Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't run msconfig and some programs or files need administrator even though I am the administrator on vista home basic


  • This topic is locked This topic is locked
46 replies to this topic

#1 Bledi

Bledi

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 August 2011 - 08:50 AM

Hey i have this problem msconfig recently disapeared from run command and i can't run it, also certain programs tell me i need to run as administrator to have permission but even when i try it won't let me doi it. i tried to run combofix before but it told me needed admin permission to fully complete or it will be uncomleted. And also when i run combofix even i am in safemode and all the antiviruses are disabled my real tome norton scanners are still on and i don't know how to stop them i think i might have some malware or virus or spyware that i don't know what it is.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by angelo at 12:32:47 on 2011-08-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.1982.835 [GMT 2:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Users\angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = http=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ooVoo.exe] c:\program files\oovoo\ooVoo.exe /minimized
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{21CB1D16-A861-4EE1-9FA1-DA4289837B52} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\angelo\appdata\roaming\mozilla\firefox\profiles\abqtomhh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\angelo\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-12-27 40560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-10 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-16 815736]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\ipsdefs\20110819.030\IDSvix86.sys [2011-8-20 367736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-10 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-10 331384]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-31 352656]
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-17 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-8 366640]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\autodesk\inventor 2011\moldflow\bin\mitsijm.exe [2010-1-22 462336]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-10 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-1 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-8 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 135664]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-8-7 384752]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-08-11 15:37:26 -------- d-----w- c:\users\angelo\.gimp-2.6
2011-08-11 15:35:15 -------- d-----w- c:\program files\GIMP-2.0
2011-08-05 17:33:06 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-05 17:33:03 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-05 17:33:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-03 20:23:23 -------- d--h--w- c:\users\angelo\InstallAnywhere
2011-07-31 20:23:46 -------- d-----w- c:\programdata\IObit
2011-07-31 19:57:56 -------- d-----w- c:\users\angelo\appdata\roaming\IObit
2011-07-31 19:57:52 -------- d-----w- c:\program files\IObit
2011-07-23 15:14:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-23 15:14:43 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-07-10 06:37:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-06-09 13:10:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 12.36.30,01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 25 August 2011 - 08:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415281 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 29 August 2011 - 06:22 PM

Hey Once again it is me the same guy with the same problem. I did whatever you requested me to do and have a brandnew dds.script and gmer scans so to refresh you here is my problem. MSCONFIG is disapeared from my pc and also when i tried to run \combofix on safemode it tells me that i need administrator rights which i am fully. So to further continue i cant seem to stop the realtime scaner of my norton firewall an AV when i trie to run combofix..Can i get help withthat too, I think my Pc is been infected some how can you please help break this problems one by one.Thank you


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by angelo at 22:40:57 on 2011-08-29
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.1982.867 [GMT 2:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = http=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ooVoo.exe] c:\program files\oovoo\ooVoo.exe /minimized
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{21CB1D16-A861-4EE1-9FA1-DA4289837B52} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\angelo\appdata\roaming\mozilla\firefox\profiles\abqtomhh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\angelo\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-12-27 40560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-10 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-10 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-16 815736]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\ipsdefs\20110826.030\IDSvix86.sys [2011-8-27 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-10 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-10 331384]
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-17 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-8 366640]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\autodesk\inventor 2011\moldflow\bin\mitsijm.exe [2010-1-22 462336]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-10 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-1 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-8 22712]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-31 352656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 135664]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-8-7 384752]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-08-05 17:33:06 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-05 17:33:03 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-05 17:33:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-03 20:23:23 -------- d--h--w- c:\users\angelo\InstallAnywhere
2011-07-31 20:23:46 -------- d-----w- c:\programdata\IObit
2011-07-31 19:57:56 -------- d-----w- c:\users\angelo\appdata\roaming\IObit
2011-07-31 19:57:52 -------- d-----w- c:\program files\IObit
.
==================== Find3M ====================
.
2011-07-10 06:37:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-06-09 13:10:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 22.43.47,41 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 AM

Posted 30 August 2011 - 06:50 PM

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 31 August 2011 - 06:14 AM

Here man i posted what you requested. Let me know, thanx



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-31 13:09:09
-----------------------------
13:09:09.375 OS Version: Windows 6.0.6002 Service Pack 2
13:09:09.375 Number of processors: 2 586 0x6801
13:09:09.381 ComputerName: PC-ANGELO UserName: angelo
13:09:10.349 Initialize success
13:09:16.632 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
13:09:16.641 Disk 0 Vendor: WDC_WD1200BEVS-60UST0 01.01A01 Size: 114473MB BusType: 3
13:09:18.661 Disk 0 MBR read successfully
13:09:18.671 Disk 0 MBR scan
13:09:18.681 Disk 0 unknown MBR code
13:09:18.699 Disk 0 scanning sectors +234436545
13:09:18.771 Disk 0 scanning C:\Windows\system32\drivers
13:09:33.407 Service scanning
13:09:36.213 Modules scanning
13:09:47.156 Disk 0 trace - called modules:
13:09:47.204 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ndis.sys nvmfdx32.sys dxgkrnl.sys nvlddmkm.sys
13:09:47.220 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856d9780]
13:09:47.236 3 CLASSPNP.SYS[885a98b3] -> nt!IofCallDriver -> [0x85599918]
13:09:47.254 5 acpi.sys[82a0e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84804440]
13:09:47.716 Scan finished successfully
13:10:10.925 Disk 0 MBR has been saved successfully to "C:\Users\angelo\Desktop\MBR.dat"
13:10:10.949 The log file has been saved successfully to "C:\Users\angelo\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 AM

Posted 31 August 2011 - 04:54 PM

We need to check the unknown MBR that aswMBR reports

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 01 September 2011 - 07:48 AM

Here it is

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario F700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 166):
0x82439000 \SystemRoot\system32\ntkrnlpa.exe
0x82406000 \SystemRoot\system32\hal.dll
0x80601000 \SystemRoot\system32\kdcom.dll
0x80608000 \SystemRoot\system32\PSHED.dll
0x80619000 \SystemRoot\system32\BOOTVID.dll
0x80621000 \SystemRoot\system32\CLFS.SYS
0x80662000 \SystemRoot\system32\CI.dll
0x80742000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807B3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A0A000 \SystemRoot\system32\drivers\acpi.sys
0x82A50000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82A59000 \SystemRoot\system32\drivers\msisadrv.sys
0x82A61000 \SystemRoot\system32\drivers\pci.sys
0x82A88000 \SystemRoot\System32\drivers\partmgr.sys
0x82A97000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82A9A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82AA4000 \SystemRoot\system32\drivers\volmgr.sys
0x82AB3000 \SystemRoot\System32\drivers\volmgrx.sys
0x82AFD000 \SystemRoot\system32\drivers\pciide.sys
0x82B04000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B12000 \SystemRoot\System32\drivers\mountmgr.sys
0x82B22000 \SystemRoot\system32\drivers\atapi.sys
0x82B2A000 \SystemRoot\system32\drivers\ataport.SYS
0x82B48000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B7A000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMDS.SYS
0x82BD1000 \SystemRoot\system32\drivers\fileinfo.sys
0x87E00000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMEFA.SYS
0x87EBB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88001000 \SystemRoot\system32\drivers\ndis.sys

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 AM

Posted 01 September 2011 - 05:21 PM

The log hasn't been fully copied. Can you rerun it and make sure the whole log is highlighted. :)
Posted Image
m0le is a proud member of UNITE

#9 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 02 September 2011 - 04:15 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario F700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 166):
0x8243B000 \SystemRoot\system32\ntkrnlpa.exe
0x82408000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\PSHED.dll
0x80620000 \SystemRoot\system32\BOOTVID.dll
0x80628000 \SystemRoot\system32\CLFS.SYS
0x80669000 \SystemRoot\system32\CI.dll
0x80749000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807BA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A09000 \SystemRoot\system32\drivers\acpi.sys
0x82A4F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82A58000 \SystemRoot\system32\drivers\msisadrv.sys
0x82A60000 \SystemRoot\system32\drivers\pci.sys
0x82A87000 \SystemRoot\System32\drivers\partmgr.sys
0x82A96000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82A99000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82AA3000 \SystemRoot\system32\drivers\volmgr.sys
0x82AB2000 \SystemRoot\System32\drivers\volmgrx.sys
0x82AFC000 \SystemRoot\system32\drivers\pciide.sys
0x82B03000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B11000 \SystemRoot\System32\drivers\mountmgr.sys
0x82B21000 \SystemRoot\system32\drivers\atapi.sys
0x82B29000 \SystemRoot\system32\drivers\ataport.SYS
0x82B47000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B79000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMDS.SYS
0x82BD0000 \SystemRoot\system32\drivers\fileinfo.sys
0x87E02000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMEFA.SYS
0x87EBD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88003000 \SystemRoot\system32\drivers\ndis.sys
0x8810E000 \SystemRoot\system32\drivers\msrpc.sys
0x88139000 \SystemRoot\system32\drivers\NETIO.SYS
0x88204000 \SystemRoot\System32\drivers\tcpip.sys
0x882EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88518000 \SystemRoot\system32\drivers\volsnap.sys
0x88551000 \SystemRoot\System32\Drivers\spldr.sys
0x88559000 \SystemRoot\System32\Drivers\mup.sys
0x88568000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8856D000 \SystemRoot\System32\drivers\ecache.sys
0x88594000 \SystemRoot\system32\drivers\disk.sys
0x885A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x885EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88309000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88312000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x885FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88400000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88322000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88332000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88339000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88403000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88342000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8834C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8838A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88399000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x883A0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x883B8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x87F2E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91209000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x9140A000 \SystemRoot\system32\DRIVERS\athr.sys
0x91607000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91D39000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91DD9000 \SystemRoot\System32\drivers\watchdog.sys
0x91DE5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91DF8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9152F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9153A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91DFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91575000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91580000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x915AF000 \SystemRoot\system32\DRIVERS\storport.sys
0x915F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9130A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91321000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9132C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9134F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9135E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91372000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91387000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91397000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x913B4000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x91600000 \SystemRoot\system32\DRIVERS\swenum.sys
0x883BE000 \SystemRoot\system32\DRIVERS\ks.sys
0x91400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x913DA000 \SystemRoot\system32\DRIVERS\UimBus.sys
0x88174000 \SystemRoot\System32\Drivers\Uim_IM.sys
0x87FBB000 \SystemRoot\System32\Drivers\UimFIO.SYS
0x913E1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x913EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x807C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x883E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x881CD000 \SystemRoot\system32\drivers\CHDRT32.sys
0x92003000 \SystemRoot\system32\drivers\portcls.sys
0x92030000 \SystemRoot\system32\drivers\drmk.sys
0x92055000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x92093000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x92200000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x922B5000 \SystemRoot\system32\drivers\modem.sys
0x922C2000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
0x92348000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9235F000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
