Google redirect help

This is what I would do, is completely uninstall Firefox, use this free utility to uninstall it along with all the registry entries.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Then go into Program Files and if there is still a Firefox folder, delete it.

We will install the latest version in a bit, but lets rerun this program, those adds through the speakers can mean trouble.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
Have the adds through the speakers just occurred or has this been present all along since you posted. A combination of browser redirects and adds through the speakers could mean a possible Whistler Rootkit infection, I need you to run aswMBR, if it asks to update the definitions, do so, then post the new log
 
Ken, the first audio was last night, it was very strange kind of like a radio station with ads, but I could hear what sounded like teenagers say how they knew all aspects of someone life and could do anything through there computer...no specific names were ever mentioned.
I will follow your latest instructions and post results.

Greg
 
Hey,

Sorry your having so many problems, but some of this garbage is really hard to remove, lets try a few things.

Try running aswMBR in Safemode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode



If still a no go, then if you still have Combofix on your desktop, drag it to the trash and download and run a fresh new copy

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Hi Ken, just to keep you up to date I removed Firefox successfully, but could not run aswMBR it would not start. I also had to update IE to version 8, im not sure if this will effect anything ...just letting you know. I will try aswMSB in safe mode and post.

Thanks..Greg
 
Ken,

Heres the latest Combofix log..Thanks


ComboFix 11-09-30.05 - Greg 10/01/2011 10:52:40.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2397 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-10-01 00:04 . 2011-10-01 00:04 -------- d-sh--w- c:\documents and settings\Greg\PrivacIE
2011-10-01 00:03 . 2011-10-01 00:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-01 00:03 . 2011-10-01 00:03 -------- d-sh--w- c:\documents and settings\Greg\IETldCache
2011-09-30 23:58 . 2011-09-30 23:58 -------- dc-h--w- c:\windows\ie8
2011-09-30 23:56 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-09-30 23:56 . 2011-06-23 18:36 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-30 23:56 . 2011-06-23 18:36 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-30 23:56 . 2011-06-23 18:36 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-30 23:56 . 2011-06-23 18:36 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-09-30 23:56 . 2011-06-23 18:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-30 23:56 . 2011-06-23 18:36 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-09-30 23:56 . 2011-06-23 18:36 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-09-30 23:31 . 2011-09-30 23:31 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\VS Revo Group
2011-09-30 23:31 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-09-30 23:31 . 2011-09-30 23:31 -------- d-----w- c:\program files\VS Revo Group
2011-09-24 02:52 . 2011-09-24 02:52 -------- d-----w- C:\_OTL
2011-09-21 18:59 . 2011-09-28 18:40 -------- d-----w- c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory
2011-09-21 18:22 . 2011-10-01 14:19 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
2011-09-21 17:38 . 2011-09-21 18:39 -------- d-----w- C:\COMBO-FIX4520C
2011-09-21 17:35 . 2011-09-21 17:37 -------- d-----w- C:\COMBO-FIX17960C
2011-09-14 23:27 . 2011-09-14 23:27 -------- d-----w- c:\documents and settings\Greg\Application Data\SUPERAntiSpyware.com
2011-09-14 23:26 . 2011-09-30 00:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26 . 2011-09-14 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 20:39 . 2011-09-13 20:40 -------- d-----w- c:\program files\iPod
2011-09-13 20:39 . 2011-09-13 20:41 -------- d-----w- c:\program files\iTunes
2011-09-12 23:46 . 2011-09-12 23:46 -------- d-----w- c:\program files\ESET
2011-09-10 01:07 . 2011-09-10 01:07 -------- d--h--w- c:\windows\PIF
2011-09-06 00:54 . 2011-09-06 01:50 -------- d-----w- C:\COMBO-FIX30049C
2011-09-06 00:47 . 2011-09-06 00:53 -------- d-----w- C:\COMBO-FIX12903C
2011-09-05 00:57 . 2011-09-05 02:42 -------- d-----w- C:\COMBO-FIX24678C
2011-09-05 00:54 . 2011-09-05 00:56 -------- d-----w- C:\COMBO-FIX18701C
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 18:48 . 2008-04-04 00:06 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-21_18.23.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-13 23:37 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-03-13 23:37 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 17:51 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2010-09-09 14:16 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 08:34 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 17:50 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-10 17:50 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 37888 c:\windows\ie8\url.dll
+ 2011-09-30 23:58 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll
+ 2011-09-30 23:58 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 81920 c:\windows\ie8\ieencode.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll
