[Inactive] [A] System Check Virus

mikeinsc81 · Jan 10, 2012

Hey all, looks like I have the System Check virus. I have done the Malwarebytes scan, and avast, and it now looks like I have limited access (web browsing, etc) so I'm able to paste these logs. Thanx so much for all your help!

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mikey :: BLACK-ROCK [administrator]

Protection: Enabled

1/10/2012 1:18:45 AM
mbam-log-2012-01-10 (01-18-45).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350064
Time elapsed: 6 hour(s), 26 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Privacy Protection (Rogue.PrvacyProtect) -> Data: C:\Documents and Settings\All Users\Application Data\privacy.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 21
C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\ConvertXToDVD 3.1.3.40d\ConvertXToDVD 3.1.3.40d\keYgeN\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\WinRAR Torrent\WinRAR 3.71 Corporate Edition.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\Xingtone.Ringtone.Maker.v4.2.16-TE\Crack\XingtoneRingtoneMaker4x_GOLD_Crack_b3.exe (RiskWare.Tool.CK) -> No action taken.
C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\quick time keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\GAMES\iPhone\Sonic.The.Hedgehog.v1.0.iPhone.iPod.Touch-COREPDA\cr-son10\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
C:\GAMES\iPhone\The.Secret.Of.Monkey.Island.Special.Edition.v1.0.iPhone.iPod.Touch-COREPDA\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
C:\GAMES\On E Drive\Games\Empire Earth II\rld-ee2kg.exe (Trojan.Downloader) -> No action taken.
C:\GAMES\On E Drive\Games\Hitman - Codename 47\Hitman.Exe (Trojan.FakeAlert) -> No action taken.
C:\GAMES\On E Drive\Games\Hitman - Codename 47\BACKUP\Hitman.exe (Trojan.FakeAlert) -> No action taken.
C:\GAMES\On E Drive\Games\LucasArts\Star Wars Battlefront II\GameData\pztrain.exe (Malware.Gen) -> No action taken.
C:\GAMES\On E Drive\Games\LucasArts\Star Wars Battlefront II\TRAINERS\StarWarsBattlefront2PLUS9Trainer\pztrain.exe (Malware.Gen) -> No action taken.
C:\GAMES\On E Drive\Games\LucasArts\SWKotOR2\BACKUP\StarWarsKnightsOfTheOldRepublic2SithLordsPLUS18Trainer\agskttrn.exe (Malware.Packer.as) -> No action taken.
C:\GAMES\On E Drive\Games\Rockstar Games\GrandTheftAutoSanAndreasPLUS27Trainer\pztrain.exe (Malware.Gen) -> No action taken.
C:\Torrentz\Torrent Downloadz\ConvertXToDVD 3.1.3.40d\ConvertXToDVD 3.1.3.40d\keYgeN\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Torrentz\Torrent Downloadz\WinRAR Torrent\WinRAR 3.71 Corporate Edition.exe (Trojan.Dropper) -> No action taken.
C:\Torrentz\Torrent Downloadz\Xingtone.Ringtone.Maker.v4.2.16-TE\Crack\XingtoneRingtoneMaker4x_GOLD_Crack_b3.exe (RiskWare.Tool.CK) -> No action taken.
C:\Torrentz\Torrent Downloadz\quick time keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Torrentz\Torrent Downloadz\Nero 8.3.2.1 + Keygen - HeartBug\Keygen\keygen.exe (Trojan.Agent) -> No action taken.
C:\Torrentz\WinRAR 4.01 + Keygen Forever\keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\System Volume Information\_restore{76FA9A9F-899F-444A-A40D-6C3EF9E95007}\RP167\A0037804.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{76FA9A9F-899F-444A-A40D-6C3EF9E95007}\RP167\A0037805.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-10 11:46:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD20EARS-07MVWB0 rev.51.0AB51
Running: l7jtmsjv.exe; Driver: C:\DOCUME~1\Mikey\LOCALS~1\Temp\ugryiaog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA6EDABDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA6EDAA45]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA6F577A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Mikey at 11:48:58 on 2012-01-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2077 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program

files\somototoolbar\vmntemplateX.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast

software\avast\aswWebRepIE.dll
BHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} -

c:\progra~1\videod~1\VIDEOD~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program

files\somototoolbar\vmntemplateX.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast

software\avast\aswWebRepIE.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\mikey\local settings\application

data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program

files\bonjour\ExplorerPlugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D5C0433E-FD51-46E2-A801-BFB0C915C7C8} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mikey\application

data\mozilla\firefox\profiles\wozqpz80.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\mikey\application

data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlayS

ushiFF.dll
FF - plugin: c:\documents and settings\mikey\local settings\application

data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\mikey\local settings\application

data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-9 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-9 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-22

239168]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18

165648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-9 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-9

44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-8

652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-8 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-10 40776]
S1 MpKsl40c1afd9;MpKsl40c1afd9;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl40c1afd9.sys --> c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl40c1afd9.sys [?]
S1 MpKsl472e53ba;MpKsl472e53ba;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl472e53ba.sys --> c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl472e53ba.sys [?]
S1 MpKsl6a88b5d0;MpKsl6a88b5d0;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl6a88b5d0.sys --> c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl6a88b5d0.sys [?]
S1 MpKsl71a10131;MpKsl71a10131;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl71a10131.sys --> c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl71a10131.sys [?]
S1 MpKsl8accf6df;MpKsl8accf6df;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl8accf6df.sys --> c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl8accf6df.sys [?]
S1 MpKslc4309008;MpKslc4309008;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpkslc4309008.sys --> c:\documents and settings\all

users\application data\microsoft\microsoft antimalware\definition

updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKslc4309008.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
UnknownUnknown mcpxrbar;mcpxrbar; [x]
.
=============== Created Last 30 ================
.
2012-01-10 19:47:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-10 19:00:54 56200 ----a-w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{9efcc7d4-9608-4754-b544-a9b791528f83}\offreg.dll
2012-01-10 08:35:52 6823496 ----a-w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{9efcc7d4-9608-4754-b544-a9b791528f83}\mpengine.dll
2012-01-09 21:06:27 -------- d-----w- c:\documents and settings\mikey\application

data\Malwarebytes
2012-01-09 08:33:46 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-09 08:33:23 41184 ----a-w- c:\windows\avastSS.scr
2012-01-09 08:33:06 -------- d-----w- c:\program files\AVAST Software
2012-01-09 08:33:06 -------- d-----w- c:\documents and settings\all users\application

data\AVAST Software
2012-01-09 07:43:24 -------- d-----w- c:\documents and settings\all users\application

data\Malwarebytes
2012-01-09 07:43:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-09 07:43:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-09 06:02:22 522766 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-02 06:13:03 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-02 06:13:03 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-02 06:13:03 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-02 06:13:02 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-15 07:52:35 -------- d--h--w- c:\program files\Elder Scrolls III - Morrowind
2011-12-15 07:52:20 -------- d--h--w- c:\program files\Morrowind
2011-12-15 00:02:07 -------- d--h--w- c:\program files\Risk Factions
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-22 18:42:52 239168 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-06 14:12:26 28 ---ha-w- c:\windows\system32\vfw_32.reg
2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ---ha-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2011-10-22 23:06:18 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 11:13:22 186880 ---ha-w- c:\windows\system32\encdec.dll
.
============= FINISH: 11:50:49.79 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/23/2011 10:35:08 PM
System Uptime: 1/10/2012 11:00:16 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GX297
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Microprocessor | 1794/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1863 GiB total, 801.006 GiB free.
D: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 10/11/2011 12:50:23 PM - System Checkpoint
RP65: 10/12/2011 4:12:10 AM - Installed Jordy Video Downloader 1.03.
RP66: 10/13/2011 6:00:29 AM - System Checkpoint
RP67: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0
RP68: 10/15/2011 3:52:08 AM - System Checkpoint
RP69: 10/15/2011 7:30:48 PM - Installed Adobe Reader X (10.1.1).
RP70: 10/16/2011 8:13:24 PM - System Checkpoint
RP71: 10/17/2011 8:33:17 PM - System Checkpoint
RP72: 10/18/2011 8:45:17 PM - System Checkpoint
RP73: 10/19/2011 9:33:17 PM - System Checkpoint
RP74: 10/21/2011 12:12:26 AM - System Checkpoint
RP75: 10/22/2011 7:12:45 AM - System Checkpoint
RP76: 10/23/2011 7:34:33 AM - System Checkpoint
RP77: 10/24/2011 3:00:16 AM - Software Distribution Service 3.0
RP78: 10/25/2011 4:10:44 AM - System Checkpoint
RP79: 10/26/2011 9:09:03 AM - System Checkpoint
RP80: 10/27/2011 10:06:17 PM - System Checkpoint
RP81: 10/28/2011 10:42:49 PM - System Checkpoint
RP82: 10/30/2011 5:19:12 AM - System Checkpoint
RP83: 10/31/2011 5:50:59 AM - System Checkpoint
RP84: 11/1/2011 5:59:43 AM - System Checkpoint
RP85: 11/2/2011 8:19:40 AM - System Checkpoint
RP86: 11/3/2011 8:33:39 AM - System Checkpoint
RP87: 11/4/2011 11:18:57 AM - System Checkpoint
RP88: 11/4/2011 10:41:55 PM - Installed Bonjour
RP89: 11/5/2011 9:51:01 PM - System Checkpoint
RP90: 11/6/2011 6:08:30 AM - Installed Xingtone Ringtone Maker
RP91: 11/7/2011 10:16:55 AM - System Checkpoint
RP92: 11/8/2011 1:55:41 PM - System Checkpoint
RP93: 11/9/2011 3:00:15 AM - Software Distribution Service 3.0
RP94: 11/10/2011 7:34:29 AM - System Checkpoint
RP95: 11/11/2011 7:57:41 AM - System Checkpoint
RP96: 11/11/2011 2:09:30 PM - Installed ISO Recorder
RP97: 11/12/2011 3:00:16 AM - Software Distribution Service 3.0
RP98: 11/13/2011 4:04:12 AM - System Checkpoint
RP99: 11/14/2011 4:34:55 AM - System Checkpoint
RP100: 11/15/2011 4:57:52 AM - System Checkpoint
RP101: 11/16/2011 5:08:08 AM - System Checkpoint
RP102: 11/17/2011 5:57:43 AM - System Checkpoint
RP103: 11/17/2011 6:17:58 PM - Removed Jordy Video Downloader 1.03.
RP104: 11/18/2011 6:26:56 PM - System Checkpoint
RP105: 11/19/2011 6:27:28 PM - System Checkpoint
RP106: 11/20/2011 9:22:18 PM - System Checkpoint
RP107: 11/21/2011 9:25:50 PM - System Checkpoint
RP108: 11/22/2011 10:52:09 AM - Installed DirectX
RP109: 11/23/2011 3:00:14 AM - Software Distribution Service 3.0
RP110: 11/24/2011 5:12:04 AM - System Checkpoint
RP111: 11/25/2011 5:39:51 AM - System Checkpoint
RP112: 11/25/2011 10:28:05 PM - Restore Operation
RP113: 11/27/2011 12:52:04 AM - System Checkpoint
RP114: 11/28/2011 5:08:55 AM - System Checkpoint
RP115: 11/29/2011 8:02:46 AM - System Checkpoint
RP116: 11/30/2011 2:07:23 PM - System Checkpoint
RP117: 11/30/2011 11:09:23 PM - Software Distribution Service 3.0
RP118: 11/30/2011 11:15:41 PM - Installed AVG 2012
RP119: 11/30/2011 11:17:02 PM - Installed AVG 2012
RP120: 12/2/2011 6:08:49 PM - Software Distribution Service 3.0
RP121: 12/4/2011 8:02:38 PM - Removed AVG 2012
RP122: 12/4/2011 8:06:44 PM - Removed AVG 2012
RP123: 12/5/2011 3:00:17 AM - Software Distribution Service 3.0
RP124: 12/5/2011 12:40:33 PM - Software Distribution Service 3.0
RP125: 12/6/2011 12:33:10 PM - Software Distribution Service 3.0
RP126: 12/7/2011 12:41:00 PM - Software Distribution Service 3.0
RP127: 12/8/2011 12:35:43 PM - Software Distribution Service 3.0
RP128: 12/9/2011 12:30:11 PM - Software Distribution Service 3.0
RP129: 12/10/2011 6:07:23 PM - Software Distribution Service 3.0
RP130: 12/11/2011 2:04:37 AM - Software Distribution Service 3.0
RP131: 12/12/2011 2:09:10 AM - System Checkpoint
RP132: 12/12/2011 9:11:14 AM - Software Distribution Service 3.0
RP133: 12/13/2011 9:10:22 AM - Software Distribution Service 3.0
RP134: 12/14/2011 9:11:29 AM - Software Distribution Service 3.0
RP135: 12/14/2011 11:52:47 PM - Installed Morrowind
RP136: 12/15/2011 12:20:30 AM - Installed Bloodmoon
RP137: 12/15/2011 12:36:20 AM - Installed Tribunal
RP138: 12/15/2011 3:00:16 AM - Software Distribution Service 3.0
RP139: 12/15/2011 12:26:47 PM - Software Distribution Service 3.0
RP140: 12/16/2011 12:08:49 PM - Software Distribution Service 3.0
RP141: 12/17/2011 12:08:50 PM - Software Distribution Service 3.0
RP142: 12/18/2011 1:43:12 AM - Software Distribution Service 3.0
RP143: 12/18/2011 12:08:50 PM - Software Distribution Service 3.0
RP144: 12/19/2011 12:08:47 PM - Software Distribution Service 3.0
RP145: 12/20/2011 12:08:48 PM - Software Distribution Service 3.0
RP146: 12/21/2011 12:08:49 PM - Software Distribution Service 3.0
RP147: 12/22/2011 12:08:56 PM - Software Distribution Service 3.0
RP148: 12/23/2011 12:08:50 PM - Software Distribution Service 3.0
RP149: 12/24/2011 12:40:52 PM - System Checkpoint
RP150: 12/25/2011 2:07:34 AM - Software Distribution Service 3.0
RP151: 12/25/2011 6:35:05 AM - Software Distribution Service 3.0
RP152: 12/26/2011 6:35:03 AM - Software Distribution Service 3.0
RP153: 12/27/2011 6:35:02 AM - Software Distribution Service 3.0
RP154: 12/28/2011 6:35:05 AM - Software Distribution Service 3.0
RP155: 12/29/2011 6:36:48 AM - Software Distribution Service 3.0
RP156: 12/30/2011 6:34:59 AM - Software Distribution Service 3.0
RP157: 12/31/2011 6:34:56 AM - Software Distribution Service 3.0
RP158: 1/1/2012 1:38:46 AM - Software Distribution Service 3.0
RP159: 1/1/2012 4:17:46 PM - Software Distribution Service 3.0
RP160: 1/2/2012 4:17:41 PM - Software Distribution Service 3.0
RP161: 1/3/2012 4:17:41 PM - Software Distribution Service 3.0
RP162: 1/4/2012 4:17:44 PM - Software Distribution Service 3.0
RP163: 1/5/2012 4:17:50 PM - Software Distribution Service 3.0
RP164: 1/6/2012 4:18:05 PM - Software Distribution Service 3.0
RP165: 1/7/2012 3:00:16 AM - Software Distribution Service 3.0
RP166: 1/8/2012 3:39:37 AM - System Checkpoint
RP167: 1/8/2012 5:43:26 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
clrmamepro
DAEMON Tools Lite
Dell Resource CD
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 27
K-Lite Codec Pack 7.7.0 (Standard)
Malwarebytes Anti-Malware version 1.60.0.1800
Metroid Other M Screensaver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Platform Installer 3.0
Morrowind
Mozilla Firefox 9.0.1 (x86 en-US)
MP3 Splitter & Joiner 3.27
MP3 To Ringtone Gold 3.18
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SoundMAX
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Download FileBulldog Toolbar
Video Download Toolbar 2.1.0.0
VLC media player 1.1.11
WBFS Manager 3.0
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
Xingtone Ringtone Maker
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc

with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/9/2012 12:33:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service MSIServer with arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}
1/8/2012 7:07:29 PM, information: Windows File Protection [64002] - File replacement was

attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored

to the original version to maintain system stability. The file version of the system file is

5.1.2600.6024.
1/8/2012 2:12:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has

encountered an error trying to update signatures. New Signature Version:

Previous Signature Version: 1.117.2398.0 Update Source: Microsoft Update Server Update

Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update

Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine

Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem

occurred while checking for updates. For information on installing or troubleshooting updates,

see Help and Support.
1/8/2012 11:39:10 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: Fips intelppm MpFilter
1/8/2012 11:39:10 PM, error: Service Control Manager [7024] - The Workstation service

terminated with service-specific error 2250 (0x8CA).
1/8/2012 11:39:10 PM, error: Service Control Manager [7023] - The System Restore Service

service terminated with the following error: Access is denied.
1/8/2012 11:39:10 PM, error: Service Control Manager [7001] - The Computer Browser service

depends on the Workstation service which failed to start because of the following error: The

service has returned a service-specific error code.
1/8/2012 11:38:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2012 11:38:31 PM, error: SRService [104] - The System Restore initialization process

failed.
1/8/2012 11:38:25 PM, error: Workstation [5727] - Could not load RDR device driver.
1/8/2012 10:58:17 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was

unable to request an operation of the kernel-mode translation module. This may indicate

misconfiguration, insufficient resources, or an internal error. The data is the error code.
1/8/2012 10:38:37 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter NetBIOS NetBT RasAcd

Rdbss Tcpip
1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper

service depends on the AFD service which failed to start because of the following error: A

device attached to the system is not functioning.
1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The IPSEC Services service

depends on the IPSEC driver service which failed to start because of the following error: A

device attached to the system is not functioning.
1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The DNS Client service depends

on the TCP/IP Protocol Driver service which failed to start because of the following error: A

device attached to the system is not functioning.
1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends

on the NetBios over Tcpip service which failed to start because of the following error: A

device attached to the system is not functioning.
1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The Bonjour Service service

depends on the TCP/IP Protocol Driver service which failed to start because of the following

error: A device attached to the system is not functioning.
1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The Apple Mobile Device service

depends on the TCP/IP Protocol Driver service which failed to start because of the following

error: A device attached to the system is not functioning.
1/7/2012 3:13:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during

DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS

lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)
.
==== End Of File ===========================

My apologies if I forgot anything!

Broni · Jan 10, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Please disable "word wrap" in Notepad as your logs are hard to read.

Are you saying you don't have internet connection or you do?

mikeinsc81 · Jan 10, 2012

Thanx for the reply, sorry about the word wrap. I do have an internet connection.

The "System Check" console and the errors no longer appear, but my desktop icons, and items in the Windows Explorer are still hidden.

i recall reading about some sort of "un-hider" in other people's solutions, but I'll wait until you let me know if it's necessary or not. Thanx!

Broni · Jan 10, 2012

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

mikeinsc81 · Jan 12, 2012

It appears that UnHide has worked and things are back to normal! Thanx so much Broni for all of your help, and for the help you provide others!! =)

Broni · Jan 12, 2012

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

...

TechSpot

[Inactive] [A] System Check Virus

mikeinsc81 Newcomer, in training

Broni Malware Annihilator

mikeinsc81 Newcomer, in training

Broni Malware Annihilator

mikeinsc81 Newcomer, in training

Broni Malware Annihilator