This topic is lockedThen reboot and if the boot fails then use repair my computer
need help removing win32/olmarik.axs [Closed]
Started by
MrJc
, Dec 11 2011 03:23 AM
#46
Posted 12 December 2011 - 01:50 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Then reboot and if the boot fails then use repair my computer
#47
Posted 12 December 2011 - 07:12 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
sorry it's taking me so long to reply to you. first problem is that for the rootkit.win.32backboot.gen i cant delete it i can copy to quaranite or restore it
for the tdss file system i can delete that one not sure what i should do
for the tdss file system i can delete that one not sure what i should do
#48
Posted 13 December 2011 - 12:37 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK next option will be to use Mbrcheck and if that fails then run aswMBR
Run MBRCheck.exe once again.
You will be presented with the following dialog:
Enter Y and press Enter.
The following dialog will be presented:
Enter 2 and press Enter
The following dialog will be presented:
Enter >>2<< and press Enter
The following dialog will be presented:
Enter >>5<< and press Enter
The following dialog will be presented:
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
And last the following dialog will be presented:
Press Enter. A report will be produced on the desktop. Post that report in your next reply.
Run MBRCheck.exe once again.
You will be presented with the following dialog:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter Y and press Enter.
The following dialog will be presented:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Enter 2 and press Enter
The following dialog will be presented:
Enter the physical disk number to fix (0-99, -1 to cancel):
Enter >>2<< and press Enter
The following dialog will be presented:
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:
Enter >>5<< and press Enter
The following dialog will be presented:
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
And last the following dialog will be presented:
Done! Press ENTER to exit...
Press Enter. A report will be produced on the desktop. Post that report in your next reply.
#49
Posted 13 December 2011 - 03:58 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
okay here is your report
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000082fc
Kernel Drivers (total 204):
0x03652000 \SystemRoot\system32\ntoskrnl.exe
0x03609000 \SystemRoot\system32\hal.dll
0x00B9E000 \SystemRoot\system32\kdcom.dll
0x00C71000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C7E000 \SystemRoot\system32\PSHED.dll
0x00C92000 \SystemRoot\system32\CLFS.SYS
0x00CF0000 \SystemRoot\system32\CI.dll
0x00E64000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F08000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01048000 \SystemRoot\System32\Drivers\spaw.sys
0x0117C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01185000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F17000 \SystemRoot\system32\drivers\ACPI.sys
0x011B4000 \SystemRoot\system32\drivers\msisadrv.sys
0x011BE000 \SystemRoot\system32\drivers\vdrvroot.sys
0x011CB000 \SystemRoot\system32\drivers\pci.sys
0x01000000 \SystemRoot\System32\drivers\partmgr.sys
0x01015000 \SystemRoot\system32\drivers\volmgr.sys
0x00F6E000 \SystemRoot\System32\drivers\volmgrx.sys
0x0102A000 \SystemRoot\system32\drivers\pciide.sys
0x01031000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FCA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\drivers\vmbus.sys
0x00E3C000 \SystemRoot\system32\drivers\winhv.sys
0x00E50000 \SystemRoot\system32\drivers\atapi.sys
0x00DB0000 \SystemRoot\system32\drivers\ataport.SYS
0x00E59000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FE4000 \SystemRoot\system32\drivers\fileinfo.sys
0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014F2000 \SystemRoot\System32\Drivers\msrpc.sys
0x01550000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0156B000 \SystemRoot\System32\Drivers\cng.sys
0x015DD000 \SystemRoot\System32\drivers\pcw.sys
0x015EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01668000 \SystemRoot\system32\drivers\ndis.sys
0x0175B000 \SystemRoot\system32\drivers\NETIO.SYS
0x017BB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01815000 \SystemRoot\System32\drivers\tcpip.sys
0x01A19000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A63000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A73000 \SystemRoot\system32\drivers\volsnap.sys
0x01ABF000 \SystemRoot\System32\Drivers\spldr.sys
0x01AC7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B01000 \SystemRoot\System32\Drivers\mup.sys
0x01B13000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B1C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B56000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B6C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01BD2000 \SystemRoot\system32\drivers\cdrom.sys
0x01800000 \SystemRoot\System32\Drivers\Null.SYS
0x01809000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01623000 \SystemRoot\System32\drivers\vga.sys
0x01631000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01656000 \SystemRoot\System32\drivers\watchdog.sys
0x017E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017EF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01400000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01409000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01414000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01425000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01447000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01454000 \SystemRoot\system32\drivers\afd.sys
0x04085000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040CA000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x0415F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04168000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0418E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0419D000 \SystemRoot\system32\DRIVERS\serial.sys
0x041BA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041D5000 \SystemRoot\system32\drivers\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\drivers\mssmbios.sys
0x04068000 \SystemRoot\System32\drivers\discache.sys
0x0426C000 \SystemRoot\system32\drivers\csc.sys
0x042EF000 \SystemRoot\System32\Drivers\dfsc.sys
0x0430D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0431E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04344000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x132C4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x13F38000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x04431000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04525000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0456B000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0458F000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x045BF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045C1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x13F3A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045DD000 \SystemRoot\system32\DRIVERS\serenum.sys
0x045E9000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x13F90000 \SystemRoot\system32\drivers\1394ohci.sys
0x13200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x13253000 \SystemRoot\System32\Drivers\a6qj9s5k.SYS
0x045F1000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04400000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04410000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04413000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x13297000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x132A0000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x04359000 \SystemRoot\system32\DRIVERS\portcls.sys
0x13FCE000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04396000 \SystemRoot\system32\DRIVERS\ks.sys
0x045FA000 \SystemRoot\system32\drivers\ksthunk.sys
0x043D9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x13FF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04224000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x013CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00C4C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x132AF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04253000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0442C000 \SystemRoot\system32\drivers\swenum.sys
0x041E9000 \SystemRoot\system32\drivers\umbus.sys
0x013E8000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04C54000 \SystemRoot\system32\drivers\usbhub.sys
0x04CAE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04CBB000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x04CC3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CD8000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05A27000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05C4E000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C5A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05C68000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05C74000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05C7D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05C90000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05CAD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05CBB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05CC9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05CE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05E00000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x05CF2000 \SystemRoot\system32\drivers\usbaudio.sys
0x05D0D000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x05D5F000 \SystemRoot\system32\drivers\luafv.sys
0x04D05000 \SystemRoot\system32\DRIVERS\eamon.sys
0x05D82000 \SystemRoot\system32\drivers\WudfPf.sys
0x05DA3000 \SystemRoot\System32\Drivers\exfat.SYS
0x05DD8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x070DC000 \SystemRoot\system32\drivers\HTTP.sys
0x071A5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x071C3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0702D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0707A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0709E000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys
0x070A7000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x070C7000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x078C1000 \SystemRoot\system32\drivers\peauth.sys
0x07967000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07972000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x079A3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07A0F000 \SystemRoot\System32\DRIVERS\srv.sys
0x07AA7000 \??\C:\Windows\system32\drivers\mbam.sys
0x77810000 \Windows\System32\ntdll.dll
0x47840000 \Windows\System32\smss.exe
0xFFB30000 \Windows\System32\apisetschema.dll
0xFF100000 \Windows\System32\autochk.exe
0x776F0000 \Windows\System32\kernel32.dll
0x779E0000 \Windows\System32\psapi.dll
0x775F0000 \Windows\System32\user32.dll
0xFFB10000 \Windows\System32\lpk.dll
0xFFAC0000 \Windows\System32\ws2_32.dll
0xFFAB0000 \Windows\System32\nsi.dll
0x774A0000 \Windows\System32\urlmon.dll
0xFED20000 \Windows\System32\shell32.dll
0xFECC0000 \Windows\System32\Wldap32.dll
0xFECA0000 \Windows\System32\sechost.dll
0xFEA90000 \Windows\System32\ole32.dll
0xFEA10000 \Windows\System32\shlwapi.dll
0x779D0000 \Windows\System32\normaliz.dll
0xFE9A0000 \Windows\System32\gdi32.dll
0xFE900000 \Windows\System32\comdlg32.dll
0xFE720000 \Windows\System32\setupapi.dll
0xFE680000 \Windows\System32\msvcrt.dll
0xFE600000 \Windows\System32\difxapi.dll
0xFE4F0000 \Windows\System32\msctf.dll
0xFE4D0000 \Windows\System32\imagehlp.dll
0xFE3F0000 \Windows\System32\oleaut32.dll
0xFE320000 \Windows\System32\usp10.dll
0xFE280000 \Windows\System32\clbcatq.dll
0xFE250000 \Windows\System32\imm32.dll
0x77290000 \Windows\System32\iertutil.dll
0x77130000 \Windows\System32\wininet.dll
0xFE170000 \Windows\System32\advapi32.dll
0xFE040000 \Windows\System32\rpcrt4.dll
0xFDFD0000 \Windows\System32\KernelBase.dll
0xFDF90000 \Windows\System32\wintrust.dll
0xFDEF0000 \Windows\System32\comctl32.dll
0xFDD80000 \Windows\System32\crypt32.dll
0xFDD60000 \Windows\System32\devobj.dll
0xFDD20000 \Windows\System32\cfgmgr32.dll
0xFDD10000 \Windows\System32\msasn1.dll
0x760B0000 \Windows\SysWOW64\normaliz.dll
Processes (total 66):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
484 csrss.exe
552 C:\Windows\System32\wininit.exe
584 csrss.exe
608 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
880 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
924 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
372 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
1060 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\svchost.exe
1312 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1324 C:\Windows\System32\nvvsvc.exe
1364 C:\Windows\System32\svchost.exe
1440 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1796 C:\Windows\System32\dwm.exe
1820 C:\Windows\explorer.exe
2024 C:\Program Files\Classic Shell\ClassicStartMenu.exe
1048 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1180 C:\Windows\System32\spoolsv.exe
1400 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\taskhost.exe
1660 P:\Program Files\NIK\egui.exe
2012 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2116 P:\Program Files\NIK\x86\ekrn.exe
2124 P:\Programfiles\ZoneAlarm\zlclient.exe
2164 C:\Windows\System32\svchost.exe
2196 C:\Windows\SysWOW64\nlssrv32.exe
2244 C:\Windows\SysWOW64\PnkBstrA.exe
2304 C:\Windows\System32\svchost.exe
2576 C:\Windows\System32\taskeng.exe
2676 C:\Windows\DAODx.exe
2828 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2348 C:\Windows\System32\SearchIndexer.exe
3000 C:\Windows\System32\svchost.exe
3084 C:\Windows\System32\taskhost.exe
3220 C:\Program Files\Windows Media Player\wmpnetwk.exe
3628 WmiPrvSE.exe
3932 C:\Windows\System32\svchost.exe
2648 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
364 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2220 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
480 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3060 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3336 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3396 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2388 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3044 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2768 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3300 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4056 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1892 C:\Windows\System32\SearchProtocolHost.exe
6000 C:\Windows\System32\SearchFilterHost.exe
4540 C:\Windows\System32\dllhost.exe
5652 C:\Users\jc\Desktop\MBRCheck.exe
5660 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000004`e22cec00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\J: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (exFAT)
\\.\P: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive2 Model Number: ST3200822AS, Rev: 3.02
PhysicalDrive1 Model Number: ST3500630AS, Rev: 3.AAK
PhysicalDrive3 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive4 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: E833A7327C8056CA7298E327AE7061B946E3F257
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive4 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 2Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000082fc
Kernel Drivers (total 204):
0x03652000 \SystemRoot\system32\ntoskrnl.exe
0x03609000 \SystemRoot\system32\hal.dll
0x00B9E000 \SystemRoot\system32\kdcom.dll
0x00C71000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C7E000 \SystemRoot\system32\PSHED.dll
0x00C92000 \SystemRoot\system32\CLFS.SYS
0x00CF0000 \SystemRoot\system32\CI.dll
0x00E64000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F08000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01048000 \SystemRoot\System32\Drivers\spaw.sys
0x0117C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01185000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F17000 \SystemRoot\system32\drivers\ACPI.sys
0x011B4000 \SystemRoot\system32\drivers\msisadrv.sys
0x011BE000 \SystemRoot\system32\drivers\vdrvroot.sys
0x011CB000 \SystemRoot\system32\drivers\pci.sys
0x01000000 \SystemRoot\System32\drivers\partmgr.sys
0x01015000 \SystemRoot\system32\drivers\volmgr.sys
0x00F6E000 \SystemRoot\System32\drivers\volmgrx.sys
0x0102A000 \SystemRoot\system32\drivers\pciide.sys
0x01031000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FCA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\drivers\vmbus.sys
0x00E3C000 \SystemRoot\system32\drivers\winhv.sys
0x00E50000 \SystemRoot\system32\drivers\atapi.sys
0x00DB0000 \SystemRoot\system32\drivers\ataport.SYS
0x00E59000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FE4000 \SystemRoot\system32\drivers\fileinfo.sys
0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014F2000 \SystemRoot\System32\Drivers\msrpc.sys
0x01550000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0156B000 \SystemRoot\System32\Drivers\cng.sys
0x015DD000 \SystemRoot\System32\drivers\pcw.sys
0x015EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01668000 \SystemRoot\system32\drivers\ndis.sys
0x0175B000 \SystemRoot\system32\drivers\NETIO.SYS
0x017BB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01815000 \SystemRoot\System32\drivers\tcpip.sys
0x01A19000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A63000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A73000 \SystemRoot\system32\drivers\volsnap.sys
0x01ABF000 \SystemRoot\System32\Drivers\spldr.sys
0x01AC7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B01000 \SystemRoot\System32\Drivers\mup.sys
0x01B13000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B1C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B56000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B6C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01BD2000 \SystemRoot\system32\drivers\cdrom.sys
0x01800000 \SystemRoot\System32\Drivers\Null.SYS
0x01809000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01623000 \SystemRoot\System32\drivers\vga.sys
0x01631000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01656000 \SystemRoot\System32\drivers\watchdog.sys
0x017E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017EF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01400000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01409000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01414000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01425000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01447000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01454000 \SystemRoot\system32\drivers\afd.sys
0x04085000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040CA000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x0415F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04168000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0418E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0419D000 \SystemRoot\system32\DRIVERS\serial.sys
0x041BA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041D5000 \SystemRoot\system32\drivers\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\drivers\mssmbios.sys
0x04068000 \SystemRoot\System32\drivers\discache.sys
0x0426C000 \SystemRoot\system32\drivers\csc.sys
0x042EF000 \SystemRoot\System32\Drivers\dfsc.sys
0x0430D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0431E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04344000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x132C4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x13F38000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x04431000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04525000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0456B000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0458F000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x045BF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045C1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x13F3A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045DD000 \SystemRoot\system32\DRIVERS\serenum.sys
0x045E9000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x13F90000 \SystemRoot\system32\drivers\1394ohci.sys
0x13200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x13253000 \SystemRoot\System32\Drivers\a6qj9s5k.SYS
0x045F1000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04400000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04410000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04413000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x13297000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x132A0000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x04359000 \SystemRoot\system32\DRIVERS\portcls.sys
0x13FCE000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04396000 \SystemRoot\system32\DRIVERS\ks.sys
0x045FA000 \SystemRoot\system32\drivers\ksthunk.sys
0x043D9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x13FF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04224000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x013CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00C4C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x132AF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04253000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0442C000 \SystemRoot\system32\drivers\swenum.sys
0x041E9000 \SystemRoot\system32\drivers\umbus.sys
0x013E8000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04C54000 \SystemRoot\system32\drivers\usbhub.sys
0x04CAE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04CBB000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x04CC3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CD8000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05A27000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05C4E000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C5A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05C68000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05C74000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05C7D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05C90000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05CAD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05CBB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05CC9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05CE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05E00000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x05CF2000 \SystemRoot\system32\drivers\usbaudio.sys
0x05D0D000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x05D5F000 \SystemRoot\system32\drivers\luafv.sys
0x04D05000 \SystemRoot\system32\DRIVERS\eamon.sys
0x05D82000 \SystemRoot\system32\drivers\WudfPf.sys
0x05DA3000 \SystemRoot\System32\Drivers\exfat.SYS
0x05DD8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x070DC000 \SystemRoot\system32\drivers\HTTP.sys
0x071A5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x071C3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0702D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0707A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0709E000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys
0x070A7000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x070C7000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x078C1000 \SystemRoot\system32\drivers\peauth.sys
0x07967000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07972000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x079A3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07A0F000 \SystemRoot\System32\DRIVERS\srv.sys
0x07AA7000 \??\C:\Windows\system32\drivers\mbam.sys
0x77810000 \Windows\System32\ntdll.dll
0x47840000 \Windows\System32\smss.exe
0xFFB30000 \Windows\System32\apisetschema.dll
0xFF100000 \Windows\System32\autochk.exe
0x776F0000 \Windows\System32\kernel32.dll
0x779E0000 \Windows\System32\psapi.dll
0x775F0000 \Windows\System32\user32.dll
0xFFB10000 \Windows\System32\lpk.dll
0xFFAC0000 \Windows\System32\ws2_32.dll
0xFFAB0000 \Windows\System32\nsi.dll
0x774A0000 \Windows\System32\urlmon.dll
0xFED20000 \Windows\System32\shell32.dll
0xFECC0000 \Windows\System32\Wldap32.dll
0xFECA0000 \Windows\System32\sechost.dll
0xFEA90000 \Windows\System32\ole32.dll
0xFEA10000 \Windows\System32\shlwapi.dll
0x779D0000 \Windows\System32\normaliz.dll
0xFE9A0000 \Windows\System32\gdi32.dll
0xFE900000 \Windows\System32\comdlg32.dll
0xFE720000 \Windows\System32\setupapi.dll
0xFE680000 \Windows\System32\msvcrt.dll
0xFE600000 \Windows\System32\difxapi.dll
0xFE4F0000 \Windows\System32\msctf.dll
0xFE4D0000 \Windows\System32\imagehlp.dll
0xFE3F0000 \Windows\System32\oleaut32.dll
0xFE320000 \Windows\System32\usp10.dll
0xFE280000 \Windows\System32\clbcatq.dll
0xFE250000 \Windows\System32\imm32.dll
0x77290000 \Windows\System32\iertutil.dll
0x77130000 \Windows\System32\wininet.dll
0xFE170000 \Windows\System32\advapi32.dll
0xFE040000 \Windows\System32\rpcrt4.dll
0xFDFD0000 \Windows\System32\KernelBase.dll
0xFDF90000 \Windows\System32\wintrust.dll
0xFDEF0000 \Windows\System32\comctl32.dll
0xFDD80000 \Windows\System32\crypt32.dll
0xFDD60000 \Windows\System32\devobj.dll
0xFDD20000 \Windows\System32\cfgmgr32.dll
0xFDD10000 \Windows\System32\msasn1.dll
0x760B0000 \Windows\SysWOW64\normaliz.dll
Processes (total 66):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
484 csrss.exe
552 C:\Windows\System32\wininit.exe
584 csrss.exe
608 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
880 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
924 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
372 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
1060 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\svchost.exe
1312 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1324 C:\Windows\System32\nvvsvc.exe
1364 C:\Windows\System32\svchost.exe
1440 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1796 C:\Windows\System32\dwm.exe
1820 C:\Windows\explorer.exe
2024 C:\Program Files\Classic Shell\ClassicStartMenu.exe
1048 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1180 C:\Windows\System32\spoolsv.exe
1400 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\taskhost.exe
1660 P:\Program Files\NIK\egui.exe
2012 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2116 P:\Program Files\NIK\x86\ekrn.exe
2124 P:\Programfiles\ZoneAlarm\zlclient.exe
2164 C:\Windows\System32\svchost.exe
2196 C:\Windows\SysWOW64\nlssrv32.exe
2244 C:\Windows\SysWOW64\PnkBstrA.exe
2304 C:\Windows\System32\svchost.exe
2576 C:\Windows\System32\taskeng.exe
2676 C:\Windows\DAODx.exe
2828 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2348 C:\Windows\System32\SearchIndexer.exe
3000 C:\Windows\System32\svchost.exe
3084 C:\Windows\System32\taskhost.exe
3220 C:\Program Files\Windows Media Player\wmpnetwk.exe
3628 WmiPrvSE.exe
3932 C:\Windows\System32\svchost.exe
2648 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
364 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2220 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
480 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3060 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3336 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3396 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2388 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3044 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2768 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3300 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4056 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4000 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1892 C:\Windows\System32\SearchProtocolHost.exe
6000 C:\Windows\System32\SearchFilterHost.exe
4540 C:\Windows\System32\dllhost.exe
5652 C:\Users\jc\Desktop\MBRCheck.exe
5660 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000004`e22cec00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\J: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (exFAT)
\\.\P: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive2 Model Number: ST3200822AS, Rev: 3.02
PhysicalDrive1 Model Number: ST3500630AS, Rev: 3.AAK
PhysicalDrive3 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive4 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: E833A7327C8056CA7298E327AE7061B946E3F257
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive4 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 2Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
#50
Posted 13 December 2011 - 04:21 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you now re-run MBRcheck to see if it is reporting windows 7 code and is eset still alerting ?
#51
Posted 13 December 2011 - 04:37 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
yeah its still there
says unkown mbrcode on physical drive2 and eset still says infected
says unkown mbrcode on physical drive2 and eset still says infected
Edited by MrJc, 13 December 2011 - 04:37 PM.
#52
Posted 13 December 2011 - 04:39 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK it is now aswMBR's turn
Although if we had the recovery console would be a piece of cake
Anyway
Re-Run aswMBR
Click Scan
On completion of the scanClick the Fix Button if that is unavailable then press the FIXMBR button
Save the log as before and post in your next reply
Although if we had the recovery console would be a piece of cake
Anyway
Re-Run aswMBR
Click Scan
On completion of the scanClick the Fix Button if that is unavailable then press the FIXMBR button
Save the log as before and post in your next reply
#53
Posted 13 December 2011 - 06:16 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
Yea sorry about that, it just recenlty stopped working (my dvd drive )
and here is the scan info
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-13 18:13:41
-----------------------------
18:13:41.909 OS Version: Windows x64 6.1.7601 Service Pack 1
18:13:41.909 Number of processors: 3 586 0x402
18:13:41.909 ComputerName: JC-PC UserName: jc
18:13:43.391 Initialize success
18:13:45.905 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:13:45.906 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
18:13:45.907 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
18:13:45.908 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
18:13:45.909 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
18:13:45.911 Disk 2 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
18:13:45.922 Disk 2 MBR read successfully
