Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

get-answers-fast redirects, slow loading vista system


  • Please log in to reply

#46
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Cheesewad malware clowns saw that coming:

System pid: 4 \<unable to open process>


That's where they are running unseen threads I was hoping to catch, and suspend. If they are there, and that System process being blocked suggests they are. And stop their monitoring, and blocking/interfering with tools. No, you posted the log, so no need to send it as email.

For right now, run RogueKiller again. When prompted, type 6 (Shortcut HJFix) and then press Enter. Post that resulting log please.
  • 0

Advertisements


#47
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: cormact [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/16/2012 19:26:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 154 / Fail 0
My documents: Success 3 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 111 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#48
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Sure looks good. Try ComboFix again please.
  • 0

#49
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ran Combofix overnight - 10hrs.
Same result ....
Scanning for infested files
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double.
...... and this is as far as the scan progressed.
  • 0

#50
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hmm. Handle being blocked from looking at the System process suggests something is loading early, then loading it's own handles, and guarding them.

22:29:02.184 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
22:29:02.216 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
22:29:02.247 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225595 MB offset 21133312
22:29:02.262 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
22:29:02.294 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920

Right click Computer, left click Manage - Disk Management. The list above references the partitions that should show in that display (Partitions 1, 2 , 3, 4). Dell has some unusual partitions, but I am curious about that #4, shown as a DOS partition. Do you recognize that through your knowledge of your system there?

If you can, go to Start, All Programs, Accessories, Snipping Tool. Make a snapshot of that Disk Management display, save that, and either attach it here, upload to a free site like PhotoBucket, or zip and email it to me please.
  • 0

#51
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Also download MBRCheck.exe to your Desktop. Run the application, save the log and post that here please.
  • 0

#52
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
This is a print screen of the computer management display.
Should I be looking for something Specific?

Disk Management.jpg
  • 0

#53
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Looks like Skype running there. That can be a fair resource waster, so if you do not use it regularly, you may want to open it, and look for the option to disable it from startup (just run it when you want to use it).

That 2.5 Mb partition is curious. See what MBRCheck picks up.
  • 0

#54
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I read the last part of your post after I sent the screen shot of comp mgmt display.
Is that OK, or do I still need to use the snipping tool method?

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x82007000 \SystemRoot\system32\ntkrnlpa.exe
0x823C1000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8078B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80799000 \SystemRoot\system32\drivers\pciide.sys
0x807A0000 \SystemRoot\System32\drivers\mountmgr.sys
0x8260A000 \SystemRoot\system32\drivers\iastorv.sys
0x826AA000 \SystemRoot\system32\drivers\iastor.sys
0x82768000 \SystemRoot\system32\drivers\atapi.sys
0x82770000 \SystemRoot\system32\drivers\ataport.SYS
0x8278E000 \SystemRoot\system32\drivers\fltmgr.sys
0x827C0000 \SystemRoot\system32\drivers\fileinfo.sys
0x827D0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A471000 \SystemRoot\system32\drivers\ndis.sys
0x8A57C000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A600000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A801000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A911000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94A000 \SystemRoot\System32\Drivers\spldr.sys
0x8A952000 \SystemRoot\System32\Drivers\mup.sys
0x8A961000 \SystemRoot\System32\drivers\ecache.sys
0x8A988000 \SystemRoot\system32\drivers\disk.sys
0x8A999000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9BA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9D0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9DB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A9E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E604000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF55000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8EF57000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A9F3000 \SystemRoot\System32\drivers\watchdog.sys
0x8A7C3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x807B0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F00E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F200000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8F429000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8F458000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F468000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F476000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8F490000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8F49E000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8F4B2000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F503000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F516000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F541000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F543000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F54E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F559000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F55D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F566000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F595000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F09B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F0A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F0C9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F0D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F0EC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F101000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F5F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F111000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F13B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F145000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F152000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F187000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F198000 \SystemRoot\system32\drivers\stwrt.sys
0x805B7000 \SystemRoot\system32\drivers\portcls.sys
0x827D9000 \SystemRoot\system32\drivers\drmk.sys
0x8F1ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F1F6000 \SystemRoot\System32\Drivers\Null.SYS
0x8F000000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F007000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A7DD000 \SystemRoot\System32\drivers\vga.sys
0x8FA09000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FA2A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FA32000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FA3A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FA45000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FA53000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FA5C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FA72000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FA86000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FAB8000 \SystemRoot\system32\drivers\afd.sys
0x8FB00000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8FB09000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FB1F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FB2D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FB40000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FB7C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FB86000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FB9D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A705000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8FBAA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FBC3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FBDA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x99C0A000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x99C44000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x998D0000 \SystemRoot\System32\win32k.sys
0x99C46000 \SystemRoot\System32\drivers\Dxapi.sys
0x99C50000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x99C5D000 \SystemRoot\System32\Drivers\bthport.sys
0x99CDD000 \SystemRoot\System32\Drivers\tcusb.sys
0x99CE7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x99CF0000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x99D19000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x99D23000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x99D3D000 \SystemRoot\system32\drivers\btwavdt.sys
0x9C604000 \SystemRoot\system32\drivers\btwaudio.sys
0x9C67F000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9C682000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9C68C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99AF0000 \SystemRoot\System32\TSDDD.dll
0x99B10000 \SystemRoot\System32\cdd.dll
0x9C69B000 \SystemRoot\system32\drivers\luafv.sys
0x9C6BE000 \SystemRoot\system32\drivers\spsys.sys
0x9C76E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C77E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C7A8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C7B2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0E00000 \SystemRoot\system32\drivers\HTTP.sys
0xA0E6D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0E8A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0EA3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0EC2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0EFB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0F13000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0F3B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2800000 \SystemRoot\system32\drivers\peauth.sys
0xA28DE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA28E8000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2910000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA291C000 \SystemRoot\system32\drivers\MSPQM.sys
0xA291E000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0xA2920000 \??\C:\Windows\system32\Drivers\PROCEXP141.SYS
0xA2941000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xA2943000 \??\C:\Users\cormact\AppData\Local\Temp\catchme.sys
0x99B20000 \SystemRoot\System32\ATMFD.DLL
0x77920000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
572 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\audiodg.exe
1132 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\SLsvc.exe
1176 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\winlogon.exe
1352 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\wlanext.exe
1608 C:\Windows\System32\spoolsv.exe
1820 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
1164 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
632 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1340 C:\Windows\System32\AEstSrv.exe
1456 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\svchost.exe
1844 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2032 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
756 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2088 C:\Windows\System32\stacsv.exe
2120 C:\Windows\System32\svchost.exe
2148 C:\Windows\System32\svchost.exe
2172 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2276 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2800 C:\Windows\System32\dwm.exe
2844 C:\Windows\System32\taskeng.exe
2908 C:\Windows\explorer.exe
3408 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3420 C:\Windows\OEM02Mon.exe
3428 C:\Windows\WindowsMobile\wmdc.exe
3472 C:\Program Files\Dell\MediaDirect\PCMService.exe
3480 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
3488 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3512 C:\Windows\System32\rundll32.exe
3556 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3572 C:\Windows\ehome\ehtray.exe
3580 C:\Program Files\Skype\Phone\Skype.exe
3596 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3604 C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
3612 C:\Program Files\Dell\QuickSet\quickset.exe
3664 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3700 C:\Windows\System32\svchost.exe
3752 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
3852 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3932 C:\Windows\ehome\ehmsas.exe
3944 C:\Program Files\Fingerprint Reader Suite\psqltray.exe
4052 C:\Program Files\Browny02\BrYNSvc.exe
2056 WmiPrvSE.exe
532 C:\Program Files\Windows Media Player\wmpnscfg.exe
1172 C:\Program Files\Windows Media Player\wmpnetwk.exe
368 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
220 C:\Windows\System32\SearchIndexer.exe
3508 C:\Windows\System32\wbem\unsecapp.exe
4128 C:\Windows\System32\svchost.exe
4864 C:\Windows\System32\taskeng.exe
5824 C:\Program Files\Mozilla Firefox\firefox.exe
5488 C:\Windows\System32\taskeng.exe
5420 C:\Program Files\Mozilla Firefox\plugin-container.exe
5328 C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
4516 C:\Program Files\Java\jre6\bin\java.exe
6008 C:\Program Files\Mozilla Firefox\plugin-container.exe
4852 C:\Program Files\Mozilla Firefox\plugin-container.exe
5332 C:\Program Files\Real\RealPlayer\Update\realsched.exe
3732 C:\Program Files\Mozilla Firefox\plugin-container.exe
4880 C:\Windows\System32\mmc.exe
4756 C:\Windows\System32\vds.exe
4828 C:\Windows\System32\SearchProtocolHost.exe
836 C:\Windows\System32\SearchFilterHost.exe
1864 C:\Windows\System32\dllhost.exe
3376 dllhost.exe
5312 dllhost.exe
5684 C:\Users\cormact\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2546GSX, Rev: LB012D

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
  • 0

#55
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Thinking time. I will review these many logs, and post back a little later.
  • 0

Advertisements


#56
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Please zip a copy of this file, and email it to me as an attachment:

C:\Users\cormact\Downloads\MBR.dat

jintan at malwarecrypt.com - subject builder4580/g2g/mbr.
  • 0

#57
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I've opened zipped files before, but I have never zipped a file.
I use jZip to extract zipped files, but am not having success at zipping a .DAT file.
When I open jZip, I get a message - "jZip could not create temp folder"
When I click on OK, jZip opens but only the New Archive,Open Archive, and Style icons are active.
Add, Extract, and View icons are greyed out (inactive).
Not sure if it is me, the file type, or the program that is the problem.

I opened this gibberish (to me!)in Open Office which may mean something to you.
Where do I go from here? From what I can glean from the web, I need to determine what kind of
file it is - video,email attachment,pic etc.

3ÀŽÐ¼#|ŽÀŽØ¾#|¿##¹##üó¤Ph##Ëû¹##½¾#€~##|##…##ƒÅ#âñÍ#ˆV#UÆF##ÆF##´A»ªUÍ#]r#?ûUªu ÷Á##t#þF#f`€~##t&fh####fÿv#h##h#|h##h##´BŠV#‹ôÍ#ŸƒÄ#žë#¸##»#|ŠV#Šv#ŠN#Šn#Í#fas#þN##…
#€~#€#„Š#²€ë‚U2äŠV#Í#]ëœ?>þ}Uªunÿv#èŠ##…##°Ñædè#°ßæ`èx#°ÿædèq#¸#»Í#f#Àu;f?ûTCPAu2?ù##r,
fh#»##fh####fh####fSfSfUfh####fh#|##fah###Í#Z2öê#|##Í# ·#ë# ¶#ë# µ#2ä###‹ð¬<#tü»##´#Í#ëò+Éädë#$#àø$#ÃInvalid partition table#Error loading operating system#Missing operating system####bz™##########Þþ? ?###Ks####
#þÿÿ#x####@#€þÿÿ#þÿÿ#xB##؉##þÿÿ#þÿÿ#PÌ###P#Uª

Edited by builder4580, 18 January 2012 - 06:33 PM.

  • 0

#58
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No, OpenOffice's Writer wasn't intended to read that file. Right click the file - SendTo - Compressed (zipped) Folder. That will create a zipped copy of that file in the same location. Send that zipped file please.
  • 0

#59
builder4580

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
When I click on - Compressed (zipped) Folder
I get the message
Unable to complete the operation.
Access is denied.
  • 0

#60
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I have no idea why, but only just now yahoo email alerted me of two new emails, and then I still had to search for unread emails to locate those you sent me. So truly sorry for the delay. I received the MBR, thanks. Looks okay, and matches other mbr's scanned recently (so suggests a known, system's mbr).

Windows needs to install driver software for your Matshita DVD+ -RW UJ-857G ATA drive



sc config cdrom start= system

You should get a "Success" confirmation. Then just type exit and press Enter to close the command window.


Did you get a success confirmation when you made that change?


Could not access internet in "safe mode with networking"


Lately the malware has been making it appear as no Internet connection has been made. One way to verify this is to go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

ping www.google.com

That fails, no Internet. If it succeeds, you will get the timing results back from "pinging" Goog, and now you actually do have access.

-------------

This from your very first post:

Filename: c:\Windows\System32\drivers\dfsc.sys
Threat Name: Trojan horse Hider.OMK

Time to look into that. Open SystemLook again, and run the following script:

:filefind
*dfsc*


Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.

----------

o to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc qc dfs > c:\mikey.txt&c:\mikey.txt

Note pad should open when that completes. Post those contents back here please.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP