000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x89E22000 \SystemRoot\System32\drivers\watchdog.sys
0x8A448000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8A43D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B777000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B685000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B67A000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B662000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B637000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D5C0000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B62C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B615000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B60A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B7B2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x883F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D5AD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D526000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8D517000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D50C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D501000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x887FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D4D7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A490000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D7CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x882AD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D74D000 \SystemRoot\system32\drivers\HdAudio.sys
0x8D720000 \SystemRoot\system32\drivers\portcls.sys
0x8D6FB000 \SystemRoot\system32\drivers\drmk.sys
0x89E80000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B709000 \SystemRoot\System32\Drivers\Null.SYS
0x8B710000 \SystemRoot\System32\Drivers\Beep.SYS
0x89E13000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D40B000 \SystemRoot\System32\drivers\vga.sys
0x8D6DA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89F2F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89F37000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D400000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D6AC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89E9B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D92F000 \SystemRoot\System32\drivers\tcpip.sys
0x8D693000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D67E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D66A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D623000 \SystemRoot\system32\drivers\afd.sys
0x8D8FD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D60D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D8EF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D8DC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D8A1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D437000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D84E000 \SystemRoot\system32\drivers\csc.sys
0x8D837000 \SystemRoot\System32\Drivers\dfsc.sys
0x89EB6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x882BD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x887F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x89F7F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D815000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x87802000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8ECBA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8EC87000 \SystemRoot\System32\Drivers\fastfat.SYS
0x93200000 \SystemRoot\System32\win32k.sys
0x8D44B000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D806000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA4800000 \SystemRoot\System32\TSDDD.dll
0xA4810000 \SystemRoot\System32\cdd.dll
0xA4A8F000 \SystemRoot\system32\drivers\luafv.sys
0xA4400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA6781000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA6698000 \SystemRoot\system32\drivers\HTTP.sys
0xA660C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA6BE7000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA6BD3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA6BB4000 \SystemRoot\system32\drivers\mrxdav.sys
0xA6B96000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6B5D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA6B4B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA6B27000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6ADB000 \SystemRoot\System32\DRIVERS\srv.sys
0xA6A4D000 \SystemRoot\system32\drivers\spsys.sys
0xA7522000 \SystemRoot\system32\drivers\peauth.sys
0x8D455000 \SystemRoot\System32\Drivers\secdrv.SYS
0x92A9B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6C3E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA7510000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x8B6DF000 \??\C:\Users\JC\AppData\Local\Temp\mbr.sys
0x77660000 \Windows\System32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
516 csrss.exe
560 csrss.exe
568 C:\Windows\System32\wininit.exe
624 C:\Windows\System32\winlogon.exe
636 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1588 C:\Windows\System32\spoolsv.exe
1612 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Common Files\Motive\McciCMService.exe
2036 C:\Windows\System32\svchost.exe
252 C:\Windows\System32\svchost.exe
276 C:\Windows\servicing\TrustedInstaller.exe
392 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\SearchIndexer.exe
1084 WUDFHost.exe
1368 C:\Windows\System32\taskeng.exe
3020 C:\Windows\System32\taskeng.exe
3048 C:\Windows\System32\dwm.exe
3076 C:\Windows\explorer.exe
3420 C:\Program Files\Windows Defender\MSASCui.exe
3428 C:\Windows\System32\igfxtray.exe
3436 C:\Windows\System32\hkcmd.exe
3456 C:\Windows\System32\igfxpers.exe
3476 C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
3496 C:\Program Files\Windows Sidebar\sidebar.exe
3756 C:\Windows\System32\igfxsrvc.exe
2616 C:\Program Files\Internet Explorer\ieuser.exe
3708 C:\Windows\System32\wuauclt.exe
2460 C:\Program Files\Internet Explorer\iexplore.exe
2580 C:\Program Files\Internet Explorer\iexplore.exe
2324 WmiPrvSE.exe
2744 C:\Windows\System32\VSSVC.exe
2504 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\SearchProtocolHost.exe
2696 C:\Windows\System32\SearchFilterHost.exe
2500 C:\Users\JC\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725025VLA380, Rev: V5DOA73A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#10 jclfc

jclfc
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 19 February 2011 - 12:47 PM

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-19 17:45:31
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725025VLA380 rev.V5DOA73A
Running: 2cjiin4q.exe; Driver: C:\Users\JC\AppData\Local\Temp\pxrdypoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C413A133-1F3B-41BF-BFB1-94702811B24F}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C413A133-1F3B-41BF-BFB1-94702811B24F}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C413A133-1F3B-41BF-BFB1-94702811B24F}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C413A133-1F3B-41BF-BFB1-94702811B24F}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C413A133-1F3B-41BF-BFB1-94702811B24F}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {C413A133-1F3B-41BF-BFB1-94702811B24F}

---- EOF - GMER 1.0.15 ----

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:17 AM

Posted 20 February 2011 - 08:06 AM

The logs look clean. :thumbup2:

However the old HD is not read by MBRCheck too and that something I can assist you with. I suggest you seek assistance in hardware forums.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:17 AM

Posted 27 February 2011 - 01:34 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users