Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezing


  • This topic is locked This topic is locked
2 replies to this topic

#1 dyslecix

dyslecix

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 08 June 2011 - 01:24 AM

Hi I have many issues with my computer such as freezing, programs not launching (Especially AV), and many antivirus programs not scanning in safe mode, I have used every scan, antivirus and most of the people's recommendations in this forums and after not being able to get rid of the problem, I have come to the conclusion after running bootkit remover that I think it's a boot kit. When I run bootkit remover after the scan i get that it is "Unknown Boot Code" so I scan with MBRCheck and I get this log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS.0\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS.0\system32\hal.dll
0xB85A8000 \WINDOWS.0\system32\KDCOM.DLL
0xB84B8000 \WINDOWS.0\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS.0\system32\DRIVERS\WMILIB.SYS
0xB8328000 Partizan.sys
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS.0\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8330000 \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 intelide.sys
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AE000 dmload.sys
0xB7F23000 dmio.sys
0xB84BC000 ACPIEC.sys
0xB8671000 \WINDOWS.0\system32\DRIVERS\OPRGHDLR.SYS
0xB8338000 PartMgr.sys
0xB8340000 hotcore3.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB8118000 PxHelp20.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB7DEE000 Mup.sys
0xB6F94000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6F80000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6F58000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6F34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB6F11000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0xB85CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB6ED9000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6EB6000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8178000 \SystemRoot\system32\DRIVERS\serial.sys
0xB859C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB85A0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB8188000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8770000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB85A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8498000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6E8E000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB6E5E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8380000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6E00000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DB2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB81E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB471D000 \SystemRoot\system32\drivers\nvhda32.sys
0xB46F9000 \SystemRoot\system32\drivers\portcls.sys
0xB81F8000 \SystemRoot\system32\drivers\drmk.sys
0xB8208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB4075000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB8218000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0xB85E2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8768000 \SystemRoot\System32\Drivers\Null.SYS
0xB85E4000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83F0000 \SystemRoot\System32\drivers\vga.sys
0xB85E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83F8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8400000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4745000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3FF2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3F99000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3F73000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3F4B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3F29000 \SystemRoot\System32\drivers\afd.sys
0xB8238000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8248000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3EFE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8775000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB3E8E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8258000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8408000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB46D9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8278000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB46D1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8410000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB8288000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB3DA5000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB7BCA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8418000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB8298000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4065000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8420000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB874B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD413000 \SystemRoot\System32\ATMFD.DLL
0xB3CF9000 \??\C:\WINDOWS.0\system32\drivers\mbam.sys
0xB2FD8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2D4B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3068000 \SystemRoot\system32\drivers\sysaudio.sys
0xB86F7000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB2BB5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8468000 \??\C:\WINDOWS.0\system32\Drivers\regguard.sys
0xB8608000 \??\C:\Program Files\MSI Afterburner\RTCore32.sys
0xB2C0D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB26C1000 \SystemRoot\System32\Drivers\HTTP.sys
0xB185E000 \SystemRoot\system32\drivers\kmixer.sys
0xB1763000 \??\C:\WINDOWS.0\system32\drivers\rk_remover.sys
0x7C900000 \WINDOWS.0\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
776 C:\WINDOWS.0\system32\smss.exe
856 csrss.exe
892 C:\WINDOWS.0\system32\winlogon.exe
940 C:\WINDOWS.0\system32\services.exe
952 C:\WINDOWS.0\system32\lsass.exe
1112 C:\WINDOWS.0\system32\svchost.exe
1200 svchost.exe
1552 C:\WINDOWS.0\system32\svchost.exe
1684 svchost.exe
1956 C:\WINDOWS.0\system32\spoolsv.exe
472 C:\WINDOWS.0\explorer.exe
796 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
1264 C:\Program Files\Java\jre6\bin\jqs.exe
1292 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1348 C:\WINDOWS.0\system32\nvsvc32.exe
536 C:\WINDOWS.0\RTHDCPL.EXE
584 C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
620 C:\WINDOWS.0\system32\rundll32.exe
636 C:\Program Files\MSI Afterburner\MSIAfterburner.exe
1728 C:\Program Files\Logitech\SetPointP\SetPoint.exe
648 C:\Program Files\Unlocker\UnlockerAssistant.exe
2036 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
672 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
700 C:\Program Files\Common Files\Java\Java Update\jusched.exe
708 C:\Program Files\HDD Regenerator\HDD Regenerator.exe
748 C:\Program Files\Steam\steam.exe
844 C:\PROGRA~1\Greatis\REGRUN~1\watchdog.exe
864 C:\Program Files\HDD Regenerator\HDD Regenerator.exe
1504 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
2608 svchost.exe
3244 C:\WINDOWS.0\system32\svchost.exe
2132 C:\Program Files\Mozilla Firefox\firefox.exe
3648 C:\Program Files\Mozilla Firefox\plugin-container.exe
2992 C:\Documents and Settings\Administrator.ERIC-B717CE11D2\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000071`04700000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x000000ac`39859400 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive1 Model Number: ST3750640AS, Rev: 3.CHN

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 77FAC0B8A12A8FA01F9977882D41261898FB36E7
698 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


So after some research I have found that making a .bat file with this in it:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT


fixes the mbr, so after I launch this bat the remover comes up and says OK --- (DOS / WIN32 Boot Code Found) in green

But then after I restart it says the same error as before! Help what do i do :[

I also got this log with RegRun:


RegRun NTFS Checker 1.0.6
Processing C:\WINDOWS.0

C:\WINDOWS.0\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Type is JUNCTION
Final Destination:
C:\WINDOWS.0\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790


Failed to open:
C:\WINDOWS.0\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Error:5 Access is denied.


C:\WINDOWS.0\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a
Type is JUNCTION
Final Destination:
C:\WINDOWS.0\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

C:\WINDOWS.0\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35
Type is JUNCTION
Final Destination:
C:\WINDOWS.0\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5

Edited by dyslecix, 08 June 2011 - 01:28 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:20 PM

Posted 18 June 2011 - 10:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:20 PM

Posted 14 July 2011 - 09:43 AM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users