also @ TechSpot: Metro: Last Light Performance, Benchmarked

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Followed the 8 Steps for malware removal, posting results

Discussion in 'Virus and Malware Removal' started by mikmik12, Oct 12, 2010.

Page 2 of 4

crunchie Malware Helper Posts: 761
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL [2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll [2010/10/13 21:18:34 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll :Commands [purity] [emptyflash] [emptytemp] [resethosts] [clearallrestorepoints] [Reboot]

Then click the Run Fix button at the top.

Let the program run unhindered, reboot the PC when it is done.

Post log from this run.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
crunchie, Oct 15, 2010

#21
mikmik12 Newcomer, in training Posts: 49

All processes killed
========== OTL ==========
C:\WINDOWS\system32\jkhifc.dll moved successfully.
File C:\WINDOWS\System32\jkhifc.dll not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bec
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: Mike
->Flash cache emptied: 2279 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Bec
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mike
->Temp folder emptied: 1739888 bytes
->Temporary Internet Files folder emptied: 8409355 bytes
->Java cache emptied: 5400 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 24162944 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5978960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6154048 bytes

Total Files Cleaned = 44.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.15.2 log created on 10152010_072307

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF4E3A.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF5863.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF5923.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF59DC.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF59F4.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF5AE4.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF5AFC.tmp not found!
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\VF67K1WK\ads[3].htm moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\VF67K1WK\topic154745-2[1].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\7VJUI22R\sh24[1].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

mikmik12, Oct 15, 2010

#22
mikmik12 Newcomer, in training Posts: 49

What do you think?

OTL logfile created on: 10/15/2010 7:28:35 AM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 542.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 46.29 Gb Free Space | 31.07% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 109.21 Gb Free Space | 73.27% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/06/16 23:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/10/15 07:23:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [jkhededrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [byvwtsdrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/15 07:27:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/14 11:54:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 21:02:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/08/29 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Civic
[2010/08/29 10:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\House pics
[2010/08/29 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Food
[2010/08/21 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Grace Photos
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Intelli-studio
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/01 16:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Famly Exp reports
[2010/08/01 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Laurel Ln
[2010/08/01 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Resume
[2010/08/01 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Year in Review

========== Files - Modified Within 90 Days ==========

[2010/10/15 07:25:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 07:25:33 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 07:25:33 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:23:29 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/15 07:23:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/15 07:23:09 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/13 18:32:44 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/03 12:05:17 | 000,002,161 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 21:27:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:07 | 000,017,055 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/05 01:39:18 | 002,175,830 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/03 08:18:03 | 001,948,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/26 09:50:30 | 001,973,253 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/08/22 05:45:36 | 001,954,759 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/08/22 05:28:26 | 002,162,198 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/08/21 12:31:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 07:50:00 | 000,319,644 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/16 04:12:42 | 000,326,999 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/08/14 15:56:49 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/13 15:36:38 | 000,314,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/08/10 12:14:42 | 025,251,654 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/08/04 08:27:05 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Loan calculator.xls

========== Files Created - No Company Name ==========

[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 18:32:37 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:40 | 000,017,055 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/06 15:57:55 | 002,175,830 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/04 20:25:50 | 000,326,999 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/09/04 20:08:10 | 000,314,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/09/04 20:05:55 | 002,162,198 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/09/04 20:05:48 | 001,954,759 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/09/04 20:05:27 | 001,973,253 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/09/03 08:18:02 | 001,948,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/21 12:54:22 | 000,319,644 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/21 12:31:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 19:41:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/14 15:56:49 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/10 12:14:38 | 025,251,654 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,161 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

mikmik12, Oct 15, 2010

#23
crunchie Malware Helper Posts: 761
One more for luck

==

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:Files C:\WINDOWS\System32\jkhifc.dll :OTL O4 - HKLM..\Run: [jkhededrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org) O4 - HKCU..\Run: [byvwtsdrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org) [2010/10/15 07:23:09 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll [2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll :Commands [emptytemp] [resethosts] [Reboot]

Then click the Run Fix button at the top.

Let the program run unhindered, reboot the PC when it is done.

Post log from this run.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==================

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
crunchie, Oct 15, 2010

#24
mikmik12 Newcomer, in training Posts: 49

All processes killed
========== FILES ==========
C:\WINDOWS\System32\jkhifc.dll moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jkhededrv deleted successfully.
File C:\WINDOWS\System32\jkhifc.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\byvwtsdrv deleted successfully.
File C:\WINDOWS\System32\jkhifc.dll not found.
File C:\WINDOWS\System32\jkhifc.dll not found.
File C:\WINDOWS\System32\jkhifc.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bec
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 845172 bytes
->Temporary Internet Files folder emptied: 2650888 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.15.2 log created on 10152010_175050

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF1803.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF181C.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF191B.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF193A.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF1CC3.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF1E60.tmp not found!
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\R4T119LP\sh24[1].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\PV16B96I\7426[1].htm moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\87XNAQFO\topic154745-2[1].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

mikmik12, Oct 15, 2010

#25

mikmik12 Newcomer, in training Posts: 49

kaspersky website didn't produce a report...wil try to run again.

mikmik12, Oct 16, 2010

#26

mikmik12 Newcomer, in training Posts: 49

still no report, it said it was successful though. but i just did a google search and was redirected...which sucks! avira is not picking up on any malware currently. i'll try to get a report from kaspersky again.

mikmik12, Oct 16, 2010

#27
mikmik12 Newcomer, in training Posts: 49

no report, though it said it was successful

mikmik12, Oct 16, 2010

#28
crunchie Malware Helper Posts: 761
Please try the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.

You will need to temporarily Disable your current Anti-virus program.

Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.

When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner
• Panda Active Scan
• Trend Micro HouseCall
• F-Secure Online Virus Scanner

================

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
crunchie, Oct 16, 2010

#29
mikmik12 Newcomer, in training Posts: 49

Ran Panda...couldn't run ESET

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-10-17 14:51:19
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop 10.0.1.44 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@linksynergy[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@clickbank[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@counter.hitslink[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@www.burstbeacon[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@server.iad.liveperson[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@stat.onestat[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\mike\cookies\mike@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@adrevolver[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\bec\cookies\bec@target[1].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\tutrol.dll.vir.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\ssqnkk.dll.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
223355 HIGH MS10-069
223353 HIGH MS10-067
223352 HIGH MS10-066
223349 HIGH MS10-063
223346 HIGH MS10-061
;===================================================================================================================================================================================

mikmik12, Oct 17, 2010

#30
mikmik12 Newcomer, in training Posts: 49

can't seem to get the bookit remover to run. even after i have downloaded the 7-Zip. i've tried to extract it with no luck. any ideas?

mikmik12, Oct 17, 2010

#31
mikmik12 Newcomer, in training Posts: 49

Seems like 223355 HIGH MS10-069
223353 HIGH MS10-067
223352 HIGH MS10-066
223349 HIGH MS10-063
223346 HIGH MS10-061
are bad news.

mikmik12, Oct 17, 2010

#32
crunchie Malware Helper Posts: 761

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

crunchie, Oct 18, 2010

#33
mikmik12 Newcomer, in training Posts: 49

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B73000 \WINDOWS\system32\KDCOM.DLL
0xF7A83000 \WINDOWS\system32\BOOTVID.dll
0xF7544000 ACPI.sys
0xF7B75000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7533000 pci.sys
0xF7673000 isapnp.sys
0xF7C3B000 pciide.sys
0xF78F3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7683000 MountMgr.sys
0xF7514000 ftdisk.sys
0xF78FB000 PartMgr.sys
0xF7693000 VolSnap.sys
0xF74FC000 atapi.sys
0xF7435000 iaStor.sys
0xF76A3000 disk.sys
0xF76B3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7415000 fltmgr.sys
0xF7403000 sr.sys
0xF73ED000 DRVMCDB.SYS
0xF76C3000 PxHelp20.sys
0xF73D6000 KSecDD.sys
0xF7349000 Ntfs.sys
0xF731C000 NDIS.sys
0xF7302000 Mup.sys
0xF7763000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5ED5000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5EC1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5E80000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5E5C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79B3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5E34000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79BB000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7773000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B9B000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF64E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF64D4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5E11000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7D8A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF64C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B43000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5DFA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF64B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF64A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5DE9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6494000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79D3000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79DB000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6484000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79E3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B9D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5D8B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B4F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6464000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7783000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BA3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA110000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA0EC000 \SystemRoot\system32\drivers\portcls.sys
0xF77F3000 \SystemRoot\system32\drivers\drmk.sys
0xF6BF0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CCF000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BBD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A0B000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF7A13000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A1B000 \SystemRoot\System32\drivers\vga.sys
0xF7BBF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A23000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A2B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B13000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA051000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9FF8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9FD0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9FAA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9F88000 \SystemRoot\System32\drivers\afd.sys
0xF7813000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7823000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA9F35000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9EC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7843000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9E27000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B37000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7853000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BC7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7A4B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7A5B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF7893000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA8FF5000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xAA0D8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA0D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA849F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA81EC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C37000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B3B000 \SystemRoot\System32\drivers\Dxapi.sys
0xA824C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C83000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xA815F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF77D3000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7CFD000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA811F000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF7983000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7BCB000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7993000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xF79A3000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA8109000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA80F2000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA813B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7F0D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7ED0000 \SystemRoot\system32\drivers\wdmaud.sys
0xF77B3000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7BCF000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xA7838000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7397000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B91000 \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
0xA6AC7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1328 svchost.exe
1492 C:\WINDOWS\system32\spoolsv.exe
1544 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1612 svchost.exe
1836 C:\WINDOWS\explorer.exe
1988 C:\WINDOWS\system32\hkcmd.exe
1996 C:\WINDOWS\system32\igfxpers.exe
2020 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2036 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2044 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
140 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
128 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
180 C:\Program Files\Bonjour\mDNSResponder.exe
272 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
300 C:\WINDOWS\system32\Brmfrmps.exe
468 C:\WINDOWS\system32\igfxsrvc.exe
520 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
568 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
616 C:\WINDOWS\RTHDCPL.EXE
648 C:\Program Files\Common Files\Java\Java Update\jusched.exe
976 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
968 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1112 C:\Program Files\iTunes\iTunesHelper.exe
1304 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1536 C:\Program Files\Java\jre6\bin\jqs.exe
1564 C:\WINDOWS\system32\rundll32.exe
1460 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
1740 C:\WINDOWS\system32\ctfmon.exe
228 C:\WINDOWS\system32\svchost.exe
1160 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
2920 C:\Program Files\iPod\bin\iPodService.exe
2948 unsecapp.exe
3028 wmiprvse.exe
3272 alg.exe
4048 C:\WINDOWS\system32\svchost.exe
3264 C:\Program Files\Internet Explorer\iexplore.exe
3420 C:\Program Files\Internet Explorer\iexplore.exe
3848 C:\Program Files\Internet Explorer\iexplore.exe
4088 C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
3596 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
2640 C:\Program Files\Internet Explorer\iexplore.exe
3820 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721616PLA380, Rev: P22OAB3A
PhysicalDrive1 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

mikmik12, Oct 18, 2010

#34
mikmik12 Newcomer, in training Posts: 49

Crunchie- you out there?

mikmik12, Oct 19, 2010

#35
crunchie Malware Helper Posts: 761

Sorry, just got out of my sick bed. Got a killer flu .

====

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

crunchie, Oct 19, 2010

#36
mikmik12 Newcomer, in training Posts: 49

Being sick is just not fun...hope you feel better.

Here is the log after the first run:

3ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë½¾±8n | uƒÅâôÍ‹õƒÆIt8,tö*µ´‹ð¬< tü» ´ÍëòˆNèF s*þF€~t€~t*¶uÒ€FƒFƒV
è! s*¶ë¼>þ}Uªt€~ tÈ*·ë©‹üW‹õË¿ ŠV ´Ír#ŠÁ$?˜ŠÞŠüC÷ã‹Ñ†Ö±ÒîB÷â9V
w#r9Fs¸» |‹N‹V ÍsQOtN2äŠV ÍëäŠV `»ªU´AÍr6ûUªu0öÁt+a`j j ÿv
ÿvj h |jj´B‹ôÍaasOt2äŠV ÍëÖaùÃInvalid partition table Error loading operating system Missing operating system ,DcŒsôÐ Þþ?? Gx € þÿÿ†x vØž Uª

mikmik12, Oct 19, 2010

#37
mikmik12 Newcomer, in training Posts: 49

That last log doesn't seem right...let me know if I should run that again.

Then I rebooted and here is teh 2nd log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B73000 \WINDOWS\system32\KDCOM.DLL
0xF7A83000 \WINDOWS\system32\BOOTVID.dll
0xF7544000 ACPI.sys
0xF7B75000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7533000 pci.sys
0xF7673000 isapnp.sys
0xF7C3B000 pciide.sys
0xF78F3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7683000 MountMgr.sys
0xF7514000 ftdisk.sys
0xF78FB000 PartMgr.sys
0xF7903000 pavboot.sys
0xF7693000 VolSnap.sys
0xF74FC000 atapi.sys
0xF7435000 iaStor.sys
0xF76A3000 disk.sys
0xF76B3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7415000 fltmgr.sys
0xF7403000 sr.sys
0xF73ED000 DRVMCDB.SYS
0xF76C3000 PxHelp20.sys
0xF73D6000 KSecDD.sys
0xF7349000 Ntfs.sys
0xF731C000 NDIS.sys
0xF7302000 Mup.sys
0xF77D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6D3B000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6D27000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6CE6000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF79FB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6CC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A03000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6C9A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77E3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B9F000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF77F3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7803000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6C77000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A13000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7DAB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7813000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B3B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C60000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7823000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7833000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A1B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C4F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7843000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A23000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A2B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7853000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7BA9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BF1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B4F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7873000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7893000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA0C8000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA0A4000 \SystemRoot\system32\drivers\portcls.sys
0xF78B3000 \SystemRoot\system32\drivers\drmk.sys
0xF7B23000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D6D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A63000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF7A6B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A73000 \SystemRoot\System32\drivers\vga.sys
0xF7BC1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7913000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B2F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9F6D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9F14000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9EEC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9EC6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9EA4000 \SystemRoot\System32\drivers\afd.sys
0xF76F3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7703000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7943000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA9E51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9DE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7723000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9DBF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF6BD1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7733000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BCB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF794B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF795B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF7753000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA9CA4000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF6BC9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA098000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9AD9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8C2E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C2D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA0A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8C8E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D2D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8BA1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF77C3000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C98000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA8B61000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA8C5E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7B91000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA8C56000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xA8C4E000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA8B4B000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA8B34000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA8B8D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA894F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8872000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9AC9000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7BFB000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xA840A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7DB1000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7C25000 \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
0xA7B2E000 \SystemRoot\system32\drivers\kmixer.sys
0xF7BE3000 \SystemRoot\system32\drivers\splitter.sys
0xA7B0B000 \SystemRoot\system32\drivers\aec.sys
0xA821A000 \SystemRoot\system32\drivers\swmidi.sys
0xA7E2A000 \SystemRoot\system32\drivers\DMusic.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
680 csrss.exe
704 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
984 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1156 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1368 svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1596 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1688 svchost.exe
1896 C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
1932 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1956 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1984 C:\Program Files\Bonjour\mDNSResponder.exe
2020 C:\WINDOWS\system32\Brmfrmps.exe
120 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
176 C:\WINDOWS\explorer.exe
448 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
616 C:\Program Files\Java\jre6\bin\jqs.exe
792 C:\WINDOWS\system32\svchost.exe
1336 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1388 C:\WINDOWS\system32\wuauclt.exe
1712 C:\WINDOWS\system32\hkcmd.exe
1768 C:\WINDOWS\system32\igfxpers.exe
1824 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1844 C:\WINDOWS\system32\igfxsrvc.exe
1848 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
1876 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
168 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
300 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
408 C:\WINDOWS\RTHDCPL.EXE
428 C:\Program Files\Common Files\Java\Java Update\jusched.exe
460 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
520 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
572 C:\Program Files\iTunes\iTunesHelper.exe
1284 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1316 C:\WINDOWS\system32\rundll32.exe
1656 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
1796 C:\WINDOWS\system32\ctfmon.exe
2168 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
2940 unsecapp.exe
3268 wmiprvse.exe
3400 C:\Program Files\iPod\bin\iPodService.exe
3528 alg.exe
4076 C:\WINDOWS\system32\svchost.exe
2228 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721616PLA380, Rev: P22OAB3A
PhysicalDrive1 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

mikmik12, Oct 19, 2010

#38
mikmik12 Newcomer, in training Posts: 49

ran that again..here you go:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B73000 \WINDOWS\system32\KDCOM.DLL
0xF7A83000 \WINDOWS\system32\BOOTVID.dll
0xF7544000 ACPI.sys
0xF7B75000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7533000 pci.sys
0xF7673000 isapnp.sys
0xF7C3B000 pciide.sys
0xF78F3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7683000 MountMgr.sys
0xF7514000 ftdisk.sys
0xF78FB000 PartMgr.sys
0xF7903000 pavboot.sys
0xF7693000 VolSnap.sys
0xF74FC000 atapi.sys
0xF7435000 iaStor.sys
0xF76A3000 disk.sys
0xF76B3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7415000 fltmgr.sys
0xF7403000 sr.sys
0xF73ED000 DRVMCDB.SYS
0xF76C3000 PxHelp20.sys
0xF73D6000 KSecDD.sys
0xF7349000 Ntfs.sys
0xF731C000 NDIS.sys
0xF7302000 Mup.sys
0xF77D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6D3B000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6D27000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6CE6000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF79FB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6CC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A03000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6C9A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77E3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B9F000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF77F3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7803000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6C77000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A13000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7DAB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7813000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B3B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C60000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7823000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7833000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A1B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C4F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7843000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A23000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A2B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7853000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7BA9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BF1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B4F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7873000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7893000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA0C8000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA0A4000 \SystemRoot\system32\drivers\portcls.sys
0xF78B3000 \SystemRoot\system32\drivers\drmk.sys
0xF7B23000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D6D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A63000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF7A6B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A73000 \SystemRoot\System32\drivers\vga.sys
0xF7BC1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7913000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B2F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9F6D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9F14000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9EEC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9EC6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9EA4000 \SystemRoot\System32\drivers\afd.sys
0xF76F3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7703000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7943000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA9E51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9DE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7723000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9DBF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF6BD1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7733000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BCB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF794B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF795B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF7753000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA9CA4000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF6BC9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA098000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9AD9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8C2E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C2D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA0A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8C8E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D2D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8BA1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF77C3000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C98000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA8B61000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA8C5E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7B91000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA8C56000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xA8C4E000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA8B4B000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA8B34000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA8B8D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA894F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8872000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9AC9000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7BFB000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xA840A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7DB1000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7C25000 \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
680 csrss.exe
704 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
984 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1156 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1368 svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1596 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1688 svchost.exe
1932 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1956 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1984 C:\Program Files\Bonjour\mDNSResponder.exe
2020 C:\WINDOWS\system32\Brmfrmps.exe
120 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
176 C:\WINDOWS\explorer.exe
448 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
616 C:\Program Files\Java\jre6\bin\jqs.exe
792 C:\WINDOWS\system32\svchost.exe
1336 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1388 C:\WINDOWS\system32\wuauclt.exe
1712 C:\WINDOWS\system32\hkcmd.exe
1768 C:\WINDOWS\system32\igfxpers.exe
1824 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1844 C:\WINDOWS\system32\igfxsrvc.exe
1848 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
1876 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
168 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
300 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
408 C:\WINDOWS\RTHDCPL.EXE
428 C:\Program Files\Common Files\Java\Java Update\jusched.exe
520 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
572 C:\Program Files\iTunes\iTunesHelper.exe
1284 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1316 C:\WINDOWS\system32\rundll32.exe
1656 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
1796 C:\WINDOWS\system32\ctfmon.exe
2168 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
2940 unsecapp.exe
3268 wmiprvse.exe
3400 C:\Program Files\iPod\bin\iPodService.exe
3528 alg.exe
4076 C:\WINDOWS\system32\svchost.exe
2780 C:\Program Files\Internet Explorer\iexplore.exe
2848 C:\Program Files\Internet Explorer\iexplore.exe
3372 C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
836 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721616PLA380, Rev: P22OAB3A
PhysicalDrive1 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

Thanks, and hope you start feeling better.

mikmik12, Oct 19, 2010

#39
crunchie Malware Helper Posts: 761

Feeling a little better today, thank you .

Let's just try once more:

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 1 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

crunchie, Oct 19, 2010

#40

Page 2 of 4

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.