Jump to content

MBAM removed a lot but not all of it


Recommended Posts

The rootkit unhooker didn't load or run. MBAM reports no problems and the redirects are still happening.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5580

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/23/2011 2:18:13 PM

mbam-log-2011-01-23 (14-18-13).txt

Scan type: Quick scan

Objects scanned: 159712

Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

MBR results.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 1545

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 186):

0x02E49000 \SystemRoot\system32\ntoskrnl.exe

0x02E00000 \SystemRoot\system32\hal.dll

0x00BAB000 \SystemRoot\system32\kdcom.dll

0x00CAB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CEF000 \SystemRoot\system32\PSHED.dll

0x00D03000 \SystemRoot\system32\CLFS.SYS

0x00E9D000 \SystemRoot\system32\CI.dll

0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F5D000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F6C000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FC3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FCC000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00D61000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys

0x010AF000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x011CB000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys

0x01060000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01220000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0141B000 \SystemRoot\System32\Drivers\msrpc.sys

0x01479000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01493000 \SystemRoot\System32\Drivers\cng.sys

0x01506000 \SystemRoot\System32\drivers\pcw.sys

0x01517000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01637000 \SystemRoot\system32\drivers\ndis.sys

0x01729000 \SystemRoot\system32\drivers\NETIO.SYS

0x01789000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x017B4000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01600000 \SystemRoot\System32\Drivers\spldr.sys

0x01521000 \SystemRoot\System32\drivers\rdyboost.sys

0x01608000 \SystemRoot\System32\Drivers\mup.sys

0x0161A000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0155B000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01595000 \SystemRoot\system32\DRIVERS\disk.sys

0x015AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x02B39000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02B63000 \SystemRoot\System32\Drivers\Null.SYS

0x02B6C000 \SystemRoot\System32\Drivers\Beep.SYS

0x02B73000 \SystemRoot\System32\drivers\vga.sys

0x02B81000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02BA6000 \SystemRoot\System32\drivers\watchdog.sys

0x02BB6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02BBF000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02BC8000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02BD1000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02BDC000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03802000 \SystemRoot\System32\drivers\tcpip.sys

0x03A15000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x03A5F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03A7D000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03A8A000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03ACF000 \SystemRoot\system32\drivers\afd.sys

0x03B59000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03B62000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03B88000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03B9E000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03BAD000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03BC8000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03CF4000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03D45000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03D51000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03D5C000 \SystemRoot\System32\drivers\discache.sys

0x03D6B000 \SystemRoot\System32\Drivers\dfsc.sys

0x03D89000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03D9A000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0465F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x03C00000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04D5E000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04DA4000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x04DB1000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04DC2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04005000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x042AD000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x042BA000 \SystemRoot\system32\DRIVERS\yk62x64.sys

0x0431E000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x0433C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x04387000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04396000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x043A5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x043B2000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x043B7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x043C0000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x043D6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x043E6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03DC0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04DE6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x013C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03DE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03BDC000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x015DB000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x043FC000 \SystemRoot\system32\DRIVERS\swenum.sys

0x00DBD000 \SystemRoot\system32\DRIVERS\ks.sys

0x03A00000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04E4E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04EA8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04EBD000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x04F38000 \SystemRoot\system32\DRIVERS\portcls.sys

0x04F75000 \SystemRoot\system32\DRIVERS\drmk.sys

0x04F97000 \SystemRoot\system32\drivers\ksthunk.sys

0x00030000 \SystemRoot\System32\win32k.sys

0x04F9D000 \SystemRoot\System32\drivers\Dxapi.sys

0x04FA9000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02A00000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x04FB7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04E00000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x04E3A000 \SystemRoot\System32\Drivers\USBD.SYS

0x04E3C000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004A0000 \SystemRoot\System32\TSDDD.dll

0x006A0000 \SystemRoot\System32\cdd.dll

0x04FCA000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x0106D000 \SystemRoot\system32\drivers\luafv.sys

0x011D6000 \SystemRoot\system32\drivers\WudfPf.sys

0x022AE000 \SystemRoot\System32\Drivers\usbvideo.sys

0x022DC000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys

0x02307000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x02315000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x0232E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x02337000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x02344000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02359000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x023AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x023BF000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0289A000 \SystemRoot\system32\drivers\HTTP.sys

0x02962000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02980000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02998000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0284E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x02200000 \SystemRoot\system32\drivers\peauth.sys

0x02871000 \SystemRoot\System32\Drivers\secdrv.SYS

0x029C5000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0287C000 \SystemRoot\System32\drivers\tcpipreg.sys

0x044FD000 \SystemRoot\System32\DRIVERS\srv2.sys

0x04564000 \SystemRoot\System32\DRIVERS\srv.sys

0x04400000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x04409000 \SystemRoot\System32\Drivers\fastfat.SYS

0x044B0000 \??\c:\program files\dell support center\pcdsrvc_x64.pkms

0x044BC000 \SystemRoot\system32\drivers\MSPQM.sys

0x76F10000 \Windows\System32\ntdll.dll

0x47770000 \Windows\System32\smss.exe

0xFF230000 \Windows\System32\apisetschema.dll

0xFFD30000 \Windows\System32\autochk.exe

0xFF110000 \Windows\System32\msctf.dll

0xFEFE0000 \Windows\System32\rpcrt4.dll

0xFEEB0000 \Windows\System32\wininet.dll

0xFEE10000 \Windows\System32\comdlg32.dll

0xFEDF0000 \Windows\System32\imagehlp.dll

0x770E0000 \Windows\System32\normaliz.dll

0xFEDE0000 \Windows\System32\nsi.dll

0xFED90000 \Windows\System32\Wldap32.dll

0xFECF0000 \Windows\System32\clbcatq.dll

0xFECE0000 \Windows\System32\lpk.dll

0xFEAD0000 \Windows\System32\ole32.dll

0xFEA00000 \Windows\System32\usp10.dll

0xFE7A0000 \Windows\System32\iertutil.dll

0xFDA10000 \Windows\System32\shell32.dll

0x76E10000 \Windows\System32\user32.dll

0xFD9C0000 \Windows\System32\ws2_32.dll

0xFD7E0000 \Windows\System32\setupapi.dll

0xFD700000 \Windows\System32\oleaut32.dll

0x76CF0000 \Windows\System32\kernel32.dll

0xFD6E0000 \Windows\System32\sechost.dll

0xFD560000 \Windows\System32\urlmon.dll

0xFD4F0000 \Windows\System32\gdi32.dll

0xFD4C0000 \Windows\System32\imm32.dll

0x770D0000 \Windows\System32\psapi.dll

0xFD420000 \Windows\System32\msvcrt.dll

0xFD3A0000 \Windows\System32\difxapi.dll

0xFD2C0000 \Windows\System32\advapi32.dll

0xFD240000 \Windows\System32\shlwapi.dll

0xFD1D0000 \Windows\System32\KernelBase.dll

0xFD130000 \Windows\System32\comctl32.dll

0xFD0F0000 \Windows\System32\cfgmgr32.dll

0xFCF80000 \Windows\System32\crypt32.dll

0xFCF40000 \Windows\System32\wintrust.dll

0xFCF20000 \Windows\System32\devobj.dll

0xFCF10000 \Windows\System32\msasn1.dll

0x76500000 \Windows\SysWOW64\normaliz.dll

Processes (total 75):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

384 csrss.exe

456 C:\Windows\System32\wininit.exe

464 csrss.exe

520 C:\Windows\System32\services.exe

544 C:\Windows\System32\winlogon.exe

552 C:\Windows\System32\lsass.exe

560 C:\Windows\System32\lsm.exe

716 C:\Windows\System32\svchost.exe

800 C:\Windows\System32\svchost.exe

884 C:\Windows\System32\svchost.exe

936 C:\Windows\System32\svchost.exe

984 C:\Windows\System32\svchost.exe

308 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe

1052 C:\Windows\System32\svchost.exe

1108 C:\Program Files\Dell\DellDock\DockLogin.exe

1188 C:\Windows\System32\svchost.exe

1272 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

1280 C:\Windows\System32\wlanext.exe

1288 C:\Windows\System32\conhost.exe

1332 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

1448 C:\Windows\System32\spoolsv.exe

1504 C:\Windows\System32\svchost.exe

1596 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1648 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1728 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

1836 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

1892 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

1956 C:\Windows\System32\svchost.exe

1760 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2500 C:\Windows\System32\taskhost.exe

2624 C:\Windows\System32\dwm.exe

2676 C:\Windows\explorer.exe

2820 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

2884 C:\Program Files\DellTPad\Apoint.exe

2892 C:\Program Files\IDT\WDM\sttray64.exe

2900 C:\Windows\System32\igfxtray.exe

2912 C:\Windows\System32\hkcmd.exe

2920 C:\Windows\System32\igfxpers.exe

2940 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

2956 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2976 C:\Program Files\Windows Sidebar\sidebar.exe

3024 C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

2216 C:\Windows\System32\igfxsrvc.exe

2776 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

2848 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

2952 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

1696 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

556 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

2088 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3364 C:\Program Files\DellTPad\ApMsgFwd.exe

3404 C:\Program Files\DellTPad\hidfind.exe

3440 C:\Windows\System32\svchost.exe

3452 C:\Program Files\DellTPad\ApntEx.exe

3500 C:\Windows\System32\conhost.exe

3976 C:\Program Files\iPod\bin\iPodService.exe

2748 C:\Windows\System32\SearchIndexer.exe

5076 C:\Windows\System32\svchost.exe

4108 C:\Program Files\Windows Media Player\wmpnetwk.exe

1340 C:\Windows\System32\svchost.exe

4632 C:\Windows\System32\taskeng.exe

4868 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

4252 WmiPrvSE.exe

5072 C:\Windows\System32\VSSVC.exe

5084 C:\Windows\System32\svchost.exe

4408 C:\Windows\System32\audiodg.exe

2968 C:\Windows\System32\SearchProtocolHost.exe

2180 C:\Windows\System32\SearchFilterHost.exe

584 C:\Windows\System32\SearchProtocolHost.exe

4436 dllhost.exe

4856 dllhost.exe

3732 C:\Users\Stefan\Desktop\MBRCheck.exe

2352 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ002D

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

  1. Run MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. Please push the 'Y' key and then press Enter
  4. When program ask you Enter your choice: enter 2 and press the Enter key
  5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  6. Enter 0 and press the Enter key.
  7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter the number for Windows 7, and then press Enter.
  8. The program will prompt for confirmation. Type 'YES' and hit Enter.
  9. Left click on the title bar (where program name and path is written).
  10. From menu chose Edit => Select All
  11. Hit the Enter key on your keyboard to copy selected text.
  12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  13. Restart your PC.
  14. Post the text in "MBRCheck results.txt" here, please.

Link to post
Share on other sites

MBRCheck results.txt

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 1545

Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0

Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Press ENTER to exit...

Link to post
Share on other sites

It seems that the command bootrec.exe /fixmbr from this link (http://windows7themes.net/how-to-fix-mbr-in-windows-7.html) has toasted this computer.

Your last link is exactly where I'm stuck. It won't start normally, fix itself or system restore. How can we fix the damage done by that command? Will that affect the ability to access the drive on another system?

Link to post
Share on other sites

I've tried the bootrec with fixmbr and fixboot switches with no success, the ScanOs switch reports 0 versions of windows. I also used the dir command to explore the drive and can see the important files. Safe mode doesn't work either. I noticed a brief blue screen upon startup (had to record it with a video camera to see what it says), "a problem has been detected and windows has been shut down to blah blah blah". There is a option below the Command Prompt for Dell DataSafe Restore which I haven't tried. Any ideas?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.