+ 2011-10-01 00:00 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2008-08-27 14:58 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2008-08-27 14:58 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 17:51 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-10 17:51 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 17:51 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 17:51 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-21 06:44 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2011-06-17 01:04 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2011-06-21 18:18 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-03-08 08:34 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-11-05 05:05 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2010-02-26 05:43 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 08:32 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 17:50 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-10-01 00:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-10-01 00:00 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-10-01 00:00 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-10-01 00:00 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-10-01 00:00 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-10-01 00:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-10-01 00:00 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-10-01 00:01 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-10-01 00:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:00 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-09-30 23:58 . 2011-06-21 18:18 667136 c:\windows\ie8\wininet.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll
+ 2011-09-30 23:58 . 2011-04-29 19:07 852480 c:\windows\ie8\vgx.dll
+ 2011-09-30 23:58 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 633344 c:\windows\ie8\urlmon.dll
+ 2011-09-30 23:58 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-09-30 23:58 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-09-30 23:58 . 2011-06-21 18:18 532480 c:\windows\ie8\mstime.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll
+ 2011-09-30 23:58 . 2004-08-04 10:00 146432 c:\windows\ie8\msls31.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 449536 c:\windows\ie8\mshtmled.dll
+ 2011-09-30 23:58 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 251904 c:\windows\ie8\iepeers.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll
+ 2011-09-30 23:58 . 2004-08-04 10:00 221184 c:\windows\ie8\ieakui.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll
+ 2011-09-30 23:12 . 2011-09-30 23:12 278528 c:\windows\ERDNT\AutoBackup\9-30-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 23:12 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-30-2011\ERDNT.EXE
+ 2011-09-30 00:00 . 2011-09-30 00:00 278528 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 00:00 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2011\ERDNT.EXE
+ 2011-09-29 00:33 . 2011-09-29 00:33 278528 c:\windows\ERDNT\AutoBackup\9-28-2011\Users\00000002\UsrClass.dat
+ 2011-09-29 00:33 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-28-2011\ERDNT.EXE
+ 2011-09-27 18:05 . 2011-09-27 18:05 278528 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000002\UsrClass.dat
+ 2011-09-27 18:05 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-27-2011\ERDNT.EXE
+ 2011-09-25 04:45 . 2011-09-25 04:45 278528 c:\windows\ERDNT\AutoBackup\9-25-2011\Users\00000002\UsrClass.dat
+ 2011-09-25 04:45 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-25-2011\ERDNT.EXE
+ 2011-09-24 16:26 . 2011-09-24 16:26 278528 c:\windows\ERDNT\AutoBackup\9-24-2011\Users\00000002\UsrClass.dat
+ 2011-09-24 16:26 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-24-2011\ERDNT.EXE
+ 2011-09-24 02:39 . 2011-09-24 02:39 278528 c:\windows\ERDNT\AutoBackup\9-23-2011\Users\00000002\UsrClass.dat
+ 2011-09-24 02:39 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-23-2011\ERDNT.EXE
+ 2011-10-01 13:03 . 2011-10-01 13:03 278528 c:\windows\ERDNT\AutoBackup\10-1-2011\Users\00000002\UsrClass.dat
+ 2011-10-01 13:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-1-2011\ERDNT.EXE
+ 2004-08-10 17:51 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-06-26 08:15 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:44 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-10-01 00:00 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-09-30 23:58 . 2011-06-27 14:43 3084800 c:\windows\ie8\mshtml.dll
+ 2011-09-30 23:12 . 2011-09-30 23:12 3170304 c:\windows\ERDNT\AutoBackup\9-30-2011\Users\00000001\ntuser.dat
+ 2011-09-30 00:00 . 2011-09-30 00:00 3162112 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000001\ntuser.dat
+ 2011-09-29 00:33 . 2011-09-29 00:33 3170304 c:\windows\ERDNT\AutoBackup\9-28-2011\Users\00000001\ntuser.dat
+ 2011-09-27 18:05 . 2011-09-27 18:05 3170304 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000001\ntuser.dat
+ 2011-09-25 04:45 . 2011-09-25 04:45 3170304 c:\windows\ERDNT\AutoBackup\9-25-2011\Users\00000001\ntuser.dat
+ 2011-09-24 16:26 . 2011-09-24 16:26 3162112 c:\windows\ERDNT\AutoBackup\9-24-2011\Users\00000001\ntuser.dat
+ 2011-09-24 02:39 . 2011-09-24 02:39 3162112 c:\windows\ERDNT\AutoBackup\9-23-2011\Users\00000001\ntuser.dat
+ 2011-10-01 13:03 . 2011-10-01 13:03 3350528 c:\windows\ERDNT\AutoBackup\10-1-2011\Users\00000001\ntuser.dat
+ 2009-03-20 00:59 . 2011-09-28 16:35 47369160 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2011-10-01 00:00 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-30 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-12 2076512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [11/26/2008 1:19 PM 53307]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/30/2011 7:31 PM 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-01 11:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-01 11:37:09
ComboFix-quarantined-files.txt 2011-10-01 15:36
ComboFix2.txt 2011-09-21 18:39
ComboFix3.txt 2011-09-06 01:49
ComboFix4.txt 2011-09-05 02:41
ComboFix5.txt 2011-10-01 14:47
.
Pre-Run: 472,406,814,720 bytes free
Post-Run: 472,801,579,008 bytes free
.
- - End Of File - - BA35FF33FAFF2BB2FD1C1C7FE295D46C
 
Nothing really earth shattering removed and the rest of the log looks fine, lets try installing the new version of Firefox and see how it goes

http://firefox7.org/

Have the adds thru your speakers stopped ?
 
Hi Ken,

I reinstalled Firefox, but im afraid my computer is running very slowly, the audio pop ups still persist and AVG keeps blocking something called "Blackhole Exploit Kit (type 2055). The computer also keeps making a noise similar to when you close a window or turn the machine off. I realize the log indicated little in the way of problem....there are more now then before. Dont know what to do next..

Thanks, Greg
 
Ken, I forgot to mention that I have a program on my desktop named "Open cloud AV" that I never down loaded. When I boot computer it prompt me that I have various serious virus threat and need to take action immediately, then the computer freezes.

Thank greg
 
Open Cloud is a trojan, its a fake anti virus program.

Try running Malwarebytes in safemode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode


In case you removed Malwarebytes



Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
Hi Ken,

I have to download Malware to my desktop, but now my AVG has been disabled, can I still go online without risking further damage. Im using my laptop now, thinking I would follow your instructions on the reinstall of windows. So tell me, am I the exception or is this type thuggery common. Thanks again...Greg
 
Well I tried downloading malwarebytes and I cannot. Everything is gone from my desktop and folders except IE and my recycle bin. i still have plenty of audio pop ups....:hair:
 
Hi,

Formatting and reinstalling windows would be your better option. Let me explain something, I have been at this for many years, when viruses first appeared with Windows 95, they where more of an annoyance then anything else, but not anymore, all this garbage is written by Cyber Criminals, I mean gangs of thieves stealing anything they can, most are off shore and hard to prosecute, the better percentage of this comes form the uKraine. You most likely are infected with a rootkit thats preventing us from running any malware removal programs. You can run this program to unhide your icons so you can go in and back anything up that you dont want to lose.

Just download this to your desktop and run it
http://download.bleepingcomputer.com/grinler/unhide.exe



We just do malware removal on this forum but post here for help if you need it to reinstall windows, all us forums work together so when you post link them to this thread so they can see what we have done. When you post I will find you and follow along and offer my two cents if its needed. By reinstalling a nice clean copy of windows your guaranteed to be free from infections and everything will be back to normal.

http://forums.whatthetech.com/index.php?showforum=119



Good luck,

Ken :)
 
Last edited:
Lets try one more program, if it fails than follow the instructions in my previous post


Step 1 | Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E6A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4A000 fltmgr.sys
0xB9E38000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E21000 KSecDD.sys
0xB9D94000 Ntfs.sys
0xB9D67000 NDIS.sys
0xB9D4D000 Mup.sys
0xBA108000 avgrkx86.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BD1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BBD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8B58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B30000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8AFC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB89DA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8933000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB890B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB88AD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8E7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA204000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E0000 \SystemRoot\system32\drivers\portcls.sys
0xAC187000 \SystemRoot\system32\drivers\drmk.sys
0xAC490000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xAB161000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA864B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8F9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8F97000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB05F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB057000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA85F8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA859F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8565000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA853F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAB165000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB171000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA84D4000 \SystemRoot\System32\drivers\afd.sys
0xAAE28000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA84B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAB899000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8487000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8417000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAADD8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA83E3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8A9B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAB869000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAB861000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA83CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC4A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5ED000 \SystemRoot\System32\ATMFD.DLL
0xA6162000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA60DC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xAADF8000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA614E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA57F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA867B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA56CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5452000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5235000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA52AE000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xA5147000 \SystemRoot\system32\drivers\kmixer.sys
0xA4225000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\ati2evxx.exe
968 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1420 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgchsvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\3238208952:1205533758.exe
284 svchost.exe
320 C:\Program Files\SUPERAntiSpyware\SASCore.exe
416 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\WINDOWS\system32\dlcxcoms.exe
1328 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1464 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
1352 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
1860 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
244 C:\Program Files\AVG\AVG9\avgam.exe
1652 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 alg.exe
4032 C:\WINDOWS\explorer.exe
4044 C:\WINDOWS\system32\wscntfy.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1908 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2892 C:\Program Files\QuickTime\QTTask.exe
3020 wmiprvse.exe
696 C:\Program Files\iTunes\iTunesHelper.exe
3224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3360 C:\WINDOWS\system32\ctfmon.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
524 C:\WINDOWS\system32\svchost.exe
560 wmiprvse.exe
468 C:\Program Files\iPod\bin\iPodService.exe
1620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1844 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
4004 F:\MBRCheck.exe
484 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E6A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4A000 fltmgr.sys
0xB9E38000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E21000 KSecDD.sys
0xB9D94000 Ntfs.sys
0xB9D67000 NDIS.sys
0xB9D4D000 Mup.sys
0xBA108000 avgrkx86.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BD1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BBD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B7C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8B58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B30000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8AFC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB8AD9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB89DA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8933000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D11000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB890B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA498000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB88AD000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8E7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA204000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E0000 \SystemRoot\system32\drivers\portcls.sys
0xAC187000 \SystemRoot\system32\drivers\drmk.sys
0xAC490000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xAB161000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA864B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8F9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8F97000 \SystemRoot\System32\drivers\vga.sys
0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB05F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB057000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA85F8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA859F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8565000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA853F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB7B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAB165000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8517000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB171000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA84D4000 \SystemRoot\System32\drivers\afd.sys
0xAAE28000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA84B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAB899000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8487000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8417000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAADD8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA83E3000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8A9B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAB869000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAB861000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA83CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC4A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0D1000 \SystemRoot\System32\atikvmag.dll
0xBF13D000 \SystemRoot\System32\atiok3x2.dll
0xBF16B000 \SystemRoot\System32\ati3duag.dll
0xBF468000 \SystemRoot\System32\ativvaxx.dll
0xBF5ED000 \SystemRoot\System32\ATMFD.DLL
0xA6162000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA60DC000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xAADF8000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA614E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57C6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA57F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA867B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA56CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5452000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5235000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA52AE000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xA5147000 \SystemRoot\system32\drivers\kmixer.sys
0xA4225000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\ati2evxx.exe
968 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1420 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgchsvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\3238208952:1205533758.exe
284 svchost.exe
320 C:\Program Files\SUPERAntiSpyware\SASCore.exe
416 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\WINDOWS\system32\dlcxcoms.exe
1328 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1464 C:\WINDOWS\system32\svchost.exe
188 wdfmgr.exe
1352 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
1860 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
244 C:\Program Files\AVG\AVG9\avgam.exe
1652 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 alg.exe
4032 C:\WINDOWS\explorer.exe
4044 C:\WINDOWS\system32\wscntfy.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
1908 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
1744 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2088 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2176 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2368 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2892 C:\Program Files\QuickTime\QTTask.exe
3020 wmiprvse.exe
696 C:\Program Files\iTunes\iTunesHelper.exe
3224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3360 C:\WINDOWS\system32\ctfmon.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
524 C:\WINDOWS\system32\svchost.exe
3940 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3948 C:\WINDOWS\system32\wscript.exe
560 wmiprvse.exe
468 C:\Program Files\iPod\bin\iPodService.exe
1620 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2416 C:\Program Files\Internet Explorer\iexplore.exe
1844 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
2628 F:\MBRCheck.exe
1108 C:\Program Files\AVG\AVG9\avgui.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Ken, I ran both yes and no by mistake. I usde a flash drive to download program...Can I infect my laptop using this method? Thanks, Greg
 
Yes you can, but we can worry about that later.

Run MBRcheck again and do this

[2] Restore the MBR of a physical disk with a standard boot code.

Then reboot and post the logs
 
You must log in or register to reply here.
Back
Top