copy btr runbox does not work...dont have any programs not even notepad
Printable View
copy btr runbox does not work...dont have any programs not even notepad
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fd
Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7C6F000 \WINDOWS\system32\KDCOM.DLL
0xF7B7F000 \WINDOWS\system32\BOOTVID.dll
0xF7720000 ACPI.sys
0xF7C71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF770F000 pci.sys
0xF776F000 isapnp.sys
0xF7D37000 pciide.sys
0xF79EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7C73000 viaide.sys
0xF777F000 MountMgr.sys
0xF76F0000 ftdisk.sys
0xF79F7000 PartMgr.sys
0xF79FF000 videX32.sys
0xF778F000 VolSnap.sys
0xF76D8000 atapi.sys
0xF76B5000 fasttx2k.sys
0xF769D000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF779F000 disk.sys
0xF77AF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF767D000 fltmgr.sys
0xF766B000 sr.sys
0xF77BF000 xfilt.sys
0xF7A07000 PxHelp20.sys
0xF7654000 KSecDD.sys
0xF75C7000 Ntfs.sys
0xF759A000 NDIS.sys
0xF7A0F000 viaagp1.sys
0xF77CF000 SISAGPX.sys
0xF77DF000 ohci1394.sys
0xF77EF000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7580000 Mup.sys
0xF784F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF797F000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF6C94000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xF6C80000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C44000 \SystemRoot\system32\DRIVERS\RT2500.sys
0xF6B28000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7C83000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7ABF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF798F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF799F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6B05000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6AA7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7ACF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF672D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6709000 \SystemRoot\system32\drivers\portcls.sys
0xF79BF000 \SystemRoot\system32\drivers\drmk.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7AD7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7C33000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF66F5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF781F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7ADF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AE7000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7E81000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF782F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7C37000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF783F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6D4F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AF7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF66CD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B07000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B0F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6D2F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C85000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF666F000 \SystemRoot\system32\DRIVERS\update.sys
0xF7C47000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6D1F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6CFF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B1F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF5620000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7C91000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DCB000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C93000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B37000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7B3F000 \SystemRoot\System32\drivers\vga.sys
0xF7C95000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C97000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7B47000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7B4F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73AA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF55ED000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5594000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF556C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7BFB000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5522000 \SystemRoot\System32\drivers\afd.sys
0xF6CEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7BFF000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xF5500000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7B57000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF54D5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5465000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6CCF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF543F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6CBF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF785F000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF5353000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF666B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF787F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7B5F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6667000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF533B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C9D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6653000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B6F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E37000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBF35C000 \SystemRoot\System32\ATMFD.DLL
0xF0A2B000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xF0995000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF53CF000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xF0A27000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF0750000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0AB3000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0635000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF04ED000 \SystemRoot\system32\DRIVERS\srv.sys
0xF0710000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF0365000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEFE6C000 \SystemRoot\System32\Drivers\HTTP.sys
0xF01FD000 \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswMBR.sys
0xEFAAC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 42):
0 System Idle Process
4 System
668 C:\WINDOWS\system32\smss.exe
740 csrss.exe
764 C:\WINDOWS\system32\winlogon.exe
808 C:\WINDOWS\system32\services.exe
828 C:\WINDOWS\system32\lsass.exe
980 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1092 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1132 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1368 C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe
1476 svchost.exe
1716 C:\WINDOWS\system32\spoolsv.exe
476 svchost.exe
508 C:\Program Files\LSI SoftModem\agrsmsvc.exe
544 C:\WINDOWS\system32\svchost.exe
584 C:\Program Files\Java\jre6\bin\jqs.exe
636 C:\WINDOWS\system32\svchost.exe
720 C:\WINDOWS\explorer.exe
1004 C:\WINDOWS\system32\svchost.exe
1196 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1260 C:\WINDOWS\system\hpsysdrv.exe
1340 C:\hp\KBD\kbd.exe
1444 C:\WINDOWS\system32\VTTimer.exe
1500 wdfmgr.exe
1592 C:\WINDOWS\SOUNDMAN.EXE
1604 C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \WlanUI.exe
1624 C:\Program Files\Microsoft Security Client\msseces.exe
1772 C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
1864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1932 C:\Program Files\QuickTime\qttask.exe
2000 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2044 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
328 C:\WINDOWS\system32\ctfmon.exe
2308 C:\WINDOWS\system32\wscntfy.exe
2364 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2400 alg.exe
2596 C:\WINDOWS\system32\svchost.exe
3032 C:\WINDOWS\system32\wuauclt.exe
1928 J:\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0c16a000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
PhysicalDrive0 Model Number: WDCWD600BB-22JHA0, Rev: 05.01C05
Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
so far everything seems pretty normal except no programs listed
Go on with TDSSKiller.
no threats found .u still need log
Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.
I am starting to think this is now clean but what ever hit this wiped out all programs..
running unhide now
All I want from you is to follow my instructions.
If the computer is clean or not we'll see.
Broni you are incredible..I have learned so much from you and this worked too ..you are the man , the icons are there and looks good now what
so what was it that grabed this computer?
I'm glad to hear good news :)
I don't think your computer is totally clean though.
rKill, for instance, still shows some infection.
I think you're being impatient with Combofix.
Re-run it one more time.
Don't expect it to finish in 30 seconds as it won't happen.
As long as computer clock is running keep Combofix running.
not impatiant here at all..combofix giving me error though saying it is outdated even using ur links