0x92383000 \SystemRoot\System32\Drivers\usbvideo.sys
0x923A4000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
0x923AF000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x92C08000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110901.002\NAVEX15.SYS
0x92D88000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110901.002\NAVENG.SYS
0x92D9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x92DA5000 \SystemRoot\System32\Drivers\Null.SYS
0x92DAC000 \SystemRoot\System32\Drivers\Beep.SYS
0x92DB3000 \SystemRoot\System32\drivers\vga.sys
0x92DBF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92DE0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92DE8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92DF0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x923D5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x923E3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92196000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92E03000 \SystemRoot\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
0x92E5C000 \SystemRoot\system32\DRIVERS\smb.sys
0x92E70000 \SystemRoot\system32\drivers\afd.sys
0x92EB8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92EEA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92F00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92F0E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92F21000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x92F41000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x92F48000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92F84000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92F8E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110831.030\IDSvix86.sys
0x92FEC000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x96808000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x96866000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x96884000 \SystemRoot\System32\Drivers\dfsc.sys
0x9689B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
0x96966000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96973000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9697E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA3020000 \SystemRoot\System32\win32k.sys
0x96986000 \SystemRoot\System32\drivers\Dxapi.sys
0x96990000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA3240000 \SystemRoot\System32\TSDDD.dll
0xA3260000 \SystemRoot\System32\cdd.dll
0xA3270000 \SystemRoot\System32\ATMFD.DLL
0x9699F000 \SystemRoot\system32\drivers\luafv.sys
0x969C2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x969D2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92FF1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x923EC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA807000 \SystemRoot\system32\drivers\spsys.sys
0xAA8B7000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA8D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA8E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA904000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA93D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA96D000 \SystemRoot\system32\drivers\HTTP.sys
0xAA9DA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3807000 \SystemRoot\system32\drivers\peauth.sys
0xB38E7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB38F1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB390E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB391A000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB3922000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB394A000 \SystemRoot\System32\DRIVERS\srv.sys
0xB3999000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB39AF000 \??\C:\Windows\system32\drivers\mbam.sys
0x77930000 \WINDOWS\System32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
420 C:\WINDOWS\System32\smss.exe
552 csrss.exe
604 csrss.exe
612 C:\WINDOWS\System32\wininit.exe
644 C:\WINDOWS\System32\winlogon.exe
688 C:\WINDOWS\System32\services.exe
704 C:\WINDOWS\System32\lsass.exe
712 C:\WINDOWS\System32\lsm.exe
868 C:\WINDOWS\System32\svchost.exe
912 C:\WINDOWS\System32\nvvsvc.exe
944 C:\WINDOWS\System32\svchost.exe
1080 C:\WINDOWS\System32\svchost.exe
1128 C:\WINDOWS\System32\svchost.exe
1140 C:\WINDOWS\System32\svchost.exe
1240 C:\WINDOWS\System32\audiodg.exe
1260 C:\WINDOWS\System32\svchost.exe
1276 C:\WINDOWS\System32\SLsvc.exe
1332 C:\WINDOWS\System32\rundll32.exe
1348 C:\WINDOWS\System32\svchost.exe
1472 C:\WINDOWS\System32\svchost.exe
1764 C:\WINDOWS\System32\svchost.exe
1812 C:\WINDOWS\System32\taskeng.exe
1840 C:\WINDOWS\explorer.exe
1888 C:\WINDOWS\System32\taskeng.exe
268 C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
520 C:\WINDOWS\System32\rundll32.exe
556 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
540 C:\Program Files\ooVoo\ooVoo.exe
1880 C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
1672 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2036 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1028 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1800 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2044 C:\WINDOWS\System32\SearchIndexer.exe
684 C:\WINDOWS\System32\drivers\XAudio.exe
2060 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2720 C:\WINDOWS\System32\svchost.exe
3748 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3764 C:\WINDOWS\System32\wuauclt.exe
4012 C:\WINDOWS\System32\taskeng.exe
2420 C:\WINDOWS\System32\conime.exe
3220 C:\WINDOWS\System32\SearchProtocolHost.exe
3324 C:\WINDOWS\System32\SearchFilterHost.exe
2820 C:\Users\angelo\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`37cee000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 AM

Posted 02 September 2011 - 05:49 PM

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#11 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 03 September 2011 - 01:34 PM

what does that mean man?? and who rewrote it, thanks man

#12 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 03 September 2011 - 02:23 PM

here it is what you requested


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario F700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 167):
0x8240F000 \SystemRoot\system32\ntkrnlpa.exe
0x827C9000 \SystemRoot\system32\hal.dll
0x8060E000 \SystemRoot\system32\kdcom.dll
0x80615000 \SystemRoot\system32\PSHED.dll
0x80626000 \SystemRoot\system32\BOOTVID.dll
0x8062E000 \SystemRoot\system32\CLFS.SYS
0x8066F000 \SystemRoot\system32\CI.dll
0x8074F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A0D000 \SystemRoot\system32\drivers\acpi.sys
0x82A53000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82A5C000 \SystemRoot\system32\drivers\msisadrv.sys
0x82A64000 \SystemRoot\system32\drivers\pci.sys
0x82A8B000 \SystemRoot\System32\drivers\partmgr.sys
0x82A9A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82A9D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82AA7000 \SystemRoot\system32\drivers\volmgr.sys
0x82AB6000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B00000 \SystemRoot\system32\drivers\pciide.sys
0x82B07000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B15000 \SystemRoot\System32\drivers\mountmgr.sys
0x82B25000 \SystemRoot\system32\drivers\atapi.sys
0x82B2D000 \SystemRoot\system32\drivers\ataport.SYS
0x82B4B000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B7D000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMDS.SYS
0x82BD4000 \SystemRoot\system32\drivers\fileinfo.sys
0x87E0C000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMEFA.SYS
0x87EC7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88002000 \SystemRoot\system32\drivers\ndis.sys
0x8810D000 \SystemRoot\system32\drivers\msrpc.sys
0x88138000 \SystemRoot\system32\drivers\NETIO.SYS
0x88202000 \SystemRoot\System32\drivers\tcpip.sys
0x882EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88518000 \SystemRoot\system32\drivers\volsnap.sys
0x88551000 \SystemRoot\System32\Drivers\spldr.sys
0x88559000 \SystemRoot\System32\Drivers\mup.sys
0x88568000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8856D000 \SystemRoot\System32\drivers\ecache.sys
0x88594000 \SystemRoot\system32\drivers\disk.sys
0x885A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x885EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88307000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88310000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x885FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88400000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88320000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88330000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88337000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88403000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88340000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8834A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88397000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x8839E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x883B6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x88173000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F20C000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8F60D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FA06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90138000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x901D8000 \SystemRoot\System32\drivers\watchdog.sys
0x901E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x901F7000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F732000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F73D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x901FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F778000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F783000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F7B2000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F7F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F30D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F324000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F347000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F356000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F36A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F37F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F38F000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8F3AC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x901FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F3D2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x883BC000 \SystemRoot\system32\DRIVERS\UimBus.sys
0x87F38000 \SystemRoot\System32\Drivers\Uim_IM.sys
0x883C3000 \SystemRoot\System32\Drivers\UimFIO.SYS
0x87F91000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87F9E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x87FA7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87FDC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91407000 \SystemRoot\system32\drivers\CHDRT32.sys
0x9143A000 \SystemRoot\system32\drivers\portcls.sys
0x91467000 \SystemRoot\system32\drivers\drmk.sys
0x9148C000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x914CA000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9180B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x918C0000 \SystemRoot\system32\drivers\modem.sys
0x918CD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x918E4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91905000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
0x9198B000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
0x919AF000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
0x919BA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x9260A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110903.002\NAVEX15.SYS
0x9278A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110903.002\NAVENG.SYS
0x9279E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x927A7000 \SystemRoot\System32\Drivers\Null.SYS
0x927AE000 \SystemRoot\System32\Drivers\Beep.SYS
0x927B5000 \SystemRoot\System32\drivers\vga.sys
0x927C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x927E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x927EA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x927F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x919E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x915CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93607000 \SystemRoot\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
0x93660000 \SystemRoot\system32\DRIVERS\smb.sys
0x93674000 \SystemRoot\system32\drivers\afd.sys
0x936BC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x936EE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93704000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93712000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93725000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x93745000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9374C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93788000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93792000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110902.030\IDSvix86.sys
0x937F0000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x94C07000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x94C65000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x94C83000 \SystemRoot\System32\Drivers\dfsc.sys
0x94C9A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
0x94D65000 \SystemRoot\System32\Drivers\crashdmp.sys
0x94D72000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x94D7D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA2020000 \SystemRoot\System32\win32k.sys
0x94D85000 \SystemRoot\System32\drivers\Dxapi.sys
0x94D8F000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA2240000 \SystemRoot\System32\TSDDD.dll
0xA2260000 \SystemRoot\System32\cdd.dll
0xA2270000 \SystemRoot\System32\ATMFD.DLL
0x94D9E000 \SystemRoot\system32\drivers\luafv.sys
0x94DC1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94DD1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x937F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x915E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAE06000 \SystemRoot\system32\drivers\spsys.sys
0xAAEB6000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAECF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAAEE4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAF03000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAF3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAAF6C000 \SystemRoot\system32\drivers\HTTP.sys
0xAAFD9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB1C09000 \SystemRoot\system32\drivers\peauth.sys
0xB1CE7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB1CF1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB1D0E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB1D1A000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB1D22000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB1D4A000 \SystemRoot\system32\drivers\MSPQM.sys
0xB1D4C000 \SystemRoot\System32\DRIVERS\srv.sys
0xB1D9B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB1DB1000 \??\C:\Windows\system32\drivers\mbam.sys
0x77040000 \WINDOWS\System32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
420 C:\WINDOWS\System32\smss.exe
488 csrss.exe
540 csrss.exe
548 C:\WINDOWS\System32\wininit.exe
580 C:\WINDOWS\System32\winlogon.exe
624 C:\WINDOWS\System32\services.exe
640 C:\WINDOWS\System32\lsass.exe
648 C:\WINDOWS\System32\lsm.exe
796 C:\WINDOWS\System32\svchost.exe
852 C:\WINDOWS\System32\nvvsvc.exe
884 C:\WINDOWS\System32\svchost.exe
1016 C:\WINDOWS\System32\svchost.exe
1076 C:\WINDOWS\System32\svchost.exe
1088 C:\WINDOWS\System32\svchost.exe
1168 C:\WINDOWS\System32\audiodg.exe
1192 C:\WINDOWS\System32\svchost.exe
1208 C:\WINDOWS\System32\SLsvc.exe
1272 C:\WINDOWS\System32\rundll32.exe
1304 C:\WINDOWS\System32\svchost.exe
1416 C:\WINDOWS\System32\svchost.exe
1704 C:\WINDOWS\System32\svchost.exe
1748 C:\WINDOWS\System32\taskeng.exe
1756 C:\WINDOWS\explorer.exe
1852 C:\WINDOWS\System32\taskeng.exe
2020 C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
288 C:\WINDOWS\System32\rundll32.exe
312 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
1576 C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
1724 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1220 C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
988 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
476 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1812 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
292 C:\WINDOWS\System32\SearchIndexer.exe
2040 C:\WINDOWS\System32\drivers\XAudio.exe
1964 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2564 C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
3076 dllhost.exe
3280 C:\WINDOWS\System32\svchost.exe
3692 C:\WINDOWS\System32\notepad.exe
2848 C:\Users\angelo\Downloads\MBRCheck.exe
2536 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
444 C:\WINDOWS\System32\SearchProtocolHost.exe
2508 C:\WINDOWS\System32\SearchFilterHost.exe
3944 C:\WINDOWS\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`37cee000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 AM

