Machine will not boot after attempting to remove malware
Started by
Steve DeVore
, Dec 11 2010 03:12 PM
-
This topic is locked
#31
Posted 15 December 2010 - 12:04 AM
Steve DeVore
- Topic Starter
-
- Member
-
- 140 posts
Member
#32
Posted 15 December 2010 - 12:05 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
I think it worked
What worked?
Edited by Salagubang, 15 December 2010 - 12:05 AM.
#33
Posted 15 December 2010 - 12:08 AM
Steve DeVore
- Topic Starter
-
- Member
-
- 140 posts
Member
I made the change in the bios that you requested, was able to get into recovery console, used the command fixmbr and the typed exit. The machine then rebooted into windows on it's own without the usb. Now the machine is reinstalling devices.
#34
Posted 15 December 2010 - 12:13 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi,
Ok I'll pause here. I need to review the latest logs and will need approval for the instructions in removing the last of them nasties.
If you'd like to post updates please do so, as every information will be invaluable for me in fixing your machine.
Ok I'll pause here. I need to review the latest logs and will need approval for the instructions in removing the last of them nasties.
If you'd like to post updates please do so, as every information will be invaluable for me in fixing your machine.
Edited by Salagubang, 15 December 2010 - 12:14 AM.
#35
Posted 15 December 2010 - 12:20 AM
Steve DeVore
- Topic Starter
-
- Member
-
- 140 posts
Member
I ran another mbrcheck juat to be sure here are the results:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A87000 \WINDOWS\system32\KDCOM.DLL
0xF7997000 \WINDOWS\system32\BOOTVID.dll
0xF7458000 ACPI.sys
0xF7A89000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7447000 pci.sys
0xF7587000 isapnp.sys
0xF7597000 ohci1394.sys
0xF75A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF799B000 compbatt.sys
0xF799F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B4F000 pciide.sys
0xF7807000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7429000 pcmcia.sys
0xF75B7000 MountMgr.sys
0xF740A000 ftdisk.sys
0xF7A8B000 dmload.sys
0xF73E4000 dmio.sys
0xF780F000 PartMgr.sys
0xF79A3000 ACPIEC.sys
0xF7B50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75C7000 VolSnap.sys
0xF732D000 iaStor.sys
0xF7315000 atapi.sys
0xF7817000 cercsr6.sys
0xF72FD000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF75D7000 disk.sys
0xF75E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72DD000 fltmgr.sys
0xF72CB000 sr.sys
0xF72B4000 KSecDD.sys
0xF7227000 Ntfs.sys
0xF71FA000 NDIS.sys
0xF71E0000 Mup.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6A10000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF69FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF69D4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF67B1000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xF78F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF678D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78FF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7617000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6779000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7627000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7907000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF790F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7637000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7647000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7657000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6756000 \SystemRoot\system32\DRIVERS\ks.sys
0xF71AC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF7667000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF71A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF71A4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6611000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7CCB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7677000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7697000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7927000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65E9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF792F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7937000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6519000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF64BB000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FBA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6FB6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA777000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xAA753000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xAA73B000 \SystemRoot\system32\drivers\AEAudio.sys
0xAA615000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7AD3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF793F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA595000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xAA573000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xAA55F000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xAA411000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101128.002\navex15.sys
0xAA3FD000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101128.002\naveng.sys
0xF7AD9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BF9000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF795F000 \SystemRoot\System32\drivers\vga.sys
0xF7AE7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AEB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7967000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF796F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A7F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9CC2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9C69000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9C2E000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA9C08000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7767000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9BE0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7777000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9BBE000 \SystemRoot\System32\drivers\afd.sys
0xF7787000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9B93000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9B23000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9AC5000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA9AA8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF77D7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9A90000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF646F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7857000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xA9980000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9563000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B1F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7C01000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA93F3000 \SystemRoot\system32\DRIVERS\srv.sys
0xA910E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA94AB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A9F000 \SystemRoot\system32\drivers\splitter.sys
0xA90C3000 \SystemRoot\system32\drivers\aec.sys
0xA9373000 \SystemRoot\system32\drivers\swmidi.sys
0xA9363000 \SystemRoot\system32\drivers\DMusic.sys
0xA9098000 \SystemRoot\system32\drivers\kmixer.sys
0xF7B63000 \SystemRoot\system32\drivers\drmkaud.sys
0xA88F7000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 54):
0 System Idle Process
4 System
844 C:\WINDOWS\system32\smss.exe
896 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1144 C:\WINDOWS\system32\svchost.exe
1220 svchost.exe
1364 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1560 svchost.exe
1904 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1932 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
744 C:\WINDOWS\system32\spoolsv.exe
1324 svchost.exe
1356 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1392 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1440 C:\Program Files\Symantec AntiVirus\DefWatch.exe
1660 C:\WINDOWS\system32\svchost.exe
1724 C:\WINDOWS\system32\svchost.exe
1744 C:\Program Files\Java\jre6\bin\jqs.exe
1836 C:\WINDOWS\system32\svchost.exe
280 C:\WINDOWS\system32\svchost.exe
312 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
544 C:\WINDOWS\system32\svchost.exe
584 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
636 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1044 C:\WINDOWS\explorer.exe
2164 wmiprvse.exe
2172 C:\WINDOWS\system32\wuauclt.exe
2236 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2412 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2420 C:\WINDOWS\system32\igfxtray.exe
2428 C:\WINDOWS\system32\hkcmd.exe
2436 C:\WINDOWS\system32\igfxpers.exe
2452 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2460 C:\PROGRA~1\SYMANT~1\VPTray.exe
2472 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
2508 C:\WINDOWS\system32\igfxsrvc.exe
2572 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2752 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2768 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2844 C:\Program Files\Symantec AntiVirus\DoScan.exe
2896 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2928 C:\Program Files\AWS\WeatherBug\Weather.exe
3144 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3176 C:\WINDOWS\system32\ctfmon.exe
3252 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3264 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3296 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3564 C:\Documents and Settings\Reeves\Desktop\MBRCheck.exe
3820 alg.exe
3964 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC7BP
Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A87000 \WINDOWS\system32\KDCOM.DLL
0xF7997000 \WINDOWS\system32\BOOTVID.dll
0xF7458000 ACPI.sys
0xF7A89000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7447000 pci.sys
0xF7587000 isapnp.sys
0xF7597000 ohci1394.sys
0xF75A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF799B000 compbatt.sys
0xF799F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B4F000 pciide.sys
0xF7807000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7429000 pcmcia.sys
0xF75B7000 MountMgr.sys
0xF740A000 ftdisk.sys
0xF7A8B000 dmload.sys
0xF73E4000 dmio.sys
0xF780F000 PartMgr.sys
0xF79A3000 ACPIEC.sys
0xF7B50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75C7000 VolSnap.sys
0xF732D000 iaStor.sys
0xF7315000 atapi.sys
0xF7817000 cercsr6.sys
0xF72FD000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF75D7000 disk.sys
0xF75E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72DD000 fltmgr.sys
0xF72CB000 sr.sys
0xF72B4000 KSecDD.sys
0xF7227000 Ntfs.sys
0xF71FA000 NDIS.sys
0xF71E0000 Mup.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6A10000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF69FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF69D4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF67B1000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xF78F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF678D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78FF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7617000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6779000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7627000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7907000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF790F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7637000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7647000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7657000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6756000 \SystemRoot\system32\DRIVERS\ks.sys
0xF71AC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF7667000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF71A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF71A4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6611000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7CCB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7677000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7697000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7927000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65E9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF792F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7937000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6519000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF64BB000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FBA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6FB6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA777000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xAA753000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xAA73B000 \SystemRoot\system32\drivers\AEAudio.sys
0xAA615000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7AD3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF793F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA595000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xAA573000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xAA55F000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xAA411000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101128.002\navex15.sys
0xAA3FD000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101128.002\naveng.sys
0xF7AD9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BF9000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF795F000 \SystemRoot\System32\drivers\vga.sys
0xF7AE7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AEB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7967000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF796F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A7F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9CC2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9C69000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9C2E000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA9C08000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7767000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9BE0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7777000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9BBE000 \SystemRoot\System32\drivers\afd.sys
0xF7787000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9B93000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9B23000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9AC5000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA9AA8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF77D7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9A90000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF646F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7857000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xA9980000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9563000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B1F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7C01000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA93F3000 \SystemRoot\system32\DRIVERS\srv.sys
0xA910E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA94AB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A9F000 \SystemRoot\system32\drivers\splitter.sys
0xA90C3000 \SystemRoot\system32\drivers\aec.sys
0xA9373000 \SystemRoot\system32\drivers\swmidi.sys
0xA9363000 \SystemRoot\system32\drivers\DMusic.sys
0xA9098000 \SystemRoot\system32\drivers\kmixer.sys
0xF7B63000 \SystemRoot\system32\drivers\drmkaud.sys
0xA88F7000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 54):
0 System Idle Process
4 System
844 C:\WINDOWS\system32\smss.exe
896 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1144 C:\WINDOWS\system32\svchost.exe
1220 svchost.exe
1364 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1560 svchost.exe
1904 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1932 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
744 C:\WINDOWS\system32\spoolsv.exe
1324 svchost.exe
1356 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1392 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1440 C:\Program Files\Symantec AntiVirus\DefWatch.exe
1660 C:\WINDOWS\system32\svchost.exe
1724 C:\WINDOWS\system32\svchost.exe
1744 C:\Program Files\Java\jre6\bin\jqs.exe
1836 C:\WINDOWS\system32\svchost.exe
280 C:\WINDOWS\system32\svchost.exe
312 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
544 C:\WINDOWS\system32\svchost.exe
584 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
636 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1044 C:\WINDOWS\explorer.exe
2164 wmiprvse.exe
2172 C:\WINDOWS\system32\wuauclt.exe
2236 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2412 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2420 C:\WINDOWS\system32\igfxtray.exe
2428 C:\WINDOWS\system32\hkcmd.exe
2436 C:\WINDOWS\system32\igfxpers.exe
2452 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2460 C:\PROGRA~1\SYMANT~1\VPTray.exe
2472 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
2508 C:\WINDOWS\system32\igfxsrvc.exe
2572 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2752 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2768 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2844 C:\Program Files\Symantec AntiVirus\DoScan.exe
2896 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2928 C:\Program Files\AWS\WeatherBug\Weather.exe
3144 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3176 C:\WINDOWS\system32\ctfmon.exe
3252 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3264 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3296 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3564 C:\Documents and Settings\Reeves\Desktop\MBRCheck.exe
3820 alg.exe
3964 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC7BP
Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
#37
Posted 15 December 2010 - 12:32 AM
Steve DeVore
- Topic Starter
-
- Member
-
- 140 posts
Member
Everything looks fine on my end, thanks much for all of your time and your sentience, I made a ton of notes, should be OK if I run into this mess again. Much appreciated 
#38
Posted 15 December 2010 - 04:18 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi Steve Devore,
Lets do a final sweep.
Step One
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Step Two
Save these instructions so you can have access to them while in Safe Mode.
Please click here to download AVP Tool by Kaspersky.
Leave the rest of the settings as they appear as default.
Lets do a final sweep.
Step One
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Step Two
Save these instructions so you can have access to them while in Safe Mode.
Please click here to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter. - Double click the setup file to run it.
- Click Next to continue.
- Accept the Licence agreement and click on next
- It will by default install it to your desktop folder.Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
- Then click on Scan at the to right hand Corner.
- It will automatically Neutralize any objects found.
- If some objects are left un-neutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized then chooose The delete option when prompted.
- After that is done click on the reports button at the bottom and save it to file name it Kas.
- Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
#39
Posted 18 December 2010 - 06:47 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi Steve Devore,
Can you please update me if all is good.
Can you please update me if all is good.
Edited by Salagubang, 18 December 2010 - 06:47 PM.
#40
Posted 18 December 2010 - 08:23 PM
Steve DeVore
- Topic Starter
-
- Member
-
- 140 posts
Member
Sorry for the long delay, had a few family plans to take care of fr the holidays. Everything went fine. The laptop is working fine and was returned to the friend who asked me for the help. Thanks for all of you effort and have a good holiday.
#41
Posted 19 December 2010 - 06:29 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi Steve Devore,
Happy Holidays.
But you're not going to miss out my recommention to prevent future infections
++++++++++++++++++++++++++++++++++++
Below are links to several programs that will help protect your computer.
Anti-Spyware
I recommend downloading and installing all of the following applications.
++++++++++++++++++++++++++++++++++++
Other things to keep in mind.
Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.
Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.
Finally, please take the time to read the following articles. Applying this information will help prevent future infections:
How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112
This article will help you understand how you may have gotten infected:
How did I get infected in the first place?
Remember, you have to be smarter than the bad guys! Be safe out there!
Sorry for the long delay, had a few family plans to take care of fr the holidays. Everything went fine. The laptop is working fine and was returned to the friend who asked me for the help. Thanks for all of you effort and have a good holiday.
Happy Holidays.
But you're not going to miss out my recommention to prevent future infections
++++++++++++++++++++++++++++++++++++
Below are links to several programs that will help protect your computer.
Anti-Spyware
I recommend downloading and installing all of the following applications.
- SpywareBlaster keeps spyware from installing on your system - read the tutorial here
- SpywareGuard protects your browser and computer in real time - read the tutorial here
- SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here
++++++++++++++++++++++++++++++++++++
Other things to keep in mind.
Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.
Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
- Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
- ERUNT (Emergency Recovery Utility NT) - a registry backup utility
- Cobian Backup - a very good backup utility - read the tutorial here
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.
Finally, please take the time to read the following articles. Applying this information will help prevent future infections:
How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112
This article will help you understand how you may have gotten infected:
How did I get infected in the first place?
Remember, you have to be smarter than the bad guys! Be safe out there!
#42
Posted 19 December 2010 - 12:26 PM
Steve DeVore
- Topic Starter
-
- Member
-
- 140 posts
Member
I'm downloading some of the software and adding them to my little black box (an external HDD I use to store repair software)
Thanks much
Thanks much
#43
Posted 19 December 2010 - 05:26 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Your welcome.
#44
Posted 20 December 2010 - 02:02 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