18:13:45.924 Disk 2 MBR scan
18:13:45.925 Disk 2 TDL4@MBR code has been found
18:13:45.927 Disk 2 MBR [TDL4] **ROOTKIT**
18:13:45.929 Service scanning
18:13:47.733 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:13:47.801 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
18:13:48.357 Modules scanning
18:13:48.687 Disk 2 trace - called modules:
18:13:48.691 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009a322c0]<<
18:13:48.694 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800ab10060]
18:13:48.697 3 CLASSPNP.SYS[fffff88001b5c43f] -> nt!IofCallDriver -> [0xfffffa800a8fd520]
18:13:48.701 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800a8ed060]
18:13:48.704 \Driver\atapi[0xfffffa8009b64960] -> IRP_MJ_CREATE -> 0xfffffa8009a322c0
18:13:48.708 Scan finished successfully
18:14:05.894 Disk 2 MBR has been saved successfully to "C:\Users\jc\Desktop\MBR.dat"
18:14:05.898 The log file has been saved successfully to "C:\Users\jc\Desktop\nweestaswMBR.txt"
and here is the scan info
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-13 18:13:41
-----------------------------
18:13:41.909 OS Version: Windows x64 6.1.7601 Service Pack 1
18:13:41.909 Number of processors: 3 586 0x402
18:13:41.909 ComputerName: JC-PC UserName: jc
18:13:43.391 Initialize success
18:13:45.905 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:13:45.906 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
18:13:45.907 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
18:13:45.908 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
18:13:45.909 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
18:13:45.911 Disk 2 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
18:13:45.922 Disk 2 MBR read successfully
18:13:45.924 Disk 2 MBR scan
18:13:45.925 Disk 2 TDL4@MBR code has been found
18:13:45.927 Disk 2 MBR [TDL4] **ROOTKIT**
18:13:45.929 Service scanning
18:13:47.733 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:13:47.801 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
18:13:48.357 Modules scanning
18:13:48.687 Disk 2 trace - called modules:
18:13:48.691 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009a322c0]<<
18:13:48.694 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800ab10060]
18:13:48.697 3 CLASSPNP.SYS[fffff88001b5c43f] -> nt!IofCallDriver -> [0xfffffa800a8fd520]
18:13:48.701 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800a8ed060]
18:13:48.704 \Driver\atapi[0xfffffa8009b64960] -> IRP_MJ_CREATE -> 0xfffffa8009a322c0
18:13:48.708 Scan finished successfully
18:14:05.894 Disk 2 MBR has been saved successfully to "C:\Users\jc\Desktop\MBR.dat"
18:14:05.898 The log file has been saved successfully to "C:\Users\jc\Desktop\nweestaswMBR.txt"
#54
Posted 14 December 2011 - 12:22 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you re-run aswMBR and press fix if available, if not then fixmbr
The XP was the one infected with the bootkit - hence the keyboard no longer working
The XP was the one infected with the bootkit - hence the keyboard no longer working
#55
Posted 14 December 2011 - 02:12 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
when i ran it the first time i did press fixmbr since it gave no option to hit fix than it restarted my comp and i re scanned and put that log in the post but ill re run it again and see what happens
Edited by MrJc, 14 December 2011 - 02:24 PM.
#56
Posted 14 December 2011 - 03:06 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 14:25:40
-----------------------------
14:25:40.544 OS Version: Windows x64 6.1.7601 Service Pack 1
14:25:40.544 Number of processors: 3 586 0x402
14:25:40.544 ComputerName: JC-PC UserName: jc
14:25:43.064 Initialize success
14:25:45.304 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:25:45.305 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
14:25:45.306 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
14:25:45.307 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
14:25:45.309 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
14:25:45.310 Disk 2 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
14:25:45.319 Disk 2 MBR read successfully
14:25:45.321 Disk 2 MBR scan
14:25:45.322 Disk 2 TDL4@MBR code has been found
14:25:45.324 Disk 2 MBR [TDL4] **ROOTKIT**
14:25:45.326 Service scanning
14:25:49.975 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:25:50.718 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
14:25:51.515 Modules scanning
14:25:51.518 Disk 2 trace - called modules:
14:25:51.530 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009aeb2c0]<<
14:25:51.533 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800ab0e790]
14:25:51.537 3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> [0xfffffa800a926520]
14:25:51.541 5 ACPI.sys[fffff880011a97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800a91b060]
14:25:51.544 \Driver\atapi[0xfffffa8009b69e70] -> IRP_MJ_CREATE -> 0xfffffa8009aeb2c0
14:25:51.548 Scan finished successfully
14:26:00.815 Disk 2 MBR read successfully
14:26:00.817 Disk 2 TDL4@MBR code has been found
14:26:00.819 Disk 2 fixing MBR ...
14:26:10.823 Disk 2 MBR restored successfully
14:26:10.955 Verifying
14:26:25.614 Disk 2 MBR fix error
14:26:38.064 Disk 2 MBR has been saved successfully to "C:\Users\jc\Desktop\MBR.dat"
14:26:38.067 The log file has been saved successfully to "C:\Users\jc\Desktop\aswMBR11.txt"
the reason it says mbr fix error is that i hit no to restart right away i saved the log first than restarted my comp
Run date: 2011-12-14 14:25:40
-----------------------------
14:25:40.544 OS Version: Windows x64 6.1.7601 Service Pack 1
14:25:40.544 Number of processors: 3 586 0x402
14:25:40.544 ComputerName: JC-PC UserName: jc
14:25:43.064 Initialize success
14:25:45.304 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:25:45.305 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
14:25:45.306 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
14:25:45.307 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
14:25:45.309 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
14:25:45.310 Disk 2 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
14:25:45.319 Disk 2 MBR read successfully
14:25:45.321 Disk 2 MBR scan
14:25:45.322 Disk 2 TDL4@MBR code has been found
14:25:45.324 Disk 2 MBR [TDL4] **ROOTKIT**
14:25:45.326 Service scanning
14:25:49.975 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:25:50.718 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
14:25:51.515 Modules scanning
14:25:51.518 Disk 2 trace - called modules:
14:25:51.530 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009aeb2c0]<<
14:25:51.533 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800ab0e790]
14:25:51.537 3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> [0xfffffa800a926520]
14:25:51.541 5 ACPI.sys[fffff880011a97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800a91b060]
14:25:51.544 \Driver\atapi[0xfffffa8009b69e70] -> IRP_MJ_CREATE -> 0xfffffa8009aeb2c0
14:25:51.548 Scan finished successfully
14:26:00.815 Disk 2 MBR read successfully
14:26:00.817 Disk 2 TDL4@MBR code has been found
14:26:00.819 Disk 2 fixing MBR ...
14:26:10.823 Disk 2 MBR restored successfully
14:26:10.955 Verifying
14:26:25.614 Disk 2 MBR fix error
14:26:38.064 Disk 2 MBR has been saved successfully to "C:\Users\jc\Desktop\MBR.dat"
14:26:38.067 The log file has been saved successfully to "C:\Users\jc\Desktop\aswMBR11.txt"
the reason it says mbr fix error is that i hit no to restart right away i saved the log first than restarted my comp
#57
Posted 14 December 2011 - 03:21 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Allow it to reboot as soon as you press fix... But I feel that we are going to have to wait until you can get the CD fixed
#58
Posted 14 December 2011 - 05:09 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
ha it seems like that to me too if i can pick up a usb i can make it bootable and run that. i have the iso of windows on my comp on diffrent drives for safe keeping. I just have no money lucky tho that its not causing problems on my current system i should be able to get a new dvd drive on friday
Edited by MrJc, 14 December 2011 - 05:09 PM.
#59
Posted 15 December 2011 - 12:45 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Funny you should say that as it struck me today that we could USB it
IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.
NOW
Boot from the flash drive to the Reatogo desktop
There will be an MBRFix icon on the desktop
Select that and in the box that open type the following :
MBRFix /drive 2 fixmbr /win7
Reboot to normal windows and see if the TDL has gone
IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.
-
- Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
- Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
- Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
- Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
- Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
- Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
- Please also decompress eeepcfr to your systemroot (usually C:\).
- Empty the flash drive you want to install OTLPE on.
- Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
- Press any key when asked to in the black window that opens.
- As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.
- Click on Start, accept the disclaimers and wait for the program to finish.
NOW
Boot from the flash drive to the Reatogo desktop
There will be an MBRFix icon on the desktop
Select that and in the box that open type the following :
MBRFix /drive 2 fixmbr /win7
Reboot to normal windows and see if the TDL has gone
#60
Posted 15 December 2011 - 04:57 PM
MrJc
- Topic Starter
-
- Member
-
- 37 posts
Member
sweet ill try this either today or tommorrow when i can get my hands on a flash drive hmmm I'm a digital photography major in college u think i would be able to use my cf card instead? (has an attachment to plug it into usb port) since its basicaly the same thing as a flash drive?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