Posted 03 September 2011 - 08:38 PM

The Master Boot Record is a type of boot sector. It holds the details of how the harddrive has been divided up. It contains the first code loaded and executed from the drive during the boot process and it can be rewritten by malicious software so that it is the malware that loads first and that gives it the edge.

The MBRCheck fix failed so we will now use a stronger tool

  • Download NTBR_CD by noahdfear to the desktop.
  • Click on the NTBR_CD.exe to extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 1 to select MBRWORK then hit Enter

    This screen will show the hard drive configuration.
    Posted Image
  • Type 5 to Install standard MBR code then hit Enter
  • Type 1 to select Standard then hit Enter
  • Type Y then hit Enter to confirm
  • Type E then hit Enter to exit
  • Back at the menu, type 6 to Quit.
  • Press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.

Posted Image
m0le is a proud member of UNITE

#14 Bledi

Bledi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 04 September 2011 - 09:08 AM

Hey check this out, I did as you asked me but now i have an XP mbr code here is the MBRcheck:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario F700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 166):
0x82405000 \SystemRoot\system32\ntkrnlpa.exe
0x827BF000 \SystemRoot\system32\hal.dll
0x8060A000 \SystemRoot\system32\kdcom.dll
0x80611000 \SystemRoot\system32\PSHED.dll
0x80622000 \SystemRoot\system32\BOOTVID.dll
0x8062A000 \SystemRoot\system32\CLFS.SYS
0x8066B000 \SystemRoot\system32\CI.dll
0x8074B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807BC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A0E000 \SystemRoot\system32\drivers\acpi.sys
0x82A54000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82A5D000 \SystemRoot\system32\drivers\msisadrv.sys
0x82A65000 \SystemRoot\system32\drivers\pci.sys
0x82A8C000 \SystemRoot\System32\drivers\partmgr.sys
0x82A9B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82A9E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82AA8000 \SystemRoot\system32\drivers\volmgr.sys
0x82AB7000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B01000 \SystemRoot\system32\drivers\pciide.sys
0x82B08000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B16000 \SystemRoot\System32\drivers\mountmgr.sys
0x82B26000 \SystemRoot\system32\drivers\atapi.sys
0x82B2E000 \SystemRoot\system32\drivers\ataport.SYS
0x82B4C000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B7E000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMDS.SYS
0x82BD5000 \SystemRoot\system32\drivers\fileinfo.sys
0x87E0E000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMEFA.SYS
0x87EC9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88002000 \SystemRoot\system32\drivers\ndis.sys
0x8810D000 \SystemRoot\system32\drivers\msrpc.sys
0x88138000 \SystemRoot\system32\drivers\NETIO.SYS
0x8820C000 \SystemRoot\System32\drivers\tcpip.sys
0x882F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88402000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88512000 \SystemRoot\system32\drivers\volsnap.sys
0x8854B000 \SystemRoot\System32\Drivers\spldr.sys
0x88553000 \SystemRoot\System32\Drivers\mup.sys
0x88562000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x88567000 \SystemRoot\System32\drivers\ecache.sys
0x8858E000 \SystemRoot\system32\drivers\disk.sys
0x8859F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x885E9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885F4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88311000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88321000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x885FD000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88325000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88335000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8833C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88345000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88348000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88352000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88390000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8839F000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x883A6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x883BE000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x88173000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F401000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8F800000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FA09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9013B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x901DB000 \SystemRoot\System32\drivers\watchdog.sys
0x901E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x901FA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F925000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F930000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F96B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F976000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F9A5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F9E6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F502000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F9F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F519000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F53C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F54B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F55F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F574000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F584000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8F5A1000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8FA02000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F5C7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F5F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x883C4000 \SystemRoot\system32\DRIVERS\UimBus.sys
0x87F3A000 \SystemRoot\System32\Drivers\Uim_IM.sys
0x87F93000 \SystemRoot\System32\Drivers\UimFIO.SYS
0x883CB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x883D8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x807CA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x883E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91607000 \SystemRoot\system32\drivers\CHDRT32.sys
0x9163A000 \SystemRoot\system32\drivers\portcls.sys
0x91667000 \SystemRoot\system32\drivers\drmk.sys
0x9168C000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x916CA000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91A03000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x91AB8000 \SystemRoot\system32\drivers\modem.sys
0x91AC5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91ADC000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91AFD000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
0x91B83000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
0x91BA7000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
0x91BB2000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x92601000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110903.002\NAVEX15.SYS
0x92781000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110903.002\NAVENG.SYS
0x92795000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9279E000 \SystemRoot\System32\Drivers\Null.SYS
0x927A5000 \SystemRoot\System32\Drivers\Beep.SYS
0x927AC000 \SystemRoot\System32\drivers\vga.sys
0x927B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x927D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x927E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x927E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91BD8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x927F4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91BE6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93202000 \SystemRoot\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
0x9325B000 \SystemRoot\system32\DRIVERS\smb.sys
0x9326F000 \SystemRoot\system32\drivers\afd.sys
0x932B7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x932E9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x932FF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9330D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93320000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x93340000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x93347000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93383000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9338D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110902.030\IDSvix86.sys
0x933EB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x96207000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x96265000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x96283000 \SystemRoot\System32\Drivers\dfsc.sys
0x9629A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
0x96365000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9637B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96388000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x96393000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA22C0000 \SystemRoot\System32\win32k.sys
0x9639B000 \SystemRoot\System32\drivers\Dxapi.sys
0x963A5000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA24E0000 \SystemRoot\System32\TSDDD.dll
0xA2500000 \SystemRoot\System32\cdd.dll
0xA2510000 \SystemRoot\System32\ATMFD.DLL
0x963B4000 \SystemRoot\system32\drivers\luafv.sys
0x963D7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x917CD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x963E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x885C9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA920E000 \SystemRoot\system32\drivers\spsys.sys
0xA92BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA92D7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA92EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA930B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9344000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9374000 \SystemRoot\system32\drivers\HTTP.sys
0xA93E1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB0605000 \SystemRoot\system32\drivers\peauth.sys
0xB06E3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB06ED000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB070A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0716000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB071E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB0746000 \SystemRoot\System32\DRIVERS\srv.sys
0xB0795000 \SystemRoot\system32\drivers\MSPQM.sys
0x77B20000 \WINDOWS\System32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
420 C:\WINDOWS\System32\smss.exe
516 csrss.exe
568 csrss.exe
576 C:\WINDOWS\System32\wininit.exe
616 C:\WINDOWS\System32\winlogon.exe
652 C:\WINDOWS\System32\services.exe
668 C:\WINDOWS\System32\lsass.exe
676 C:\WINDOWS\System32\lsm.exe
832 C:\WINDOWS\System32\svchost.exe
876 C:\WINDOWS\System32\nvvsvc.exe
908 C:\WINDOWS\System32\svchost.exe
1040 C:\WINDOWS\System32\svchost.exe
1068 C:\WINDOWS\System32\svchost.exe
1088 C:\WINDOWS\System32\svchost.exe
1200 C:\WINDOWS\System32\audiodg.exe
1220 C:\WINDOWS\System32\svchost.exe
1240 C:\WINDOWS\System32\SLsvc.exe
1288 C:\WINDOWS\System32\rundll32.exe
1304 C:\WINDOWS\System32\svchost.exe
1396 C:\WINDOWS\System32\svchost.exe
1712 C:\WINDOWS\System32\svchost.exe
1748 C:\WINDOWS\System32\taskeng.exe
1800 C:\WINDOWS\explorer.exe
1844 C:\WINDOWS\System32\taskeng.exe
2036 C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
428 C:\WINDOWS\System32\rundll32.exe
524 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
644 C:\Program Files\ooVoo\ooVoo.exe
1680 C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
1720 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1676 C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
1000 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
356 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
412 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1508 C:\WINDOWS\System32\SearchIndexer.exe
332 C:\WINDOWS\System32\drivers\XAudio.exe
820 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2736 C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
2928 dllhost.exe
3712 C:\WINDOWS\System32\svchost.exe
2056 C:\Users\angelo\Downloads\MBRCheck.exe
2776 C:\WINDOWS\System32\SearchProtocolHost.exe
2060 C:\WINDOWS\System32\SearchFilterHost.exe
3164 C:\WINDOWS\System32\conime.exe
2684 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1772 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`37cee000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 AM

Posted 04 September 2011 - 04:54 PM

I'm not sure that you should even be able to boot the system with an XP MBR. Let's try and change that with MBRCheck.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your Vista operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users