1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Redirect virus and Just In Time Debugging problem

Discussion in 'Malware and Virus Removal Archive' started by ourloop, 2010/11/23.

Thread Status:
Not open for further replies.
Page 3 of 5
  1. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, please.
     
    broni,
    #41
  2. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    2010/11/25 15:04:42.0937 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
    2010/11/25 15:04:42.0937 ================================================================================
    2010/11/25 15:04:42.0937 SystemInfo:
    2010/11/25 15:04:42.0937
    2010/11/25 15:04:42.0937 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/25 15:04:42.0937 Product type: Workstation
    2010/11/25 15:04:42.0937 ComputerName: PAVILION
    2010/11/25 15:04:42.0937 UserName: HP_Owner
    2010/11/25 15:04:42.0937 Windows directory: C:\WINDOWS
    2010/11/25 15:04:42.0937 System windows directory: C:\WINDOWS
    2010/11/25 15:04:42.0937 Processor architecture: Intel x86
    2010/11/25 15:04:42.0937 Number of processors: 2
    2010/11/25 15:04:42.0937 Page size: 0x1000
    2010/11/25 15:04:42.0937 Boot type: Normal boot
    2010/11/25 15:04:42.0937 ================================================================================
    2010/11/25 15:04:43.0187 Initialize success
    2010/11/25 15:04:44.0531 ================================================================================
    2010/11/25 15:04:44.0531 Scan started
    2010/11/25 15:04:44.0531 Mode: Manual;
    2010/11/25 15:04:44.0531 ================================================================================
    2010/11/25 15:04:47.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/25 15:04:47.0531 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/25 15:04:48.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/25 15:04:48.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/25 15:04:49.0875 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2010/11/25 15:04:51.0812 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    2010/11/25 15:04:53.0640 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2010/11/25 15:04:54.0562 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    2010/11/25 15:04:55.0046 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2010/11/25 15:04:55.0937 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/11/25 15:04:57.0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/25 15:04:58.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/25 15:04:59.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/25 15:05:00.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/25 15:05:00.0765 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/25 15:05:01.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/25 15:05:01.0671 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/25 15:05:02.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/25 15:05:03.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/25 15:05:03.0546 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/25 15:05:06.0562 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/25 15:05:07.0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/25 15:05:07.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/25 15:05:08.0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/25 15:05:08.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/25 15:05:09.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/25 15:05:10.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/25 15:05:10.0593 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
    2010/11/25 15:05:11.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/25 15:05:11.0671 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    2010/11/25 15:05:12.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/25 15:05:12.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/25 15:05:13.0281 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/11/25 15:05:13.0750 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/25 15:05:14.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/25 15:05:14.0703 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/25 15:05:15.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/25 15:05:15.0671 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/25 15:05:16.0140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/25 15:05:17.0109 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2010/11/25 15:05:17.0671 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2010/11/25 15:05:18.0343 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2010/11/25 15:05:18.0875 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/25 15:05:20.0187 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/25 15:05:20.0875 ialm (53fdf10a5baf4f0a345bc5e941392186) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2010/11/25 15:05:21.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/25 15:05:24.0062 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/11/25 15:05:26.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/11/25 15:05:26.0578 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/25 15:05:27.0031 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/11/25 15:05:27.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/25 15:05:27.0953 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/25 15:05:28.0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/25 15:05:28.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/25 15:05:29.0468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/25 15:05:30.0000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/25 15:05:30.0718 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    2010/11/25 15:05:31.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/25 15:05:31.0734 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
    2010/11/25 15:05:32.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/25 15:05:32.0734 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/25 15:05:33.0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/25 15:05:34.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/25 15:05:34.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/25 15:05:35.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/25 15:05:36.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/25 15:05:36.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/25 15:05:37.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/25 15:05:38.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/25 15:05:38.0531 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/25 15:05:38.0984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/25 15:05:39.0453 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/25 15:05:39.0906 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/25 15:05:40.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/25 15:05:40.0890 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/25 15:05:41.0406 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/25 15:05:41.0843 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/25 15:05:42.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/25 15:05:42.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/25 15:05:43.0578 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/25 15:05:44.0093 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/25 15:05:44.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/25 15:05:45.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/25 15:05:45.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/11/25 15:05:46.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/25 15:05:46.0734 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/25 15:05:47.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/25 15:05:48.0593 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/25 15:05:49.0859 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/25 15:05:50.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/25 15:05:50.0921 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/11/25 15:05:51.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/25 15:05:51.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/25 15:05:52.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/25 15:05:52.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/25 15:05:53.0718 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/25 15:05:54.0218 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/25 15:05:54.0781 PCTCore (d302a59e6d1842a201930928a5bad68b) C:\WINDOWS\system32\drivers\PCTCore.sys
    2010/11/25 15:05:55.0406 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
    2010/11/25 15:05:56.0109 pctplsg (5aa75b88e57aedf7fdb1f6b5196ad8a6) C:\WINDOWS\system32\drivers\pctplsg.sys
    2010/11/25 15:05:59.0171 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    2010/11/25 15:05:59.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/25 15:06:00.0125 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/11/25 15:06:00.0609 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
    2010/11/25 15:06:01.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/25 15:06:01.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/25 15:06:02.0250 PxHelp20 (d6ab98dcf05efe76431414efb49ed66a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/25 15:06:04.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/25 15:06:05.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/25 15:06:05.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/25 15:06:06.0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/25 15:06:06.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/25 15:06:07.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/25 15:06:07.0968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/25 15:06:08.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/25 15:06:09.0250 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    2010/11/25 15:06:09.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/25 15:06:10.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/25 15:06:10.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/25 15:06:11.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/25 15:06:12.0156 SiS315 (7467e510c81b19a6b590a3868f499b23) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    2010/11/25 15:06:12.0593 SiSkp (14ed728e44b0e7a169217127d8510ca9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    2010/11/25 15:06:13.0078 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
    2010/11/25 15:06:13.0531 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/25 15:06:14.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/25 15:06:15.0187 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/25 15:06:15.0921 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/25 15:06:16.0421 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/25 15:06:16.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/25 15:06:17.0406 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/25 15:06:19.0625 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/25 15:06:20.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/25 15:06:20.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/25 15:06:21.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/25 15:06:21.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/25 15:06:22.0515 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys
    2010/11/25 15:06:23.0000 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys
    2010/11/25 15:06:23.0515 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys
    2010/11/25 15:06:24.0406 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
    2010/11/25 15:06:24.0906 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/25 15:06:25.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/25 15:06:26.0468 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/11/25 15:06:26.0937 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/11/25 15:06:27.0406 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    2010/11/25 15:06:28.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/25 15:06:28.0656 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    2010/11/25 15:06:29.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/25 15:06:29.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/25 15:06:30.0156 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    2010/11/25 15:06:30.0640 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/11/25 15:06:31.0109 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/11/25 15:06:31.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/25 15:06:32.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/25 15:06:32.0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/25 15:06:32.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/25 15:06:33.0437 viagfx (19bba101cb87d18ff04e7f24e1792ab0) C:\WINDOWS\system32\DRIVERS\vtmini.sys
    2010/11/25 15:06:33.0890 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/11/25 15:06:34.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/25 15:06:36.0015 VX1000 (56d237a542fc494f6cd77c480dbf1a15) C:\WINDOWS\system32\DRIVERS\VX1000.sys
    2010/11/25 15:06:37.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/25 15:06:38.0062 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/25 15:06:38.0546 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/11/25 15:06:39.0000 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/11/25 15:06:39.0484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/25 15:06:40.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/25 15:06:40.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/25 15:06:40.0531 ================================================================================
    2010/11/25 15:06:40.0531 Scan finished
    2010/11/25 15:06:40.0531 ================================================================================
     
    ourloop,
    #42


  3. to hide this advert.

  4. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's clean.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
    broni,
    #43
  5. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000003fd

    Kernel Drivers (total 119):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0x8A910000 \WINDOWS\system32\KDCOM.DLL
    0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA5AA000 viaide.sys
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F31000 atapi.sys
    0xB9F0E000 fasttx2k.sys
    0xB9EF6000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9ED6000 fltmgr.sys
    0xB9EC4000 sr.sys
    0xB9E8D000 PCTCore.sys
    0xBA0F8000 TfSysMon.sys
    0xB9E7C000 TfFsMon.sys
    0xBA338000 PxHelp20.sys
    0xB9E65000 KSecDD.sys
    0xB9E52000 WudfPf.sys
    0xB9DC5000 Ntfs.sys
    0xB9D98000 NDIS.sys
    0xBA108000 uagp35.sys
    0xBA118000 ohci1394.sys
    0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9D7E000 Mup.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA450000 \SystemRoot\system32\drivers\iviaspi.sys
    0xB9D52000 \SystemRoot\system32\drivers\pfc.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8DD6000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA458000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8DB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9D42000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB8D9E000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB9D3E000 \SystemRoot\system32\DRIVERS\PS2.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA488000 \SystemRoot\system32\DRIVERS\fetnd5.sys
    0xB8D76000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8C71000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xBA490000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA7E5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA544000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8C5A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA498000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8C49000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA4A8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5EA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8BEB000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA558000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA318000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA178000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA636000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB52BE000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB529A000 \SystemRoot\system32\drivers\portcls.sys
    0xB82E6000 \SystemRoot\system32\drivers\drmk.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBA63A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7F5000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA63C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8409000 \SystemRoot\System32\drivers\vga.sys
    0xB51BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0xBA63E000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA640000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8401000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB83F9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB5E97000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB518B000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB5132000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB510C000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB50E4000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB82D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB50C2000 \SystemRoot\System32\drivers\afd.sys
    0xB82C6000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB5E7F000 \SystemRoot\system32\DRIVERS\srvkp.sys
    0xB5097000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB5027000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8286000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB3757000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB1D8C000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB1D74000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA5FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB255C000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB296E000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xB2010000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBFF50000 \SystemRoot\System32\framebuf.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB1548000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB1457000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB13B0000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB116B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB8256000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB5C14000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAFCC5000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 52):
    0 System Idle Process
    4 System
    616 C:\WINDOWS\system32\smss.exe
    680 csrss.exe
    704 C:\WINDOWS\system32\winlogon.exe
    752 C:\WINDOWS\system32\services.exe
    764 C:\WINDOWS\system32\lsass.exe
    936 C:\WINDOWS\system32\svchost.exe
    1048 svchost.exe
    1188 C:\WINDOWS\system32\svchost.exe
    1244 C:\WINDOWS\system32\svchost.exe
    1412 svchost.exe
    1500 svchost.exe
    1620 C:\WINDOWS\system32\spoolsv.exe
    180 svchost.exe
    224 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    244 C:\Program Files\Bonjour\mDNSResponder.exe
    368 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    600 C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    1092 sqlbrowser.exe
    1336 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    1428 C:\WINDOWS\system32\svchost.exe
    1788 C:\WINDOWS\system32\wuauclt.exe
    1908 C:\WINDOWS\explorer.exe
    540 C:\WINDOWS\system\hpsysdrv.exe
    116 C:\WINDOWS\system32\hphmon06.exe
    640 C:\hp\KBD\kbd.exe
    660 C:\WINDOWS\system32\Keyhook.exe
    1596 C:\WINDOWS\AGRSMMSG.exe
    1696 C:\WINDOWS\RTHDCPL.exe
    1704 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    1708 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    376 C:\WINDOWS\vVX1000.exe
    1872 C:\Program Files\iTunes\iTunesHelper.exe
    2028 C:\Program Files\Skype\Phone\Skype.exe
    2052 C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
    2060 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2072 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2080 C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    2088 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    3024 alg.exe
    3644 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3848 C:\Program Files\iPod\bin\iPodService.exe
    4032 C:\WINDOWS\system32\ctfmon.exe
    3124 C:\Program Files\Internet Explorer\iexplore.exe
    1736 C:\WINDOWS\system32\wuauclt.exe
    2688 C:\WINDOWS\system32\wuauclt.exe
    1180 C:\Program Files\Internet Explorer\iexplore.exe
    2388 C:\WINDOWS\system32\wuauclt.exe
    524 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    3500 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
    3000 C:\Documents and Settings\HP_Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`7372a000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: WDCWD2000BB-22GUA0, Rev: 08.02D08

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
    ourloop,
    #44
  6. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, we have to fix your MBR....

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
    broni,
    #45
  7. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    Major problem... I don't have a CD burner.

    What now?
     
    ourloop,
    #46
  8. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y ".)

    exit

    Reboot computer.

    Post fresh MBRCheck log.
     
    broni,
    #47
  9. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    Can I use a thumbdrive?
     
    ourloop,
    #48
  10. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Thumbdrive to do what?
     
    broni,
    #49
  11. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    nevermind, I'm trying your 2nd step as above.

    QUESTION: I do not see an option for selecting the Recovery Console. Should I be rebooting in safemode?


    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y ".)

    exit

    Reboot computer.

    Post fresh MBRCheck log
     
    ourloop,
    #50
  12. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Judging from your Combofix log, recovery console should be present on your computer.

    You have to watch computer's screen very closely after reboot.
    That option will be visible only for 2 seconds.

    You can always....
    Let me know.
     
    broni,
    #51
  13. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    Ok. I will give it a go.

    I know it's a Holiday, so Thanks for hanging in with me.

    Doing now.
     
    ourloop,
    #52
  14. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #53
  15. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    No Recovery console - I set the time for 20 seconds... nothing. However, I went in on safemode and found the recovery console. When I selected recovery console it gave me three choices. One was : C:\WINDOWS When I selected that one, it just said :WINDOWS>

    I didn't want to do anything until I asked you.

    And everytime I reboot, I have to wait for FastScan and then that ever annoying Just-In-Time Debugger and/or close all the browsers I redirected to.

    So whta do I do now?
     
    ourloop,
    #54
  16. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    Sorry about the spelling and frustration. Long day.
     
    ourloop,
    #55
  17. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you have Windows XP CD...
    1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
    2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
    You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:

    [​IMG]

    3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
    Select the installation number, and hit Enter.
    If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
    You will be greeted with this screen, which indicates a recovery console at the ready:

    [​IMG]

    Then proceed with the rest of instructions from my reply #50 (fixmbr).
     
    broni,
    #56
  18. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    You're going to love this... when I got the machine, it didn't come with Windows XP CD.

    What now?
     
    ourloop,
    #57
  19. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    I'm trying to get my CD Burner to work. How long does it take to burn the image from BurnCDCC? It looks like its burning and only runs for about two minutes, then it says "please insert a blank disc ". Does that mean that it burned it already?
     
    ourloop,
    #58
  20. 2010/11/25
    ourloop

    ourloop Inactive Thread Starter

    Joined:
    2010/11/23
    Messages:
    52
    Likes Received:
    0
    Have I lost you on this? I hope not.
     
    ourloop,
    #59
  21. 2010/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Burning that disk doesn't take long, but if it says "please insert blank disk ", I don't think, it's successful.
    You can try to boot from it, but I doubt, it'll work.
    We have several ways to fix that MBR, but you either need Windows CD, or working burner.
    Any friend, neighbor with working burner?
     
    broni,
    #60
Page 3 of 5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...