Skip to content


Reply
Stone Noble
melody406
Posts: 32
Registered: ‎02-14-2012

Re: Need help, I believe my computer is infected with malware or a virus

It says the same thing as before:

 

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 4e9e458c6293c1ff67a1b6952236325f

     Size  Device Name          MBR Status
 --------------------------------------------
    69 GB  \\.\PhysicalDrive0   Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Need help, I believe my computer is infected with malware or a virus

[ Edited ]

OK...i will deal with that later can u run TDSSKiller and please attach the log as instructed.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Noble
melody406
Posts: 32
Registered: ‎02-14-2012

Re: Need help, I believe my computer is infected with malware or a virus

Here is the log for TDSSKiller attached.

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Need help, I believe my computer is infected with malware or a virus

looks good....can reboot your computer now and hit f8 while booting do u see advanced boot options then?

 

 

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Noble
melody406
Posts: 32
Registered: ‎02-14-2012

Re: Need help, I believe my computer is infected with malware or a virus

Yes, I do see Advanced Boot Options, but I'm going to have to pick this back up in the morning.  It's almost 330AM and I am so tired.  What would you like me to start off with in the morning?  Thanks so much for all your help and patience!

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Need help, I believe my computer is infected with malware or a virus

Run MBRCheck.exe.
http://majorgeeks.com/MBRCheck_d7076.html

You will be presented with the following dialog:

Quote
Found non-standard or infected MBR.


Enter 'Y' and hit ENTER for more options:


Enter Y and press Enter.

The following dialog will be presented:
Quote
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 2 and press Enter

The following dialog will be presented:

Quote
Enter the physical disk number to fix (0-99, -1 to cancel):


Enter >>0<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:


Enter >>1<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:


Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:


Done! Press ENTER to exit...


Press EnterA report will be produced on the desktop. Post that report in your next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Noble
melody406
Posts: 32
Registered: ‎02-14-2012

Re: Need help, I believe my computer is infected with malware or a virus

Again, thanks and Good Night!!!

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Need help, I believe my computer is infected with malware or a virus

OK...u can catch my previous instructions later!

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Noble
melody406
Posts: 32
Registered: ‎02-14-2012

Re: Need help, I believe my computer is infected with malware or a virus

Good afternoon,  just came in from services. 

Attached is the MBRCheck Log.

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:   
Windows Version:  Windows XP Home Edition
Windows Information:  Service Pack 3 (build 2600)
Logical Drives Mask:  0x0000001c

Kernel Drivers (total 180):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806EF000 \WINDOWS\system32\hal.dll
  0xF7C8E000 \WINDOWS\system32\KDCOM.DLL
  0xF7B9E000 \WINDOWS\system32\BOOTVID.dll
  0xF773F000 ACPI.sys
  0xF7C90000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF772E000 pci.sys
  0xF778E000 isapnp.sys
  0xF779E000 ohci1394.sys
  0xF77AE000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7D56000 pciide.sys
  0xF7A0E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7C92000 aliide.sys
  0xF7C94000 cmdide.sys
  0xF7C96000 toside.sys
  0xF7C98000 viaide.sys
  0xF7C9A000 intelide.sys
  0xF77BE000 MountMgr.sys
  0xF770F000 ftdisk.sys
  0xF7A16000 PartMgr.sys
  0xF7D57000 siside.sys
  0xF77CE000 VolSnap.sys
  0xF76FC000 pnp680r.sys
  0xF76E4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF7BA2000 cpqarray.sys
  0xF7671000 iaStor.sys
  0xF7659000 atapi.sys
  0xF7BA6000 aha154x.sys
  0xF7A1E000 sparrow.sys
  0xF7BAA000 symc810.sys
  0xF77DE000 aic78xx.sys
  0xF7BAE000 dac960nt.sys
  0xF77EE000 ql10wnt.sys
  0xF7BB2000 amsint.sys
  0xF7A26000 asc.sys
  0xF7BB6000 asc3550.sys
  0xF7A2E000 mraid35x.sys
  0xF7A36000 i2omp.sys
  0xF7BBA000 ini910u.sys
  0xF77FE000 ql1240.sys
  0xF780E000 aic78u2.sys
  0xF7A3E000 symc8xx.sys
  0xF7A46000 sym_hi.sys
  0xF7A4E000 sym_u3.sys
  0xF7A56000 ABP480N5.SYS
  0xF7A5E000 asc3350p.sys
  0xF7C9C000 cd20xrnt.sys
  0xF781E000 ultra.sys
  0xF7640000 adpu160m.sys
  0xF7A66000 dpti2o.sys
  0xF782E000 ql1080.sys
  0xF783E000 ql1280.sys
  0xF784E000 ql12160.sys
  0xF7A6E000 perc2.sys
  0xF7C9E000 perc2hib.sys
  0xF7A76000 hpn.sys
  0xF7BBE000 cbidf2k.sys
  0xF7614000 dac2w2k.sys
  0xF7601000 viamraid.sys
  0xF785E000 disk.sys
  0xF786E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF75E1000 fltmgr.sys
  0xF75CF000 sr.sys
  0xF787E000 PxHelp20.sys
  0xF75B8000 KSecDD.sys
  0xF75A5000 WudfPf.sys
  0xF7518000 Ntfs.sys
  0xF74EB000 NDIS.sys
  0xF788E000 viaagp.sys
  0xF789E000 uagp35.sys
  0xF74D1000 Mup.sys
  0xF78AE000 gagp30kx.sys
  0xF7A7E000 avgrkx86.sys
  0xF7BC2000 AVGIDSEH.Sys
  0xF78BE000 amdagp.sys
  0xF78CE000 alim1541.sys
  0xF78DE000 agpCPQ.sys
  0xF7461000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF69AB000 \SystemRoot\system32\DRIVERS\sisgrp.sys
  0xF6997000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7451000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF7441000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7431000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF6974000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7B4E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xF6585000 \SystemRoot\system32\drivers\ALCXWDM.SYS
  0xF6561000 \SystemRoot\system32\drivers\portcls.sys
  0xF6A74000 \SystemRoot\system32\drivers\drmk.sys
  0xF7B56000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF653D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7B5E000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF7B66000 \SystemRoot\system32\DRIVERS\sisnic.sys
  0xF6509000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
  0xF640A000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
  0xF6363000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
  0xF7B6E000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7B76000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF6A64000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF73D5000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF634F000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF6A54000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7B7E000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7D6F000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF6A44000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF73D1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6338000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF6A34000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF6A24000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7B86000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF6327000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF6A14000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7B8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7B96000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF6A04000 \SystemRoot\System32\Drivers\PhnxVcd.sys
  0xF790E000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7A96000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7CB2000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF62C9000 \SystemRoot\system32\DRIVERS\update.sys
  0xF73C1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF792E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF795E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7CB8000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7C8A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF797E000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
  0xF7CBA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF798E000 \SystemRoot\system32\DRIVERS\DcCam.sys
  0xF3190000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
  0xF7EB9000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7CBC000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7AA6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7AAE000 \SystemRoot\System32\drivers\vga.sys
  0xF7CBE000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7CC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7AB6000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7ABE000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF70BD000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF310D000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF30B4000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF30A0000 \SystemRoot\system32\drivers\bckd.sys
  0xF3059000 \SystemRoot\system32\DRIVERS\avgtdix.sys
  0xF3033000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF799E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF2FE3000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF70A9000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF2FC1000 \SystemRoot\System32\drivers\afd.sys
  0xF79AE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF70A5000 \SystemRoot\system32\DRIVERS\srvkp.sys
  0xF2F9F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xF7AC6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xF2F74000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF2F04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF79CE000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF7ACE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF7AD6000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xF7ADE000 \SystemRoot\system32\DRIVERS\HPZius12.sys
  0xF7AE6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF2ECD000 \SystemRoot\system32\DRIVERS\avgldx86.sys
  0xF7401000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF79DE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF79EE000 \SystemRoot\system32\DRIVERS\HPZid412.sys
  0xF73F9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xF73F5000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF2DC1000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF3130000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7E04000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\SiSGRV.dll
  0xF2EAD000 \SystemRoot\system32\drivers\dcfs2k.sys
  0xF2C7D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xF2AA1000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
  0xF2A65000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xF2775000 \SystemRoot\system32\DRIVERS\srv.sys
  0xF7B36000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
  0xF2575000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
  0xF2905000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF2240000 \SystemRoot\system32\drivers\wdmaud.sys
  0xF2865000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF1E37000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
       0 System Idle Process
       4 System
     520 C:\WINDOWS\system32\smss.exe
     552 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
     584 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
     788 csrss.exe
     816 C:\WINDOWS\system32\winlogon.exe
     864 C:\WINDOWS\system32\services.exe
     880 C:\WINDOWS\system32\lsass.exe
    1044 C:\WINDOWS\system32\svchost.exe
    1092 svchost.exe
    1228 C:\WINDOWS\system32\svchost.exe
    1288 C:\WINDOWS\system32\svchost.exe
    1400 svchost.exe
    1476 svchost.exe
    1576 C:\WINDOWS\system32\LEXBCES.EXE
    1608 C:\WINDOWS\system32\LEXPPS.EXE
    1616 C:\WINDOWS\system32\spoolsv.exe
    1716 C:\Program Files\SUPERAntiSpyware\SASCore.exe
    1728 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1748 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    1764 C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    1924 C:\WINDOWS\system32\HPZipm12.exe
     228 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
     956 C:\WINDOWS\system32\svchost.exe
    1428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1432 C:\Program Files\AVG\AVG2012\avgnsx.exe
    1892 C:\Program Files\AVG\AVG2012\avgemcx.exe
    2116 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    2716 C:\WINDOWS\explorer.exe
    2940 alg.exe
    3000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3480 C:\Program Files\AVG\AVG2012\avgtray.exe
    3516 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3528 C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
    3540 C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
    3556 C:\WINDOWS\system32\ctfmon.exe
    3884 C:\WINDOWS\system32\svchost.exe
    1940 C:\Documents and Settings\Delores Lewis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-22JHC0, Rev: 05.01C05

      Size  Device Name          MBR Status
  --------------------------------------------
     69 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 3DB196AACEBF867015354A3B9AF258D116FCFB13


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows XP)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Need help, I believe my computer is infected with malware or a virus

ok..so we have something that we will have to take care outside of windows...i have read your PM So we will check what is that process....

 

Please download the following programmes to your desktop: 

Dr Web Live CD

ImgBurn

Install IMGBurn 

  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions 
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    • Use arrow keys to select  DrWeb-LiveCD (Default)
    • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.
      • The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 
      • Once completed reboot to normal windows
      • no log is produced so once done in normal windows run a fresh OTL scan and let me know if the problems persist.Also give me a list of items cleaned by DR.web on next reply.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.