Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Checking to see if I'm free of this boot sector virus

This is a discussion on Checking to see if I'm free of this boot sector virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I was looking for Justin Bieber pictures to use for a youth conference presentation (you can laugh at me now)


Reply
 
Thread Tools Search this Thread
Old 02-16-2012, 05:19 AM   #1
Registered Member
 
Join Date: Aug 2004
Posts: 191
OS: Windows 8 Pro



I was looking for Justin Bieber pictures to use for a youth conference presentation (you can laugh at me now) when I must of gotten some sort of boot sector virus. Long story short, it corrupted some boot files and Windows wouldn't go past the system recovery screen. After a handful of failed attempts I eventually gave up and reinstalled Windows. Now I'm hoping if someone can tell me if it's actually gone or still buried in my system somewhere.

Also note: It appeared to have destroyed my boot for Windows 8 Developer Preview. The partition is still there. Should I do a separate screen on just that partition?

Windows 7 Ultimate SP1

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by CDG at 7:49:15 on 2012-02-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3325.1946 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\D-Link\DWA-130 revD\wirelesscm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Speckie: {8ce7f568-67fa-4432-ba39-f5afd68e7b8b} - c:\users\cdg\appdata\roaming\speckie\bin32\Speckie32.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 revd\wirelesscm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\cdg\appdata\roaming\speckie\bin32\Speckie32.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1EB51201-332C-45B0-9134-E60EA36FB8CE} : DhcpNameServer = 192.168.0.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-2-15 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-5 163328]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-12-5 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-2-15 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-5 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-5 264192]
R3 arusb_lh;Atheros 11n Wireless LAN device driver;c:\windows\system32\drivers\arusb_lh.sys [2012-2-15 436224]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\dwa-130 revd\jswpsapi.exe [2012-2-15 954368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-2-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-16 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-02-16 12:48:28 -------- d-----w- c:\windows\system32\Wat
2012-02-16 12:03:52 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-02-16 12:01:48 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-02-16 06:56:45 -------- d-----w- c:\windows\system32\SPReview
2012-02-16 06:56:35 -------- d-----w- c:\windows\system32\EventProviders
2012-02-16 06:51:59 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-02-16 06:48:47 1699328 ----a-w- c:\windows\system32\esent.dll
2012-02-16 06:39:03 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-16 06:39:03 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-16 06:39:03 107520 ----a-w- c:\windows\system32\cdd.dll
2012-02-16 05:47:32 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b333d744-bc6e-4163-b2c4-c428603bfb63}\gapaengine.dll
2012-02-16 05:47:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ab60626-232d-488c-9929-336494265382}\mpengine.dll
2012-02-16 05:45:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-16 04:54:49 -------- d-----w- c:\windows\Panther
2012-02-16 03:51:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 03:34:21 -------- d--h--w- C:\kleaner.tmp
2012-02-16 03:26:43 -------- d-----w- c:\program files\WOT
2012-02-16 03:23:36 -------- d-----r- c:\users\cdg\Podcasts
2012-02-16 03:03:20 -------- d-----w- c:\windows\PCHEALTH
2012-02-16 02:52:48 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-02-16 02:52:43 -------- d-----w- c:\windows\System64
2012-02-16 02:52:42 -------- d-----w- c:\users\cdg\appdata\roaming\Speckie
2012-02-16 02:50:07 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-02-16 02:50:07 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-02-16 02:50:07 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-02-16 02:50:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 02:48:45 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-02-16 02:48:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-02-16 02:48:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-02-16 02:48:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-16 02:48:38 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-16 02:48:38 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-02-16 02:48:32 741376 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-16 02:48:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-16 02:46:59 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-16 02:46:59 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-16 02:46:42 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-02-16 02:46:42 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-02-16 02:46:39 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-02-16 02:46:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-02-16 02:43:10 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 02:42:26 -------- d-----w- c:\users\cdg\appdata\roaming\Malwarebytes
2012-02-16 02:35:58 -------- d-----w- c:\users\cdg\appdata\local\AMD
2012-02-16 02:35:42 -------- d-----w- c:\users\cdg\appdata\local\ATI
2012-02-16 02:34:34 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-16 02:25:45 -------- d-----w- c:\program files\AMD APP
2012-02-16 02:25:42 -------- d-----w- c:\program files\common files\ATI Technologies
2012-02-16 02:25:07 -------- d-----w- c:\programdata\AMD
2012-02-16 02:25:02 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-02-16 02:24:41 -------- d-sh--w- c:\windows\Installer
2012-02-16 02:24:41 -------- d-----w- c:\program files\ATI
2012-02-16 02:24:21 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{19c92f3a-ed6f-4a29-ba05-0d22db6e6fd4}\mpengine.dll
2012-02-16 02:24:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:24:17 -------- d-----w- c:\program files\ATI Technologies
2012-02-16 02:23:20 -------- d-----w- C:\AMD
2012-02-16 02:13:16 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2012-02-16 02:13:14 436224 ----a-w- c:\windows\system32\drivers\arusb_lh.sys
2012-02-16 02:13:14 -------- d-----w- c:\program files\D-Link
2012-02-16 02:13:13 -------- d-----w- c:\windows\pcidevice
2012-02-16 02:13:07 -------- d-----w- C:\temp
2012-02-16 02:11:17 -------- d-----w- c:\windows\system32\wbem\Performance
2012-02-16 02:08:01 -------- d-----w- c:\users\cdg\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-02-16 12:15:09 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-06 03:44:22 9067008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:17:50 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- c:\windows\system32\aticfx32.dll
2011-12-06 03:12:52 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12:16 404992 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11:44 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10:30 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-12-06 03:10:12 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-12-06 03:09:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-12-06 0338 6159872 ----a-w- c:\windows\system32\atidxx32.dll
2011-12-06 03:04:00 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-12-06 03:03:52 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-12-06 03:03:04 14499328 ----a-w- c:\windows\system32\amdocl.dll
2011-12-06 03:02:16 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-06 02:56:40 19125760 ----a-w- c:\windows\system32\atioglxx.dll
2011-12-06 02:39:24 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-12-06 02:34:24 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-12-06 02:34:14 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-12-06 02:33:36 5919232 ----a-w- c:\windows\system32\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- c:\windows\system32\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- c:\windows\system32\atiumdva.dll
2011-12-06 02:18:42 51200 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:12:50 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12:34 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12:22 33280 ----a-w- c:\windows\system32\atigktxx.dll
2011-12-06 02:11:50 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11:16 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2011-12-06 02:11:02 29696 ----a-w- c:\windows\system32\atiu9pag.dll
2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
============= FINISH: 7:49:35.10 ===============
Attached Files
File Type: zip Attach.zip (4.4 KB, 4 views)

__________________
NeverSpoken is offline   Reply With Quote
Old 02-26-2012, 05:12 AM   #2
Registered Member
 
Join Date: Aug 2004
Posts: 191
OS: Windows 8 Pro



Forgot, before reinstalling I did bootrec.exe /fixmbr and /fixboot. I was also told that resetting the CMOS would help, but I doubt that's necessary since everything appears to be working fine so far. Recent virus scans have turned up nothing. I also deleted my old Win 8 preview and reinstalled it again (formatted and then reused the same partition).
__________________
NeverSpoken is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Inspiron 1521 Won't boot
I have a Inspiron 1521 that I recently formatted and put Win XP on it. The laptop ran great for a few days but when I tried installing a printer it shut down. When I tried to start it again it keeps going to the boot menu. No matter what option I push it brings up the Dell screen and right back...
Jwaters43 Laptop Support 7 02-17-2012 03:50 PM
how to use tata photon wirelessly
Sir I have Tata Photon Plus USB dongle (Model: Olive HSIA USB Modem V-ME102). I need to use it wirelessly in my house. please recommend WiFi router compatible with it along with specification and price. Thanks Chandan Jha
chandanjha1015 Networking Support 1 02-16-2012 04:51 AM
Shortcut Virus
Hi Guys Recent i realized that i got a virus on my external drive, it is a WD Smartware drive. I realize it was infected with the shortcut virus. I read some information on the virus and the info that was given to me was to try attrib -h -r -s /s /d g:\*.* in command prompt. However i only...
Riccardo_Reid Inactive Malware Help Topics 0 02-16-2012 04:41 AM
want to block bcc
Dear sir i using win 2003 server and clients using win xp and 7,i want to block bcc for all my clients system using active directory method(gpo).. kindly help me
gajendran Microsoft Office support 0 02-16-2012 02:01 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:44 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts