
Mbam wont run and IE will not stay open [Solved]
#31
Posted 14 November 2012 - 04:20 PM

#32
Posted 14 November 2012 - 06:44 PM

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.14.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pappi :: GERMANDO-05MPX9 [administrator]
11/14/2012 4:49:01 PM
mbar-log-2012-11-14 (16-49-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 6785
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Delete on reboot. [8f38f5c1b4a988ae826856fa28db2dd3]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 2146672640, free: 1751293952
Downloaded database version: v2012.11.14.07
Downloaded database version: v2012.11.12.01
Initializing...
Done!
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
Partition information:
This drive is a Single Partition removable Drive.
Partition file system is NTFS
Partition is not bootable
Disk Size: 300069052416 bytes
Sector size: 512 bytes
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F9B2B9
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 312576642
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 230B230B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 268413957
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 7821280
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4004511744 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl --> [PUP.FCTPlugin]
Done!
Scan finished
=======================================
Please advise
Thanks
J
#33
Posted 15 November 2012 - 07:46 AM

Also what is the make and model of the computer, as I need that before I attempt to change the MBR as I do not want you to lose the recovery partition
#34
Posted 15 November 2012 - 01:23 PM

Antec 750W power supply
Asus DVD drive
LiteOn DVD burner
2 GB corsair ram
Radeon 1950 XT
2 x Maxtor 160GB
1 x Seagate 320 GB
Athlon 6000 X2
ASRocks MB (not sure the model i can find out if you need me too)
Coolermaster Symphony Case
Thanks
J
#35
Posted 15 November 2012 - 01:28 PM

You will be presented with the following dialog:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter Y and press Enter.
The following dialog will be presented:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Enter 2 and press Enter
The following dialog will be presented:
Enter the physical disk number to fix (0-99, -1 to cancel):
Enter >>0<< and press Enter
The following dialog will be presented:
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:
Enter >>1<< and press Enter
The following dialog will be presented:
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
And last the following dialog will be presented:
Done! Press ENTER to exit...
Press Enter. A report will be produced on the desktop. Post that report in your next reply.
#36
Posted 16 November 2012 - 06:44 AM

MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xB5435000 \SystemRoot\System32\DRIVERS\processr.sys
0xB47BC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB47A8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB478C000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
0xB5425000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB5415000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB4769000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB4745000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB5405000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB471D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB53F5000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA3E8000 \SystemRoot\System32\DRIVERS\irsir.sys
0xBA598000 \SystemRoot\System32\DRIVERS\irenum.sys
0xBA5A0000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA5A4000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
0xBA7E4000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB53E5000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB5DC6000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB4706000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB53D5000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB53C5000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB46F5000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA138000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB46C5000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA148000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA410000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA418000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5D6000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB4667000 \SystemRoot\System32\DRIVERS\update.sys
0xB5DAE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA168000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA784000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA438000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBA440000 \SystemRoot\System32\drivers\vga.sys
0xBA5E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA448000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4CDD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA85AA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8551000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA8529000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8503000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA55C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA84E1000 \SystemRoot\System32\drivers\afd.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA84B6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA8446000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA1D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA460000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA564000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA570000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xBA468000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA218000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA83AD000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA578000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xBA470000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xBA248000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8395000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA602000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA56C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA490000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EF000 \SystemRoot\System32\atikvmag.dll
0xBF15E000 \SystemRoot\System32\atiok3x2.dll
0xBF1A1000 \SystemRoot\System32\ati3duag.dll
0xBF57C000 \SystemRoot\System32\ativvaxx.dll
0xBF9C8000 \SystemRoot\System32\ATMFD.DLL
0xA5F4F000 \SystemRoot\System32\DRIVERS\irda.sys
0xA6075000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA5CCA000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA73D000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA5B5A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA57F9000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 31):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
680 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\ati2evxx.exe
964 C:\WINDOWS\system32\svchost.exe
1036 svchost.exe
1132 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1428 C:\WINDOWS\system32\ati2evxx.exe
1472 svchost.exe
1648 C:\WINDOWS\system32\spoolsv.exe
188 svchost.exe
228 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
428 C:\WINDOWS\system32\svchost.exe
500 C:\WINDOWS\system32\searchindexer.exe
1128 C:\WINDOWS\system32\wuauclt.exe
1780 alg.exe
1552 C:\WINDOWS\system32\svchost.exe
140 C:\WINDOWS\system32\wscntfy.exe
436 C:\WINDOWS\explorer.exe
2136 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2168 C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
2184 C:\Program Files\Messenger\msmsgs.exe
2196 C:\WINDOWS\system32\ctfmon.exe
2284 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
2780 C:\WINDOWS\system32\wuauclt.exe
3324 C:\Documents and Settings\Pappi\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00000000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive2 Model Number: MAXTORSTM3160812AS
PhysicalDrive0 Model Number: ST3300620AS, Rev: 3.AAC
PhysicalDrive1 Model Number: MAXTORSTM3160812AS
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75AC29E19B92ED5FE4988FF8F99A86835D927DAF
149 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Thanks
J
#37
Posted 16 November 2012 - 07:34 AM

Then retry MBAM and IE letting me know what problems you are having
#38
Posted 17 November 2012 - 01:12 AM

J
#40
Posted 17 November 2012 - 06:19 AM

#41
Posted 17 November 2012 - 06:32 AM

Avast direct download link Here be advised it will offer to install Chrome, decline that unless you wish to get it

To be honest I would keep MBAM as a standalone protector, it will catch the vast majority of malware and will not annoy you with tales of a myriad of tracking cookies
For firewall again the easiest to set up and use would be outpost free
#42
Posted 17 November 2012 - 01:30 PM


Thanks for all your help
J
#43
Posted 17 November 2012 - 01:39 PM

Have you considered slipstreaming the service packs in case you need to do this again ?
#44
Posted 17 November 2012 - 02:57 PM


Though i was thinking after browsing your site that if you do not have a how to make a slipstreamed disk user guide, you could add one. If you don't let me know and ill type up some instructions and send them to you for your approval.
J
#45
Posted 17 November 2012 - 03:01 PM

However, if you feel you could do something similar for inclusion on this site we would be grateful
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






