Inactive Unknown malware pc almost unresponsive, DDS run as instructed

wyattspoppa · 2010/08/20

MBR here Broni
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x020003fc

Kernel Drivers (total 191):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 sshrmd.sys
0xBA0C8000 ssfs0bbc.sys
0xB9F3A000 ssidrv.sys
0xB9F0D000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9EEE000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9EC8000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xBA4BC000 cpqarray.sys
0xB9EB0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E98000 atapi.sys
0xBA4C0000 aha154x.sys
0xBA340000 sparrow.sys
0xBA4C4000 symc810.sys
0xBA0F8000 aic78xx.sys
0xBA4C8000 dac960nt.sys
0xBA108000 ql10wnt.sys
0xBA4CC000 amsint.sys
0xBA348000 asc.sys
0xBA4D0000 asc3550.sys
0xBA350000 mraid35x.sys
0xBA358000 i2omp.sys
0xBA4D4000 ini910u.sys
0xBA118000 ql1240.sys
0xBA128000 aic78u2.sys
0xBA360000 symc8xx.sys
0xBA368000 sym_hi.sys
0xBA370000 sym_u3.sys
0xBA378000 ABP480N5.SYS
0xBA380000 asc3350p.sys
0xBA5B8000 cd20xrnt.sys
0xBA138000 ultra.sys
0xB9E7F000 adpu160m.sys
0xBA388000 dpti2o.sys
0xBA148000 ql1080.sys
0xBA158000 ql1280.sys
0xBA168000 ql12160.sys
0xBA390000 perc2.sys
0xBA5BA000 perc2hib.sys
0xBA398000 hpn.sys
0xBA4D8000 cbidf2k.sys
0xB9E53000 dac2w2k.sys
0xBA178000 disk.sys
0xBA188000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E33000 fltmgr.sys
0xB9DDD000 SYMDS.SYS
0xB9DCB000 sr.sys
0xB9D9E000 SYMEFA.SYS
0xBA198000 PxHelp20.sys
0xB9D87000 KSecDD.sys
0xB9CFA000 Ntfs.sys
0xBA1A8000 sisagp.sys
0xBA1B8000 viaagp.sys
0xBA1C8000 ohci1394.sys
0xBA1D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CE0000 Mup.sys
0xBA1E8000 agp440.sys
0xBA1F8000 alim1541.sys
0xBA208000 amdagp.sys
0xBA218000 agpCPQ.sys
0xBA228000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9CA0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8778000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8764000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB873C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA480000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8718000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB86E1000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB86BE000 \SystemRoot\system32\DRIVERS\ks.sys
0xB85C1000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB8514000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA4B0000 \SystemRoot\System32\Drivers\Modem.SYS
0xB84ED000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB84D9000 \SystemRoot\system32\DRIVERS\parport.sys
0xB9C90000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9C80000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9BF8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9C60000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9C50000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9C40000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3F0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA798000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA238000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9BE0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB84C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA248000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB84B1000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA268000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA428000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xBA278000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8481000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5EE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8423000 \SystemRoot\system32\DRIVERS\update.sys
0xB9745000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8212000 \SystemRoot\system32\drivers\sthda.sys
0xA81EE000 \SystemRoot\system32\drivers\portcls.sys
0xB8D8E000 \SystemRoot\system32\drivers\drmk.sys
0xB8D7E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9C10000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA60C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7E4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA614000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA618000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9C00000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA80A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA804A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA7FF3000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS
0xA7FCD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8D5E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA7FA8000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB8D4E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA7F2B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7F09000 \SystemRoot\System32\drivers\afd.sys
0xB8D3E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA7EEA000 \SystemRoot\system32\drivers\NAV\1107000.00C\Ironx86.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8D1E000 \SystemRoot\system32\drivers\NAV\1107000.00C\SRTSPX.SYS
0xA7EBF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7E4F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8D0E000 \SystemRoot\System32\Drivers\Fips.SYS
0xA7DF1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA7DD4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA7D55000 \SystemRoot\system32\drivers\NAV\1107000.00C\ccHPx86.sys
0xA7CA9000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0xBA460000 \SystemRoot\System32\drivers\hphius11.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\hphid411.sys
0xB83FF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA2D8000 \SystemRoot\System32\Drivers\hphs2k11.sys
0xA814A000 \SystemRoot\system32\DRIVERS\hphipr11.sys
0xA8142000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9BD0000 \SystemRoot\System32\drivers\Dxapi.sys
0xA80EE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7A95000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA77CC000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA636000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA769B000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA650000 \SystemRoot\System32\Drivers\MASPINT.SYS
0xA77B8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7554000 \SystemRoot\system32\DRIVERS\srv.sys
0xA74C7000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7653000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6C0A000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SRTSP.SYS
0xA6A1E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100819.019\NAVEX15.SYS
0xA6A0A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100819.019\NAVENG.SYS
0xA6132000 \SystemRoot\system32\drivers\kmixer.sys
0xA60DD000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100818.002\IDSxpx86.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
724 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
980 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
1024 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1424 svchost.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1724 svchost.exe
1768 C:\Program Files\Bonjour\mDNSResponder.exe
1796 C:\WINDOWS\ehome\ehRecvr.exe
1960 C:\WINDOWS\ehome\ehSched.exe
2032 C:\Program Files\Java\jre6\bin\jqs.exe
200 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
448 svchost.exe
460 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
1928 C:\WINDOWS\system32\svchost.exe
1604 wdfmgr.exe
508 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
1352 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
2208 mcrdsvc.exe
2352 C:\WINDOWS\explorer.exe
2916 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2936 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2968 C:\Program Files\iTunes\iTunesHelper.exe
3016 C:\WINDOWS\system32\ctfmon.exe
3308 C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
3596 C:\Program Files\Common Files\AOL\1277259041\ee\aolsoftware.exe
4044 C:\WINDOWS\system32\dllhost.exe
2832 C:\Program Files\iPod\bin\iPodService.exe
3568 alg.exe
1440 C:\WINDOWS\system32\svchost.exe
3340 C:\Program Files\AOL 9.5\waol.exe
500 C:\Program Files\AOL 9.5\shellmon.exe
3336 C:\WINDOWS\system32\notepad.exe
1536 C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
2080 C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\V9QZU39F\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDT722525DLA380, Rev: V44OA91A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 135A4DF114DFDA370A66F39D1C339195B41098B4

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

broni · 2010/08/20

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

wyattspoppa · 2010/08/20

incomplete mbr scan deleted

wyattspoppa · 2010/08/20

erased failed mbr scan to clear up wasted space

broni · 2010/08/20

You didn't follow my instructions.
If you did, MBRCheck log would show you entering "Y ", "0" and "1" for consecutive steps.
Please, re-read my instructions and redo.

wyattspoppa · 2010/08/21

Think this one was correct, I must have inadvertantly copy/pasted one that failed to complete, and unless I misread it, the sequence is Y-enter..2-enter..0-enter..1-enter..Yes..enter. Let's see if this was right..If the task was to write a new mbr code, it did the job...
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 190):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 sshrmd.sys
0xBA0C8000 ssfs0bbc.sys
0xB9F3A000 ssidrv.sys
0xB9F0D000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9EEE000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9EC8000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xBA4BC000 cpqarray.sys
0xB9EB0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E98000 atapi.sys
0xBA4C0000 aha154x.sys
0xBA340000 sparrow.sys
0xBA4C4000 symc810.sys
0xBA0F8000 aic78xx.sys
0xBA4C8000 dac960nt.sys
0xBA108000 ql10wnt.sys
0xBA4CC000 amsint.sys
0xBA348000 asc.sys
0xBA4D0000 asc3550.sys
0xBA350000 mraid35x.sys
0xBA358000 i2omp.sys
0xBA4D4000 ini910u.sys
0xBA118000 ql1240.sys
0xBA128000 aic78u2.sys
0xBA360000 symc8xx.sys
0xBA368000 sym_hi.sys
0xBA370000 sym_u3.sys
0xBA378000 ABP480N5.SYS
0xBA380000 asc3350p.sys
0xBA5B8000 cd20xrnt.sys
0xBA138000 ultra.sys
0xB9E7F000 adpu160m.sys
0xBA388000 dpti2o.sys
0xBA148000 ql1080.sys
0xBA158000 ql1280.sys
0xBA168000 ql12160.sys
0xBA390000 perc2.sys
0xBA5BA000 perc2hib.sys
0xBA398000 hpn.sys
0xBA4D8000 cbidf2k.sys
0xB9E53000 dac2w2k.sys
0xBA178000 disk.sys
0xBA188000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E33000 fltmgr.sys
0xB9DDD000 SYMDS.SYS
0xB9DCB000 sr.sys
0xB9D9E000 SYMEFA.SYS
0xBA198000 PxHelp20.sys
0xB9D87000 KSecDD.sys
0xB9CFA000 Ntfs.sys
0xBA1A8000 sisagp.sys
0xBA1B8000 viaagp.sys
0xBA1C8000 ohci1394.sys
0xBA1D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CE0000 Mup.sys
0xBA1E8000 agp440.sys
0xBA1F8000 alim1541.sys
0xBA208000 amdagp.sys
0xBA218000 agpCPQ.sys
0xBA228000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9CB0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8B4A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8B36000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8AEA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8AB3000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8A90000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8993000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB88E6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3E0000 \SystemRoot\System32\Drivers\Modem.SYS
0xB88BF000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB88AB000 \SystemRoot\system32\DRIVERS\parport.sys
0xB9CA0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9C90000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9C04000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9C80000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9C70000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9C60000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA418000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7F2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9C50000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9BF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8894000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9C40000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA238000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8883000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA248000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA438000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA450000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xBA258000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8853000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB87F5000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BD0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA278000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA85E4000 \SystemRoot\system32\drivers\sthda.sys
0xA85C0000 \SystemRoot\system32\drivers\portcls.sys
0xB9170000 \SystemRoot\system32\drivers\drmk.sys
0xB9160000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA600000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9C18000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6B7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA612000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3C8000 \SystemRoot\System32\drivers\vga.sys
0xBA616000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA61A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9C08000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8475000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA841C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA83F6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA839F000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS
0xB9140000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA837A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB9130000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA8325000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100818.002\IDSxpx86.sys
0xA82FD000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA82DB000 \SystemRoot\System32\drivers\afd.sys
0xB9120000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA82BC000 \SystemRoot\system32\drivers\NAV\1107000.00C\Ironx86.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB9100000 \SystemRoot\system32\drivers\NAV\1107000.00C\SRTSPX.SYS
0xA8291000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8221000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB90F0000 \SystemRoot\System32\Drivers\Fips.SYS
0xA81C3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA81A6000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA8127000 \SystemRoot\system32\drivers\NAV\1107000.00C\ccHPx86.sys
0xA807B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0xA84F0000 \SystemRoot\System32\drivers\hphius11.sys
0xA84E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA298000 \SystemRoot\system32\DRIVERS\hphid411.sys
0xA8518000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA2B8000 \SystemRoot\System32\Drivers\hphs2k11.sys
0xA8510000 \SystemRoot\system32\DRIVERS\hphipr11.sys
0xA8508000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9BC8000 \SystemRoot\System32\drivers\Dxapi.sys
0xA84B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7E1B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7B9E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA658000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7A6D000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA5BC000 \SystemRoot\System32\Drivers\MASPINT.SYS
0xA7B7E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7926000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7899000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7A05000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7344000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SRTSP.SYS
0xA60CE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100820.018\NAVEX15.SYS
0xA60BA000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100820.018\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
724 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
980 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
1020 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1200 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1444 svchost.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1720 svchost.exe
1756 C:\Program Files\Bonjour\mDNSResponder.exe
1784 C:\WINDOWS\ehome\ehRecvr.exe
1956 C:\WINDOWS\ehome\ehSched.exe
2032 C:\Program Files\Java\jre6\bin\jqs.exe
184 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
464 svchost.exe
476 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
1912 C:\WINDOWS\system32\svchost.exe
1940 wdfmgr.exe
388 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
1768 mcrdsvc.exe
2340 C:\WINDOWS\system32\dllhost.exe
2464 alg.exe
2708 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
3212 C:\WINDOWS\explorer.exe
3700 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3792 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3848 C:\Program Files\iTunes\iTunesHelper.exe
3956 C:\WINDOWS\system32\svchost.exe
4032 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
196 C:\WINDOWS\system32\ctfmon.exe
372 C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
2908 C:\Program Files\iPod\bin\iPodService.exe
508 C:\Program Files\Common Files\AOL\1277259041\ee\aolsoftware.exe
1948 C:\Program Files\Microsoft Office\Office\WINWORD.EXE
2324 C:\WINDOWS\msagent\agentsvr.exe
700 SSU.exe
3372 C:\WINDOWS\system32\notepad.exe
3120 C:\Program Files\AOL 9.5\waol.exe
548 C:\Program Files\AOL 9.5\shellmon.exe
1688 C:\Program Files\Internet Explorer\iexplore.exe
3572 C:\Program Files\Internet Explorer\iexplore.exe
1892 C:\Program Files\Internet Explorer\iexplore.exe
3720 C:\Program Files\Internet Explorer\iexplore.exe
1108 C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\0JKSXCEY\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDT722525DLA380, Rev: V44OA91A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 135A4DF114DFDA370A66F39D1C339195B41098B4

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

broni · 2010/08/21

Then reboot, run MBRCheck again and post new log.
Click to expand...

.....

wyattspoppa · 2010/08/21

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x020003fc

Kernel Drivers (total 196):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 sshrmd.sys
0xBA0C8000 ssfs0bbc.sys
0xB9F3A000 ssidrv.sys
0xB9F0D000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9EEE000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9EC8000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xBA4BC000 cpqarray.sys
0xB9EB0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E98000 atapi.sys
0xBA4C0000 aha154x.sys
0xBA340000 sparrow.sys
0xBA4C4000 symc810.sys
0xBA0F8000 aic78xx.sys
0xBA4C8000 dac960nt.sys
0xBA108000 ql10wnt.sys
0xBA4CC000 amsint.sys
0xBA348000 asc.sys
0xBA4D0000 asc3550.sys
0xBA350000 mraid35x.sys
0xBA358000 i2omp.sys
0xBA4D4000 ini910u.sys
0xBA118000 ql1240.sys
0xBA128000 aic78u2.sys
0xBA360000 symc8xx.sys
0xBA368000 sym_hi.sys
0xBA370000 sym_u3.sys
0xBA378000 ABP480N5.SYS
0xBA380000 asc3350p.sys
0xBA5B8000 cd20xrnt.sys
0xBA138000 ultra.sys
0xB9E7F000 adpu160m.sys
0xBA388000 dpti2o.sys
0xBA148000 ql1080.sys
0xBA158000 ql1280.sys
0xBA168000 ql12160.sys
0xBA390000 perc2.sys
0xBA5BA000 perc2hib.sys
0xBA398000 hpn.sys
0xBA4D8000 cbidf2k.sys
0xB9E53000 dac2w2k.sys
0xBA178000 disk.sys
0xBA188000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E33000 fltmgr.sys
0xB9DDD000 SYMDS.SYS
0xB9DCB000 sr.sys
0xB9D9E000 SYMEFA.SYS
0xBA198000 PxHelp20.sys
0xB9D87000 KSecDD.sys
0xB9CFA000 Ntfs.sys
0xBA1A8000 sisagp.sys
0xBA1B8000 viaagp.sys
0xBA1C8000 ohci1394.sys
0xBA1D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CE0000 Mup.sys
0xBA1E8000 agp440.sys
0xBA1F8000 alim1541.sys
0xBA208000 amdagp.sys
0xBA218000 agpCPQ.sys
0xBA288000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9612000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB901C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9008000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8FE0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8FBC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8F85000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8F62000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8E65000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB8DB8000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3E0000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8D91000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB8D7D000 \SystemRoot\system32\DRIVERS\parport.sys
0xB9602000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB95F2000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9BF4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB95E2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB95D2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB95C2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA6AB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB95B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9BEC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D66000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA298000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8D55000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA410000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xBA2C8000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8D25000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA418000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8CC7000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BD4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8AB6000 \SystemRoot\system32\drivers\sthda.sys
0xA8A92000 \SystemRoot\system32\drivers\portcls.sys
0xB9CD0000 \SystemRoot\system32\drivers\drmk.sys
0xB9CC0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA60C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5A0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA622000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6BF000 \SystemRoot\System32\Drivers\Null.SYS
0xBA624000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA440000 \SystemRoot\System32\drivers\vga.sys
0xBA626000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA628000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA448000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9C1C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8947000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA88EE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8897000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS
0xA8871000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9CA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA884C000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB9C90000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA87CF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA87AD000 \SystemRoot\System32\drivers\afd.sys
0xB9C80000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA878E000 \SystemRoot\system32\drivers\NAV\1107000.00C\Ironx86.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB9C60000 \SystemRoot\system32\drivers\NAV\1107000.00C\SRTSPX.SYS
0xA8763000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA86F3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9C50000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8695000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA8678000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA85F9000 \SystemRoot\system32\drivers\NAV\1107000.00C\ccHPx86.sys
0xA854D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0xBA4A8000 \SystemRoot\System32\drivers\hphius11.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA228000 \SystemRoot\system32\DRIVERS\hphid411.sys
0xB8CAF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA248000 \SystemRoot\System32\Drivers\hphs2k11.sys
0xB8CAB000 \SystemRoot\system32\DRIVERS\hphipr11.sys
0xB8CA3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA258000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9C04000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA420000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6B7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8345000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8020000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA648000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7FB7000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA664000 \SystemRoot\System32\Drivers\MASPINT.SYS
0xA8014000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7D58000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7D1B000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8125000 \SystemRoot\system32\drivers\sysaudio.sys
0xA783E000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SRTSP.SYS
0xA66B8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100820.001\IDSxpx86.sys
0xBA690000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xBA478000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xA661D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA6572000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xA7C4C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA488000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xA6426000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100820.051\NAVEX15.SYS
0xA6412000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100820.051\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
648 C:\WINDOWS\system32\smss.exe
720 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
976 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
1020 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1184 C:\WINDOWS\system32\svchost.exe
1328 svchost.exe
1444 svchost.exe
1556 C:\WINDOWS\system32\spoolsv.exe
1716 svchost.exe
1760 C:\Program Files\Bonjour\mDNSResponder.exe
1788 C:\WINDOWS\ehome\ehRecvr.exe
1952 C:\WINDOWS\ehome\ehSched.exe
2020 C:\Program Files\Java\jre6\bin\jqs.exe
188 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
376 svchost.exe
384 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
448 C:\WINDOWS\system32\svchost.exe
364 wdfmgr.exe
636 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
1888 mcrdsvc.exe
2304 C:\WINDOWS\system32\dllhost.exe
2532 alg.exe
3416 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
3652 C:\WINDOWS\explorer.exe
4092 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
1964 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
768 C:\Program Files\iTunes\iTunesHelper.exe
1464 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
1724 C:\WINDOWS\system32\svchost.exe
608 C:\WINDOWS\system32\ctfmon.exe
2440 C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
2568 C:\Program Files\AOL 9.5\waol.exe
2936 C:\Program Files\iPod\bin\iPodService.exe
3168 C:\Program Files\Common Files\AOL\1277259041\ee\aolsoftware.exe
2204 C:\Program Files\AOL 9.5\shellmon.exe
588 SSU.exe
2392 C:\Program Files\Logitech\SetPointP\SetPoint.exe
912 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
2940 C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
3472 C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\0JKSXCEY\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDT722525DLA380, Rev: V44OA91A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 135A4DF114DFDA370A66F39D1C339195B41098B4

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

broni · 2010/08/21

Unfortunately our fix didn't work, which happens, so we'll have to another method...

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y ".)

exit

Reboot computer.

Post fresh MBRCheck log.

wyattspoppa · 2010/08/23

Sorry I was sick today,
Not seeing the recovery console, when I reboot I only see the 2 F options to boot into the BIOS, wasn't sure if that's what you meant.
I'm on a Gateway in WXP if you didn't know. I did change it to 10 seconds also, just saw the F8 and F10 longer
Tommy

broni · 2010/08/23

OK, you may have it not installed...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wyattspoppa · 2010/08/23

May I ask about how long it should take? Just need an idea how long my pc will be unavailable today (1 hour or 8).
Many thanks again for your generosity

broni · 2010/08/23

Normally, Combofix should take no more, than 10-15 minutes.

wyattspoppa · 2010/08/24

Thanks B, I'll have it for you today, pulled a couple of all nighters balancing my biz and taking care of a sick child. They hurt alot less in my 20's!

broni · 2010/08/24

Not a problem

broni · 2010/08/29

Are you still out there?

Log in or Sign up

Inactive Unknown malware pc almost unresponsive, DDS run as instructed

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Unknown malware pc almost unresponsive, DDS run as instructed

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

wyattspoppa Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches