Inactive Browser Redirect - Malware Infection

bjskitz · 2010/09/15

[Inactive] Browser Redirect - Malware Infection

Hi,

Can you please help me with my browser redirect problem!

Ok, So I was infected by a malware called "Anti-Malware Doctor" and "Security PC" i think?.... anyway i downloaded "Anti-malware Bytes and Super anti Spyware - Free edition" to delete the malware.

Anti-Malware Bytes worked perfectly and deleted the "anti-malware doctor" malware, but I still had a browser redirect problem on Firefox and IE and plus... evry time if i hav too many tabs on firefox.(4-5) then it wuld crash suddenly??? ... is this a consequence of the malware?

so i decided, to do a bit of research, downloaded TDSS Killer and Spybot S&D.

TDSS Killer didnt find any files, and Spybot S&D found 2 , they were "my.web.search......" but Spybot S&D has fixed that and another one but once i re-scanned my pc, the other one didnt show up?? I suspect there could be more infected files.

nyway...it seems as if there is still Malware on my pc and i hav tried to goto systems reg edit... and browse through the "run" folder... and tried to delete some registry keys that could be potential viruses.. but every-time i try it says "unable to delete all specified values"

Im not sure if this is relevant but, I have downloaded this progrm called "gmer" but dont knw how to use it.

I have posted a vid on youtube... just to show u whats rong with my pc....

any help wuld be greatly appreciated!! thanx

http://www.youtube.com/watch?v=FntGI5sxsK0 - Youtube Vid

PeteC · 2010/09/15

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

bjskitz · 2010/09/15

How to?

How do you disable any script blocking protection??

bjskitz · 2010/09/15

DDS and Attach Logs

DDS (Ver_10-03-17.01) - NTFSx86
Run by Bizhan at 16:58:05.11 on Thu 16/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1979.1129 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\BroadCam\broadcam.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bizhan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100910014239.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [RtkOSD] c:\program files\realtek\audio\osd\RtVOsd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\HMIPCore.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\users\bizhan\appdata\roaming\mozilla\firefox\profiles\bye0b6rm.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15439&locale=en_US&apn_uid=C9328663-D7F1-4205-95E0-D26CE0D63356&apn_ptnrs=GJ&apn_sauid=3BE518F0-E8E8-448A-91A8-945883C4852B&apn_dtid=&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-10 386712]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-10 164808]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-10 64304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-1-24 87968]
R2 BroadCamService;BroadCam Video Streaming Server;c:\program files\nch software\broadcam\broadcam.exe [2010-7-10 1052676]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-4-15 78104]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-9-10 88176]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-10 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-10 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-10 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-10 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-10 141792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-16 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-10 55840]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2010-5-9 2752816]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-5 126976]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-10 152992]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-10 312904]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-24 233472]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-24 862208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-2 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-29 228408]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-10 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-10 84264]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-24 174592]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-3 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

=============== Created Last 30 ================

2010-09-15 14:25:58 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 14:25:58 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 14:19:59 0 d-----w- c:\programdata\PC Tools
2010-09-15 03:49:39 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 08:23:55 0 d-----w- c:\users\bizhan\appdata\roaming\hideip_firefox_plugin
2010-09-14 08:23:55 0 d-----w- c:\users\bizhan\appdata\roaming\Hide IP NG
2010-09-14 08:23:54 0 d-----w- c:\program files\Hide IP NG
2010-09-12 08:31:11 0 d-----w- c:\program files\HyperCam Toolbar
2010-09-12 08:31:01 0 d-----w- c:\program files\HyCam2
2010-09-11 17:45:33 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-09-09 15:45:57 0 d-----w- c:\program files\SiteAdvisor
2010-09-09 15:42:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-09 15:42:32 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-09-09 15:42:30 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-09 15:42:30 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-09 15:42:30 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-09 15:42:30 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-09 15:42:30 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-09 15:42:30 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-09 15:42:30 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-09 15:42:30 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-09 15:42:30 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-09 15:42:27 0 d-----w- c:\program files\McAfee.com
2010-09-01 16:33:54 280427965 ----a-w- c:\windows\MEMORY.DMP
2010-08-30 15:46:58 0 d-----w- c:\users\bizhan\appdata\roaming\SUPERAntiSpyware.com
2010-08-30 15:46:58 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-30 15:46:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 06:36:07 0 d-----w- c:\users\bizhan\appdata\roaming\Malwarebytes
2010-08-29 06:29:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 06:29:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 06:29:51 0 d-----w- c:\programdata\Malwarebytes
2010-08-29 06:29:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 06:18:16 0 d--h--w- c:\windows\PIF
2010-08-27 17:50:07 0 d-----w- c:\program files\MSXML 4.0
2010-08-26 14:52:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-26 14:52:23 0 d-----w- c:\program files\PC Connectivity Solution
2010-08-26 14:52:06 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-08-26 14:51:30 0 d-----w- c:\program files\Nokia
2010-08-26 14:51:30 0 d-----w- c:\program files\common files\Nokia
2010-08-26 14:50:09 0 d-----w- c:\programdata\Installations
2010-08-25 06:17:54 571904 ----a-w- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-05-22 09:22:42 32768 --sha-w- c:\windows\temp\cookies\index.dat
2010-05-22 09:22:42 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-05-22 09:22:42 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:58:30.96 ===============

ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/05/2010 3:31:17 PM
System Uptime: 16/09/2010 4:07:45 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 1484
Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz | CPU | 1895/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 158.419 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.908 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP29: 16/07/2010 9:40:53 AM - Windows Update
RP30: 30/07/2010 9:21:48 PM - Scheduled Checkpoint
RP32: 5/08/2010 9:29:19 AM - Windows Modules Installer
RP33: 15/08/2010 3:00:31 AM - Windows Update
RP34: 23/08/2010 7:10:07 AM - Scheduled Checkpoint
RP35: 26/08/2010 6:37:08 AM - Windows Update
RP36: 28/08/2010 3:49:28 AM - Windows Update
RP37: 6/09/2010 1:38:07 AM - Scheduled Checkpoint
RP38: 9/09/2010 3:00:10 AM - Windows Update
RP39: 10/09/2010 1:27:45 AM - Removed Norton Online Backup
RP40: 16/09/2010 3:00:18 AM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office system
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
aTube Catcher
Audacity 1.2.6
Auto Hide IP
BingoLiner
BitTorrent
Bonjour
Bridge Building Game
BroadCam Video Streaming Server
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CopyTrans Suite Remove Only
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
Debut Video Capture Software
DivX Setup
ESU for Microsoft Windows 7
Fancy DVD Copy V3.2.2
FM Screen Capture Codec (Remove Only)
Game Maker 8.0
Google Chrome
Google Earth
Google Update Helper
Hide IP NG 1.57
Hide My IP 5.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0179
HP Wireless Assistant
HPAsset component for HP Active Support Library
HyperCam 2
HyperCam Toolbar
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
iWin Games (remove only)
Java(TM) 6 Update 17
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI HDA Modem
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Mozilla Firefox (3.5.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Nokia Connectivity Cable Driver
Nokia Software Updater
Norton Internet Security
PC Connectivity Solution
Pixillion Image Converter
PKR
Power2Go
PowerDirector
Prism Video Converter
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SoftStylus
Software Informer 1.0 BETA
Spybot - Search & Destroy
StreamTorrent 1.0
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
VideoPad Video Editor
Virtual DJ - Atomix Productions
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinRAR archiver
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

16/09/2010 4:09:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
16/09/2010 3:51:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
15/09/2010 12:05:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
14/09/2010 4:41:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
13/09/2010 2:40:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x8853d408, 0x8853d574, 0x8303fdd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091310-21543-01.
13/09/2010 12:34:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
13/09/2010 12:03:25 AM, Error: Service Control Manager [7034] - The HideMyIpSRV service terminated unexpectedly. It has done this 1 time(s).
13/09/2010 1:42:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
13/09/2010 1:41:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x8757f318, 0x8757f484, 0x83071dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091310-21106-01.
10/09/2010 1:33:30 AM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

==== End Of File ===========================

PeteC · 2010/09/15

Disable Spybot, especially Teatimer and any other resident shields in antispyware or av and run DDS. Then re-enable.

Guidance here ....

http://www.bleepingcomputer.com/forums/topic114351.html

PeteC · 2010/09/15

And the contents of Attach.txt please.

broni · 2010/09/15

...and leave registry alone...

PeteC · 2010/09/16

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

PeteC · 2010/09/16

Broni

Attatch.text added to DDS post above by OP

bjskitz · 2010/09/16

yeh i uninstalled bit torrent

broni · 2010/09/16

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bjskitz · 2010/09/17

Mbam , gmer and mbrcheck logs

MBAM LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4636

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/09/2010 4:21:58 PM
mbam-log-2010-09-17 (16-21-58).txt

Scan type: Quick scan
Objects scanned: 144847
Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Bizhan\downloads\xvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

GMER LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-17 16:46:41
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Bizhan\AppData\Local\Temp\uxryipow.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82222AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82222104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822223F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8220B2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8220A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822221DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82222958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822226F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82222F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822231A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82282599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822A6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1728] kernel32.dll!CreateProcessInternalW 772A42CE 5 Bytes JMP 0018874A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[1288] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [009C77B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000077 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

---- EOF - GMER 1.0.15 ----

MBR CHECK LOG

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario CQ42 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 239):
0x82E4B000 \SystemRoot\system32\ntkrnlpa.exe
0x82E14000 \SystemRoot\system32\halmacpi.dll
0x80BB4000 \SystemRoot\system32\kdcom.dll
0x89237000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x892AF000 \SystemRoot\system32\PSHED.dll
0x892C0000 \SystemRoot\system32\BOOTVID.dll
0x892C8000 \SystemRoot\system32\CLFS.SYS
0x8930A000 \SystemRoot\system32\CI.dll
0x89411000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89482000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89490000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x894D8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x894E1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x894E9000 \SystemRoot\system32\DRIVERS\pci.sys
0x89513000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8951E000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8952D000 \SystemRoot\system32\DRIVERS\mpio.sys
0x89551000 \SystemRoot\System32\drivers\partmgr.sys
0x89562000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8956A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x89575000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x89585000 \SystemRoot\System32\drivers\volmgrx.sys
0x895D0000 \SystemRoot\system32\DRIVERS\intelide.sys
0x895D7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x895E5000 \SystemRoot\system32\DRIVERS\aliide.sys
0x895EC000 \SystemRoot\system32\DRIVERS\amdide.sys
0x895F3000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x893B5000 \SystemRoot\System32\drivers\mountmgr.sys
0x893CB000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x89200000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x89621000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89646000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8964D000 \SystemRoot\system32\DRIVERS\viaide.sys
0x89655000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x89804000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x898DE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x898E7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8990A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x89922000 \SystemRoot\system32\DRIVERS\storport.sys
0x89969000 \SystemRoot\system32\DRIVERS\msahci.sys
0x89973000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x89986000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x89730000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8977C000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x897A2000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x897B6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x897DC000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x89A11000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x89A4E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x89A57000 \SystemRoot\system32\DRIVERS\arc.sys
0x89A6D000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x89A85000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x89AF8000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x89B08000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x89B22000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x89B32000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x89B4C000 \SystemRoot\system32\DRIVERS\megasas.sys
0x89B57000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x89BE9000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x89C2F000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x89C54000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x89E07000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x89E5C000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x89E69000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x89E7F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x89EA4000 \SystemRoot\system32\drivers\fltmgr.sys
0x89ED8000 \SystemRoot\system32\drivers\fileinfo.sys
0x89EE9000 \SystemRoot\system32\drivers\mfehidk.sys
0x8A00B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A13A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8A165000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A178000 \SystemRoot\System32\Drivers\cng.sys
0x8A1D5000 \SystemRoot\System32\drivers\pcw.sys
0x8A1E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89F46000 \SystemRoot\system32\drivers\ndis.sys
0x8A204000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A242000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8A267000 \SystemRoot\System32\drivers\tcpip.sys
0x8A3B0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89DD3000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8A3E1000 \SystemRoot\system32\drivers\TDI.SYS
0x8A3EC000 \SystemRoot\system32\DRIVERS\wd.sys
0x8A432000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8A471000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8A47A000 \SystemRoot\System32\Drivers\spldr.sys
0x8A482000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8A49A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8A4C7000 \SystemRoot\System32\Drivers\mup.sys
0x8A4D7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8A4DF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8A511000 \SystemRoot\system32\DRIVERS\disk.sys
0x8EEFE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EF1D000 \SystemRoot\System32\Drivers\Null.SYS
0x8EF24000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EF2B000 \SystemRoot\System32\drivers\vga.sys
0x8EF37000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EF58000 \SystemRoot\System32\drivers\watchdog.sys
0x8EF65000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EF6D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EF75000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8EF7D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EF88000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EF96000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EFAD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8A52F000 \SystemRoot\system32\drivers\afd.sys
0x8EFDF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8EFE8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8A589000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EFEF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8A5A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8A5B6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8A5C9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A5D9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8A400000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F632000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F673000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F67D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F687000 \SystemRoot\System32\drivers\discache.sys
0x8F693000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F6AB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F6B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F6DA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F6EC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90420000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F6F0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90B64000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90B9D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90BA8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F7A7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x90400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F7D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9401F000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x94110000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9411A000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94157000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9416F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x94178000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x94185000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x941BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x941BE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x941CB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x941D5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x941DE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x941EB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x94000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9040F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A406000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89C17000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BF3000 \SystemRoot\System32\Drivers\pcouffin.sys
0x94018000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96615000 \SystemRoot\system32\DRIVERS\ks.sys
0x96649000 \SystemRoot\system32\DRIVERS\umbus.sys
0x96657000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9669B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98234000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9850B000 \SystemRoot\system32\drivers\portcls.sys
0x9853A000 \SystemRoot\system32\drivers\drmk.sys
0x966AC000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x98553000 \SystemRoot\system32\drivers\modem.sys
0x98560000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x98584000 \SystemRoot\system32\drivers\mfeavfk.sys
0x985A8000 \SystemRoot\system32\drivers\mfefirek.sys
0x98A60000 \SystemRoot\System32\win32k.sys
0x985F3000 \SystemRoot\System32\drivers\Dxapi.sys
0x98200000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x98216000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98223000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8EE0E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x967C8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x967D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8240E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x98CC0000 \SystemRoot\System32\TSDDD.dll
0x98CF0000 \SystemRoot\System32\cdd.dll
0x98D10000 \SystemRoot\System32\ATMFD.DLL
0x82432000 \SystemRoot\system32\drivers\luafv.sys
0x8244D000 \SystemRoot\system32\drivers\WudfPf.sys
0x82467000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82477000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x824BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x824CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x824E0000 \SystemRoot\system32\drivers\HTTP.sys
0x82565000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x8256E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x82587000 \SystemRoot\System32\drivers\mpsdrv.sys
0x82599000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x825BC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x89600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xACE1D000 \SystemRoot\system32\drivers\peauth.sys
0xACEB4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xACEBE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xACEDF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xACEEC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xACF5F000 \SystemRoot\System32\DRIVERS\srv.sys
0xACFB0000 \SystemRoot\system32\drivers\cfwids.sys
0xACFBC000 \SystemRoot\system32\drivers\mfeapfk.sys
0xACFD2000 \SystemRoot\system32\drivers\mfebopk.sys
0xB7C2E000 \SystemRoot\system32\drivers\spsys.sys
0x77000000 \Windows\System32\ntdll.dll
0x482E0000 \Windows\System32\smss.exe
0x77240000 \Windows\System32\apisetschema.dll
0x00F70000 \Windows\System32\autochk.exe
0x771D0000 \Windows\System32\shlwapi.dll
0x76F30000 \Windows\System32\user32.dll
0x76E90000 \Windows\System32\usp10.dll
0x76D30000 \Windows\System32\ole32.dll
0x771A0000 \Windows\System32\imagehlp.dll
0x76C50000 \Windows\System32\kernel32.dll
0x77160000 \Windows\System32\ws2_32.dll
0x76BA0000 \Windows\System32\msvcrt.dll
0x77150000 \Windows\System32\nsi.dll
0x76B20000 \Windows\System32\comdlg32.dll
0x769E0000 \Windows\System32\urlmon.dll
0x75D90000 \Windows\System32\shell32.dll
0x77140000 \Windows\System32\psapi.dll
0x75CC0000 \Windows\System32\msctf.dll
0x75CA0000 \Windows\System32\sechost.dll
0x75C80000 \Windows\System32\imm32.dll
0x75C30000 \Windows\System32\gdi32.dll
0x75C20000 \Windows\System32\lpk.dll
0x75C10000 \Windows\System32\normaliz.dll
0x75A70000 \Windows\System32\setupapi.dll
0x759D0000 \Windows\System32\advapi32.dll
0x757D0000 \Windows\System32\iertutil.dll
0x75780000 \Windows\System32\Wldap32.dll
0x756D0000 \Windows\System32\rpcrt4.dll
0x75640000 \Windows\System32\clbcatq.dll
0x75540000 \Windows\System32\wininet.dll
0x754E0000 \Windows\System32\difxapi.dll
0x75450000 \Windows\System32\oleaut32.dll
0x75420000 \Windows\System32\wintrust.dll
0x753D0000 \Windows\System32\KernelBase.dll
0x753A0000 \Windows\System32\cfgmgr32.dll
0x75380000 \Windows\System32\devobj.dll
0x75260000 \Windows\System32\crypt32.dll
0x751D0000 \Windows\System32\comctl32.dll
0x751C0000 \Windows\System32\msasn1.dll

Processes (total 72):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
540 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
664 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1704 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
1728 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1748 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1768 C:\Program Files\Bonjour\mDNSResponder.exe
1804 C:\Program Files\NCH Software\BroadCam\broadcam.exe
1872 C:\Windows\System32\svchost.exe
1944 C:\Program Files\iWin Games\iWinTrusted.exe
2028 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
332 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
520 C:\Windows\System32\mfevtps.exe
544 C:\Program Files\CyberLink\Shared files\RichVideo.exe
656 C:\Windows\System32\rundll32.exe
732 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1296 C:\Windows\System32\svchost.exe
368 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2060 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2112 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2256 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3016 C:\Windows\System32\svchost.exe
3356 C:\Windows\System32\taskhost.exe
3412 C:\Windows\System32\taskeng.exe
3452 C:\Windows\System32\dwm.exe
3532 C:\Windows\explorer.exe
3760 C:\Program Files\Hide My IP\HideMyIpSrv.exe
3776 C:\Windows\System32\igfxtray.exe
3792 C:\Windows\System32\hkcmd.exe
3812 C:\Windows\System32\igfxpers.exe
3828 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3856 C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
3884 C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
2180 C:\Windows\System32\igfxsrvc.exe
2100 C:\Program Files\Java\jre6\bin\jusched.exe
2660 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
2704 C:\Program Files\McAfee.com\Agent\mcagent.exe
2752 C:\Program Files\Software Informer\softinfo.exe
3904 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3328 C:\Windows\System32\SearchIndexer.exe
3232 C:\Windows\System32\SearchProtocolHost.exe
3632 C:\Program Files\Mozilla Firefox\firefox.exe
2844 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4168 C:\Windows\System32\sppsvc.exe
4212 C:\Program Files\Windows Media Player\wmpnetwk.exe
4320 WmiPrvSE.exe
4528 WmiPrvSE.exe
4984 C:\Windows\servicing\TrustedInstaller.exe
5052 C:\Windows\System32\wuauclt.exe
5152 C:\Windows\explorer.exe
5512 C:\Windows\System32\SearchFilterHost.exe
5732 dllhost.exe
5772 dllhost.exe
5804 C:\Users\Bizhan\Downloads\MBRCheck.exe
5812 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`58300000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003a`32300000 (FAT32)

PhysicalDrive0 Model Number: ST9250410AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 989E30AEB7052A38FA22C8D81FF80A1DB2EC9BEB

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

broni · 2010/09/17

Your MBR seems to be infected...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

bjskitz · 2010/09/18

hi

I have a problem, after this step

- You first need to select your keyboard layout - press Enter for English

It comes up

ERROR = CD DRIVE cant be found
ERROR = CD is potentially infected
ERROR
ERROR
ERROR

ERROR, PLEASE REBOOT COMPUTER???

I followed the instructions carefully

at first i used a blank DVD disc to copy the ISO image file to and then the error came up

then i used a Blank CD, but still the same thing came up!

For my first boot device, it says "Internal DVD/CD DRIVE" as the first one

but when i goto "my computer" and it says "DVD RW DRIVE" not "DVD/CD DRIVE" so im not sure if that's relevant but yea, i dont know whats wrong.. im just going to keep trying

thank you for all the help

bjskitz · 2010/09/18

sorry, the error looks similar to this

Cant open CD DRIVE CRRCACH

SHSUCDX Cant install

ERROR ......Cant find CD DRIVE
ERROR If you have multiple CD ROM DRIVES please .....
ERROR ......
ERROR.....
ERROR Please reboot your computer

..... = words I forgot

broni · 2010/09/18

Hmmm....do you have more, than one CD/DVD drive?

bjskitz · 2010/09/18

im not sure.... i dont think so??? well wen i goto the boot drive options it says "internal CD/DVD DRIVE" and "Notebook HARD DRIVE "... so yeh??

My computer comes up with

Local Disk C:
Recovery D:
HP Tools E:
DVD RW DRIVE F:

broni · 2010/09/18

Are you actually able to:

# Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
# Read the warning and then continue as prompted.
Click to expand...

and you're getting that error after next step:

You first need to select your keyboard layout - press Enter for English.
Click to expand...

??

bjskitz · 2010/09/18

yes yes that is correct, once i press ENTER to select english, this error comes up ! ??

sorry im online at 2:30 am im from australia,im rarely online when u are,

i knw u have to deal with soo many other requests... but please stay online

broni · 2010/09/18

I've never seen this error before, so I'm not sure what's going on here.

Let's see, if downloaded file is OK.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
NTBR_CD.exe
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Log in or Sign up

Inactive Browser Redirect - Malware Infection

bjskitz Inactive Thread Starter

PeteC SuperGeek Staff

bjskitz Inactive Thread Starter

bjskitz Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

broni Moderator Malware Analyst

PeteC SuperGeek Staff

PeteC SuperGeek Staff

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Browser Redirect - Malware Infection

bjskitz Inactive Thread Starter

PeteC SuperGeek Staff

bjskitz Inactive Thread Starter

bjskitz Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

broni Moderator Malware Analyst

PeteC SuperGeek Staff

PeteC SuperGeek Staff

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches