Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mbam wont run and IE will not stay open [Solved]


  • This topic is locked This topic is locked

#16
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
It will not install...says cannot create uninstall shortcut


J
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you try to open IE what error do you get ?
  • 0

#18
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
It does not give an error...the IE window opens for about 2 seconds then closes. Firefox will not even open it is like something keeps them from running.


J
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try something a bit different

Download this special copy of OTL
Reboot to safe mode and run it from there

Download OTL to your Desktop
  • 0

#20
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
can you run a screen saver file by double clicking? Just making sure i have never tried it or heard of it :)


Thanks
J
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yup, sneaky isn't it :)
  • 0

#22
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
It gives the same error that OTL gave in regular mode :(

I can reinstall windows if needed, but would prefer to fix it ;)


Thanks

J
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time to use a different programme

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt.
  • 0

#24
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Woot making progress this one ran below are the logs you requested



DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Pappi at 23:42:11 on 2012-11-13
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - <orphaned>
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users.windows\application data\wecarereminder\IEHelperv2.5.0.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332567456843
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{510DF6D4-9164-437A-AD8E-2056D3883F29} : DHCPNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-11-12 03:46:59 -------- d-----w- c:\program files\Tweaking.com
2012-11-08 05:56:20 -------- d-s-a-r- C:\cmdcons
2012-11-08 05:53:24 98816 ----a-w- c:\windows\sed.exe
2012-11-08 05:53:24 256000 ----a-w- c:\windows\PEV.exe
2012-11-08 05:53:24 208896 ----a-w- c:\windows\MBR.exe
2012-11-07 05:43:19 711240 ----a-w- c:\windows\is-S52OL.exe
2012-11-06 05:19:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-06 05:19:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 05:19:35 -------- d-----w- c:\program files\vMalwarebytes' Anti-Malware
2012-11-06 04:35:38 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-11-06 04:35:38 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-11-06 04:35:38 -------- d-----w- c:\program files\SpywareBlaster
2012-11-06 04:31:43 -------- dc----w- c:\documents and settings\all users.windows\application data\{EF63305C-BAD7-4144-9208-D65528260864}
2012-11-06 02:35:30 -------- d-----w- c:\windows\system32\NtmsData
2012-11-06 02:21:12 940544 ----a-w- c:\documents and settings\pappi\local settings\application data\log4cxx.dll
2012-11-06 02:20:21 -------- d-----w- c:\windows\system32\appmgmt
2012-11-04 08:50:14 -------- d-----w- c:\documents and settings\pappi\AppData
2012-11-04 08:50:10 -------- d-----w- c:\documents and settings\pappi\local settings\application data\WeatherBug
2012-11-04 08:50:08 -------- d-----w- c:\documents and settings\pappi\application data\WeatherBug
2012-11-04 08:45:53 -------- d-----w- c:\documents and settings\pappi\application data\encyclopediabritannicagamesbar
2012-11-04 08:45:53 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
2012-11-04 08:45:14 -------- d-----w- c:\documents and settings\pappi\application data\Oberon Media
2012-11-04 08:45:14 -------- d-----w- c:\documents and settings\all users.windows\application data\Oberon Media
2012-11-04 08:45:08 -------- d-----w- c:\documents and settings\pappi\application data\VisicomToolBar
2012-11-04 03:37:44 -------- d-----w- c:\documents and settings\pappi\local settings\application data\XboxMB
2012-11-04 03:37:39 -------- d-----w- c:\program files\Xenocode
2012-11-04 03:37:39 -------- d-----w- c:\documents and settings\pappi\local settings\application data\Xenocode
2012-11-04 03:12:46 -------- d-----w- c:\documents and settings\pappi\application data\redsn0w
2012-11-04 02:59:12 -------- d-----w- c:\documents and settings\all users.windows\application data\WeCareReminder
2012-11-04 02:58:54 -------- d-----w- c:\program files\Yahoo!
2012-11-04 02:44:28 -------- d-----w- c:\documents and settings\all users.windows\application data\Tarma Installer
2012-11-04 02:44:18 -------- d-----w- c:\documents and settings\pappi\local settings\application data\Temp
2012-11-04 02:44:18 -------- d-----w- c:\documents and settings\pappi\local settings\application data\Conduit
2012-11-02 20:59:55 -------- d-----w- c:\documents and settings\pappi\application data\Windows Search
2012-11-02 04:11:06 -------- d-----w- c:\documents and settings\pappi\local settings\application data\ApplicationHistory
2012-11-02 03:00:26 -------- d-----w- c:\program files\iTunes
2012-11-02 03:00:26 -------- d-----w- c:\documents and settings\all users.windows\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-02 02:53:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-11-02 02:48:36 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM3160812AS rev.3.AAJ -> Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk2\DR2[0x89DB7AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\00000068[0x89E5B628]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP1T0L0-18[0x89D75D98]
kernel: MBR read successfully
_asm { JMP 0x54; }
user != kernel MBR !!!
.
============= FINISH: 23:42:15.39 ===============



Thanks
J

Attached Files


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still not happy about the MBR so lets use a different scanner

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

Advertisements


#26
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
I will do this as soon as i get home. Since you are worried about the MBR i should tell you that drive 3 is unformatted if that affects your decisions.



J
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No I only look at the main drive

There is a new programme out that may determine whether or not there is a problem... Would you be prepared to give it a whirl ? It is made by malwarebytes
  • 0

#28
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
I'll give it a try...I ran the mbr program and will post it as soon as I get to a computer.
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you, this programme is still in development so initially I will run the scan, look at the log and then make a decision on the deletions

Download MBAR to your desktop
Unzip the MBAR folder to your desktop
Open the Folder and double click MBAR

At the first screen select next
Posted Image

Update the tool
Posted Image

On completion of the Update press next
Then press the scan button ensuring that the boxes as shown are ticked
Posted Image

On completion of the scan click Exit
Posted Image

Two logs will be generated within the MBAR folder could you post both MBAR log and System log
  • 0

#30
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Here is the log from the program in your previous post...I am downloading the new program now and will run it when i get home.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xB5429000 \SystemRoot\System32\DRIVERS\processr.sys
0xB474D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB4739000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB471D000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
0xB5419000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB5409000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB46FA000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB46D6000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB53F9000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB46AE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB53E9000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA3E8000 \SystemRoot\System32\DRIVERS\irsir.sys
0xBA59C000 \SystemRoot\System32\DRIVERS\irenum.sys
0xBA5A4000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB5DCA000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
0xBA6AD000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB53D9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB5DC2000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB4697000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB53C9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA128000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB4686000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA138000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB4656000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA148000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA410000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA418000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5D8000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB45F8000 \SystemRoot\System32\DRIVERS\update.sys
0xB5DAA000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA158000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5DA000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA168000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA693000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA440000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBA448000 \SystemRoot\System32\drivers\vga.sys
0xBA5E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA450000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA458000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4C6E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA853B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA84E2000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA84BA000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8494000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA560000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA8472000 \SystemRoot\System32\drivers\afd.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8447000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA83D7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA1D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA460000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA568000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA570000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xBA468000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA228000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA8366000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA57C000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xBA470000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xBA238000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8326000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8586000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA488000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA686000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EF000 \SystemRoot\System32\atikvmag.dll
0xBF15E000 \SystemRoot\System32\atiok3x2.dll
0xBF1A1000 \SystemRoot\System32\ati3duag.dll
0xBF57C000 \SystemRoot\System32\ativvaxx.dll
0xBF9C8000 \SystemRoot\System32\ATMFD.DLL
0xA5EE0000 \SystemRoot\System32\DRIVERS\irda.sys
0xA6006000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA5C5B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA6FC000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA5BDB000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5802000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA55FE000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
616 C:\WINDOWS\system32\smss.exe
668 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\ati2evxx.exe
972 C:\WINDOWS\system32\svchost.exe
1040 svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1376 svchost.exe
1524 C:\WINDOWS\system32\ati2evxx.exe
1620 C:\WINDOWS\system32\spoolsv.exe
1824 svchost.exe
1856 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2036 C:\WINDOWS\system32\svchost.exe
428 C:\WINDOWS\system32\searchindexer.exe
1200 alg.exe
1656 C:\WINDOWS\system32\wscntfy.exe
140 C:\WINDOWS\explorer.exe
1720 C:\Program Files\Logitech\SetPointP\SetPoint.exe
1340 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
244 C:\Program Files\Messenger\msmsgs.exe
132 C:\WINDOWS\system32\ctfmon.exe
812 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
3824 C:\Documents and Settings\Pappi\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00000000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive2 Model Number: MAXTORSTM3160812AS
PhysicalDrive0 Model Number: ST3300620AS, Rev: 3.AAC
PhysicalDrive1 Model Number: MAXTORSTM3160812AS

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75AC29E19B92ED5FE4988FF8F99A86835D927DAF
149 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



Also should i go ahead and format the 3rd drive?


Thanks

J
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP