MBR plus wha? Issues

The relevant window opens, "serchbar" moves across the adress line, but the window is never filled with the relevant items and remains blank.

Actual printing is malfunctioning too: atempts to print will hang the application from which the priting is attempted.

This symptom dos not persist after using post #9 script.

 

I should perhaps add that windows update is also not functional now.

 

Stop running any of the previous fixes, I posted. You may think they are helping, but eventually you are going to break something I can't fix.

Press the Windows Key + R on your keyboard and type this command: regedit

The Windows Registry Editor will open. Navigate to the following Registry Key:

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers

There should only be 2 subKeys under that registery key: "Internet Print Provider" and "LanMan Print Services" delete any other subKeys present.

Do not delete anything in the right window pane and do not delete anything under the "Internet Print Provider" and "LanMan Print Services" subKeys.

Reboot and try to open Printer & Faxes in the control panel.

 

Nothing there to delete besides "Internet Print Provider" and "LanMan Print Services".
After reboot symptoms are unchanged.

 

OK, let's look for RootKit's.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

• Please download GMER from one of the following locations, and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    Alternate Zip Mirror 2
    Alternate Zip Mirror 3
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• Double click http://billy-oneal.com/forums/gmer/gmerRandomIcon.png or http://billy-oneal.com/forums/gmer/gmerDesktopIcon.png on your desktop. If you are using Vista, please right-click and select run as administrator
• When you have done this, close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Allow the gmer.sys driver to load if asked.

If it detects rootkit activity, you will receive a prompt to run a full scan. Click NO.

• In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show all (Don't miss this one!)
• Click on http://billy-oneal.com/forums/gmer/btnScan.png and wait for the scan to finish.
• If you see a rootkit warning window, click OK.
• Push http://billy-oneal.com/forums/gmer/btnSave.png and save the logfile to your desktop.
• Attach the GMER log.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on <--- ROOKIT entries

 

No positives.

 

The gmer log is completely empty.

 

I agree.

 

It shouldn't be empty.

 

Changing tactics.

Download Windows Repair by Tweaking.com to your desktop.

• Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
• Now open this folder and double-click Repair_Windows.exe.
• Click the Start Repairs tab on the far right.
• Click Custom Mode so there is a bullet in it.
• Click the Start button (bottom right)
  Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
• Click Unselect All
• Put a checkmark in the following items:
  • Reset Registry Permissions
  • Reset File Permissions
  • Remove Policies Set By Infections
  • Repair Windows Updates
  • Set Windows Services To Default Startup
  Note: Leave everything else unchecked
• Put a checkmark in Restart System When Finished
• Now click the Start button (bottom right)

 

Ok.

No idea why its empty.

 

Had to manually reboot it, but it is now installing updates.

 

Still having problems with Printers & Faxes in the Control Panel?

 

Yes. And Microsoft Security wont update citing "connection failure".


Services.exe is running 886.740 Kb of mem, and some system process is using a core at 50%.

Controlpanel for printers and faxes stil dosn't show anything but a searchbar and a white window.
Network (local) doesnt seem to work either.


On the bright side: Browser is running fine now, even flash video is functional.
Windows update is back online and all important updates are done.

 

Let's make sure this isn't a permissions issue.

To reset permissions to system defaults, do the following:
Start -> All Programs -> Accessories -> Right click "Command Prompt" -> "Run as administrator"
Click"OK" on any alerts.

The Command Console will open

Enter the following commands, at the Command Prompt. The commands must be entered exactly as shown.

Press the Enter Key after the command. Wait for each command to finish before proceeding to the next command.

Code:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
exit

This will take some time to run.

Any change?

 

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
exit

Der opstod en udvided fejl.

Opgave blev udført med en fejl.
Der er flere oplysninger i logfilen %windir%\security\logs\scesrv.log.

Translation:
En exeteded error occured.

The task was executed with an error.
There are more information in the logfile %windir%\security\logs\scesrv.log.

No visible change in behaviour:
No acces to printer panel, printing from applications hang the applications, no acces to network, no updating of MS Security Essentials.

 

Download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

 

Do you perhaps mean the root of my d: drive?

 

This one seems to get around some of what stopped the old one.

What is your take on present situation?
Is there still a risk of infecting other systems?
Are the HDs MBR infected or clean?

I got a SSD a few days back and trying to plan how to get essential data from this to new system.

Edit:
Preliminary: System seems to be back to health now...

 

Other than the Printers & Faxes issue, earlier, everything else appears to be fine.

The MBR's appear to OK and there is no other signs of infection.