additional logs as requested...
Hello Ken545,
Thanks for keeping tabs on me over at PCP.
Here's the log for MBRCheck and ESET. Looks like ESET found something.
PCP is also asking for a PIT test to be run. I guess they want to compare analysis-fu:) Would that confuse things?
*****MBRCheck log*****
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 103):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF798D000 dmload.sys
0xF73E2000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF73CA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AA000 fltmgr.sys
0xF7398000 sr.sys
0xF74D7000 PxHelp20.sys
0xF7381000 KSecDD.sys
0xF72F4000 Ntfs.sys
0xF72C7000 NDIS.sys
0xF72AD000 Mup.sys
0xF74E7000 avgrkx86.sys
0xF74F7000 AVGIDSxx.sys
0xF722C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF773F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7208000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7747000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF71E0000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7517000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7767000 \SystemRoot\system32\drivers\Afc.sys
0xF71BD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7787000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xF798F000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xF7597000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7991000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF792B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF71A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7195000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7165000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7997000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7107000 \SystemRoot\system32\DRIVERS\update.sys
0xF794B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7957000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7817000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xF7963000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7667000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7677000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF791F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BCC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\System32\drivers\vga.sys
0xF7003000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79AB000 \SystemRoot\System32\Drivers\ArcRec.SYS
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7947000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF6FD0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6F77000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6F51000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6F17000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF70F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6EEF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6ECD000 \SystemRoot\System32\drivers\afd.sys
0xF7697000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6EA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6E32000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF782F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7867000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF6DF2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF725C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77A7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF696E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF667A000 \SystemRoot\system32\DRIVERS\srv.sys
0xF63D6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 19):
0 System Idle Process
4 System
768 C:\WINDOWS\system32\smss.exe
816 csrss.exe
840 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1416 C:\WINDOWS\system32\svchost.exe
1428 svchost.exe
1592 C:\Program Files\AVG\AVG9\avgchsvx.exe
1604 svchost.exe
1784 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1800 C:\Program Files\AVG\AVG9\avgcsrvx.exe
456 C:\WINDOWS\explorer.exe
868 C:\Program Files\Mozilla Firefox\firefox.exe
1444 C:\Program Files\Mozilla Firefox\plugin-container.exe
804 C:\Documents and Settings\alexander\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500JD-75HBC0, Rev: 08.02D08
PhysicalDrive1 Model Number: TOSHIBAExternal USB 3.0, Rev: 0001
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
931 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
*****end MBRCheck log*****
*****ESET log*****
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17112 (vista_gdr.120629-0008)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=26dd81ad0e4b3342bb9e73ab2c4b9f77
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-12 03:30:30
# local_time=2012-09-12 08:30:30 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 114539185 114539185 0 0
# compatibility_mode=1031 16777174 100 93 0 88634288 0 0
# compatibility_mode=8192 67108863 100 0 32420853 32420853 0 0
# scanned=252854
# found=6
# cleaned=0
# scan_time=7710
C:\Documents and Settings\alexander\My Documents\Downloads\cnet_spybotsd162_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\alexander\My Documents\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Install\cnet2_audacity-win-1_2_6_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Install\VLC_32.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Install\YouTubeDownloaderSetup273.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Install\Nero\wordview_en-us.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
ListParts and CKScanner logs requested...
Hello Ken545,
Here are the logs you requested. I'll also hop over to PCP and run their PIT test as well. The CKScanner seems to be picking up an a lot of my texture files which have "crack" or "cracked" in them:)
Thanks
AWhang
*****ListParts log*****
ListParts by Farbar Version: 10-08-2012
Ran by alexander (administrator) on 13-09-2012 at 06:57:56
Windows XP (X86)
Running From: C:\Documents and Settings\alexander\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 3070.07 MB
Available physical RAM: 2451.83 MB
Total Pagefile: 4450.39 MB
Available Pagefile: 4093.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.41 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:228.93 GB) (Free:78.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:916.7 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 932 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 229 GB 47 MB
Partition 3 Unknown 3938 MB 229 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 229 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D TOSHIBA EXT NTFS Partition 932 GB Healthy
======================================================================================================
****** End Of Log ******
*****CKScanner Log*****
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\application data\adobe\photoshop elements\6.0\locale\en_us\photo creations metadata\backgrounds\cracked paint.xml
c:\documents and settings\all users\documents\nintndo ds\professor layton and the diabolical box (u)\00000_no$gba-w\battery\4982 - safecracker - the ultimate puzzle adventure (usa) (en,fr,es) [b].sav
c:\flexlm\awkeygen.exe
c:\program files\alias\maya7.0\brushes\fun\cracks.mel
c:\program files\alias\maya7.0\brushes\fun\cracks.mel.icon
c:\program files\alias\maya7.0\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2009\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\scripts\others\crackshatter.res.mel
c:\program files\autodesk\maya2011\brushes\fun\cracks.mel
c:\program files\autodesk\maya2011\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2011\docs\maya2011\en_us\files\uv_texture_mapping_creating_a_cracker_box_model.htm
c:\program files\autodesk\maya2011\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2011\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2011\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2011\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2011\scripts\others\crackshatter.res.mel
c:\program files\autodesk\maya2012\brushes\fun\cracks.mel
c:\program files\autodesk\maya2012\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2012\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2012\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2012\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2012\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2012\scripts\others\crackshatter.res.mel
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimage
scanner sequence 3.ZZ.11.JJNAEH
----- EOF -----