Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mbam wont run and IE will not stay open [Solved]


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you wish, I am more interested in drive 0 though as it is reporting an unknown MBR
  • 0

Advertisements


#32
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Here is the log that you requested. It found 1 malware, but i did not fix as your instructions said to exit.


Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pappi :: GERMANDO-05MPX9 [administrator]

11/14/2012 4:49:01 PM
mbar-log-2012-11-14 (16-49-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 6785
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Delete on reboot. [8f38f5c1b4a988ae826856fa28db2dd3]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 2146672640, free: 1751293952

Downloaded database version: v2012.11.14.07
Downloaded database version: v2012.11.12.01
Initializing...
Done!
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
Partition information:

This drive is a Single Partition removable Drive.
Partition file system is NTFS
Partition is not bootable

Disk Size: 300069052416 bytes
Sector size: 512 bytes

Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F9B2B9

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 312576642

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 230B230B

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 268413957
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 7821280

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4004511744 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl --> [PUP.FCTPlugin]
Done!
Scan finished
=======================================



Please advise


Thanks
J
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try MBAM and internet explorer in normal mode please and let me know the result

Also what is the make and model of the computer, as I need that before I attempt to change the MBR as I do not want you to lose the recovery partition
  • 0

#34
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
IE is doing the exact same. MBAM will not install fully it gets to the .lnk files and errors out. As far as the specs on my computer it is custom built and here they are.

Antec 750W power supply
Asus DVD drive
LiteOn DVD burner
2 GB corsair ram
Radeon 1950 XT
2 x Maxtor 160GB
1 x Seagate 320 GB
Athlon 6000 X2
ASRocks MB (not sure the model i can find out if you need me too)
Coolermaster Symphony Case

Thanks

J
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>1<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#36
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Here it is


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xB5435000 \SystemRoot\System32\DRIVERS\processr.sys
0xB47BC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB47A8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB478C000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
0xB5425000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB5415000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB4769000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB4745000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB5405000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB471D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB53F5000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA3E8000 \SystemRoot\System32\DRIVERS\irsir.sys
0xBA598000 \SystemRoot\System32\DRIVERS\irenum.sys
0xBA5A0000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA5A4000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
0xBA7E4000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB53E5000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB5DC6000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB4706000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB53D5000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB53C5000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB46F5000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA138000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB46C5000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA148000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA410000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA418000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5D6000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB4667000 \SystemRoot\System32\DRIVERS\update.sys
0xB5DAE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA168000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA784000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA438000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBA440000 \SystemRoot\System32\drivers\vga.sys
0xBA5E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA448000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4CDD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA85AA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8551000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA8529000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8503000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA55C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA84E1000 \SystemRoot\System32\drivers\afd.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA84B6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA8446000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA1D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA460000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA564000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA570000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xBA468000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA218000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA83AD000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA578000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xBA470000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xBA248000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8395000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA602000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA56C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA490000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EF000 \SystemRoot\System32\atikvmag.dll
0xBF15E000 \SystemRoot\System32\atiok3x2.dll
0xBF1A1000 \SystemRoot\System32\ati3duag.dll
0xBF57C000 \SystemRoot\System32\ativvaxx.dll
0xBF9C8000 \SystemRoot\System32\ATMFD.DLL
0xA5F4F000 \SystemRoot\System32\DRIVERS\irda.sys
0xA6075000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA5CCA000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA73D000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA5B5A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA57F9000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
680 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\ati2evxx.exe
964 C:\WINDOWS\system32\svchost.exe
1036 svchost.exe
1132 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1428 C:\WINDOWS\system32\ati2evxx.exe
1472 svchost.exe
1648 C:\WINDOWS\system32\spoolsv.exe
188 svchost.exe
228 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
428 C:\WINDOWS\system32\svchost.exe
500 C:\WINDOWS\system32\searchindexer.exe
1128 C:\WINDOWS\system32\wuauclt.exe
1780 alg.exe
1552 C:\WINDOWS\system32\svchost.exe
140 C:\WINDOWS\system32\wscntfy.exe
436 C:\WINDOWS\explorer.exe
2136 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2168 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
2184 C:\Program Files\Messenger\msmsgs.exe
2196 C:\WINDOWS\system32\ctfmon.exe
2284 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
2780 C:\WINDOWS\system32\wuauclt.exe
3324 C:\Documents and Settings\Pappi\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00000000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive2 Model Number: MAXTORSTM3160812AS
PhysicalDrive0 Model Number: ST3300620AS, Rev: 3.AAC
PhysicalDrive1 Model Number: MAXTORSTM3160812AS

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75AC29E19B92ED5FE4988FF8F99A86835D927DAF
149 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!




Thanks

J
  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now uninstall MBAM and run MBAMClean.exe

Then retry MBAM and IE letting me know what problems you are having
  • 0

#38
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
It is doing the exact same thing...I will keep doing everything you want me too...I have backed up my files and iTunes so that I can format and reinstall if needed


J
  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It might actually be quicker to do that as I am having trouble tracking down the miscreant.. I have a small tutorial here let me know how you would like to proceed
  • 0

#40
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
I have installed xp many many times...but I would like to know what AV and firewall you recommend And also what you recommend in addition to mbam
  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For XP I would recommend either Avast or MSES as they are lightweight and easy to configure
Avast direct download link Here be advised it will offer to install Chrome, decline that unless you wish to get it
Posted Image

To be honest I would keep MBAM as a standalone protector, it will catch the vast majority of malware and will not annoy you with tales of a myriad of tracking cookies

For firewall again the easiest to set up and use would be outpost free
  • 0

#42
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
Well the drive has been formatted and basic windows xp pro is installed. I now begin the long process of updating windows with all 9 million hotfixes and patches. I appreciate your time and effort in assisting me with this matter. I think that at this point a repair or reinstallation of windows was needed. I will take your advice and use Avast and outpost free, as i thought avira was a little too top heavy anyway. LOL and i will now not assume that my wife will not let anyone on my computer and have created user accounts and have passworded my admin level accounts :).


Thanks for all your help

J
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry we could not locate the problem... But XP does run better for the occasional reinstall

Have you considered slipstreaming the service packs in case you need to do this again ?
  • 0

#44
RubyMarty

RubyMarty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts
I have a slipstream install disk with all my drivers and even MS office lol, but i cannot find it so i will do it the old fashioned way ;)

Though i was thinking after browsing your site that if you do not have a how to make a slipstreamed disk user guide, you could add one. If you don't let me know and ill type up some instructions and send them to you for your approval.


J
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is what I normally use... http://lifehacker.co...installation-cd

However, if you feel you could do something similar for inclusion on this site we would be grateful
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP