Solved Win32.Loader.O Infection

jdblue1976 · 2010/08/31

[Resolved] Win32.Loader.O Infection

Hi folks,

My first time posting however, I've read the rules and what not so I hope I do this correctly. Thanks in advance to all you volunteers, really appreciate the help.

Windows Explorer stopped working and got deleted by BitDefender so I knew there was a problem. Ran BitDefender 2010 and MalWareByte and this is what they fixed.

Trojan.Generic.KDV.29338 & 29339 deleted

Gen:Heur.Krypt.15 - File Access Blocked

Win32.Loader.O - Blocked when I copied explorer to C:\WINDOWS from a USB drive

Win23.Loader.O infections (BitDefender Deleted)
<System>=>HKEY_CLASSES_ROOT\SHELL\SHELL\EXPLORE\COMMAND\=>C:\WINDOWS\EXPLORER.EXE
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\AUTOCHK\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINLOGON.EXE
<System>=>C:\WINDOWS\System32\winlogon.exe [940] (disk)
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe

7 restore files were deleted

C:\WINDOWS\OLDB.TMP
C:\WINDOWS\system32\dllcache\explorer.exe

But BD and Malware were unable to delete or fix winlogon.exe

Ok, according to BitDefender I have a Win32.Loader.O infection. It is in my C:\WINDOWS\explorer.exe and C:WINDOWS\system32\winlogon.exe. BD is unable to delete winlogon so after it cleans explorer it gets reinfected.

I think the cause of this is because I'm not able to install a Windows Security Update (KB972270). I believe it left a back door open which got exploited. So while you guys look at my DDS output I'll try and get that installed. (Or maybe they are connected?)

Next posts will be the DDS outputs.

Thanks again, JR

jdblue1976 · 2010/08/31

Attach.txt
DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2006 7:10:56 PM
System Uptime: 8/31/2010 6:18:29 PM (0 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 1.17 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 4.739 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: MagicISO SCSI Host Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: MagicISO, Inc.
Name: MagicISO SCSI Host Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: mcdbus

==== System Restore Points ===================

RP1: 8/27/2010 12:00:44 AM - System Checkpoint
RP2: 8/27/2010 12:39:23 PM - Software Distribution Service 3.0
RP3: 8/29/2010 7:18:10 PM - Software Distribution Service 3.0
RP4: 8/29/2010 8:58:19 PM - Software Distribution Service 3.0
RP5: 8/29/2010 9:48:41 PM - Software Distribution Service 3.0
RP6: 8/29/2010 9:57:08 PM - Software Distribution Service 3.0
RP7: 8/30/2010 5:26:23 PM - Software Distribution Service 3.0
RP8: 8/30/2010 5:41:32 PM - Software Distribution Service 3.0
RP9: 8/30/2010 5:44:27 PM - Software Distribution Service 3.0
RP10: 8/30/2010 6:15:52 PM - Software Distribution Service 3.0
RP11: 8/30/2010 6:34:33 PM - Software Distribution Service 3.0
RP12: 8/30/2010 9:39:08 PM - Software Distribution Service 3.0
RP13: 8/30/2010 10:44:58 PM - Software Distribution Service 3.0
RP14: 8/31/2010 8:02:17 AM - Software Distribution Service 3.0
RP15: 8/31/2010 5:29:54 PM - Software Distribution Service 3.0
RP16: 8/31/2010 6:21:13 PM - Software Distribution Service 3.0

==== Installed Programs ======================

3DVIA player 4.1
3ivx D4 4.5.1 (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Advanced Audio FX Engine
AIM 7
AIM Toolbar
Amazon3
Andrea VoiceCenter
AOLIcon
ATI Display Driver
AutoUpdate
Barbie (R) as Princess Bride (TM)
Barbie(R) Pet Rescue
BitDefender Antivirus 2010
Broadcom Management Programs
BUM
Candy Land
ClueFinders(R) 3rd Grade Adventures
Conexant HDA D110 MDC V.92 Modem
Counter-Strike
Coupon Printer for Windows
Creative Live! Central
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell System Restore
DellSupport
Digital Content Portal
Disney's Princess Fashion Boutique
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DNA
Download Updater (AOL LLC)
EA Download Manager
EA Download Manager UI
edward-monkton-screensaver
Finding Nemo
Gold Miner
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp 7
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
JumpStart 1st Grade v1.5
JumpStart 3rd Grade 2001
JumpStart Animal Adventures
JumpStart Music
Kid Pix Studio Deluxe
KODAK EASYSHARE Gallery Easy Upload, v2.1
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Mall Tycoon 3
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Panasonic Office Add-in
Pivot Stickfigure Animator
PopCap Browser Plugin
PowerDVD 5.7
PowerISO
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer
RealSpeak_Solo_Common_for_Panasonic
RealSpeak_Solo_English_for_Panasonic
SAPI5_Common
SAPI5_English
SBA
Search Assist
Secure Game Player
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sierra Utilities
Skype Toolbars
Skype™ 4.2
Slingbox Platform SDK 1.2.5.15
SlingPlayer
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spyware Doctor 5.5
Steam
Synaptics Pointing Device Driver
The Sims 2 Pets
The Sims Superstar
The Sims™ 2 Best of Business Collection
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Voice Editing
Voozie Maker
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World Explorer 2.0
Zoo Tycoon 2
Zoo Tycoon Expanded
Zoombinis Mountain Rescue(TM)

==== Event Viewer Messages From Past Week ========

8/31/2010 8:01:36 AM, error: System Error [1003] - Error code 000000e3, parameter1 8a44e080, parameter2 871c0408, parameter3 87e5f340, parameter4 00000003.
8/31/2010 5:32:04 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\explorer.exe could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
8/30/2010 5:36:31 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
8/30/2010 5:30:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/30/2010 5:29:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/29/2010 9:01:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
8/29/2010 8:51:53 PM, information: Windows File Protection [64021] - The system file c:\windows\explorer.exe could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
8/29/2010 8:48:36 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
8/29/2010 7:32:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV bdfsfltr bdftdif Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip WS2IFSL
8/29/2010 7:32:32 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2010 7:32:32 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2010 7:32:32 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2010 7:32:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2010 7:28:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/29/2010 7:17:04 PM, error: Service Control Manager [7000] - The IC Recorder Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/29/2010 10:00:08 PM, information: Windows File Protection [64004] - The protected system file explorer.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
8/27/2010 12:39:57 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows XP (KB972270).
8/26/2010 9:15:22 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

jdblue1976 · 2010/08/31

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mary at 18:34:47.14 on Tue 08/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1407 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\Mary\LOCALS~1\Temp\clclean.0001
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Mary\Application Data\U3\0000160EF17257CF\LaunchPad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Windows BBS Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ttool] c:\windows\essledv.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [Live! Central] "c:\program files\creative\creative live! cam\live! central\CTLVCentral.exe" /mode2
mRun: [Make A Voozie] "c:\documents and settings\all users\application data\make a voozie\VoozieMaker.exe" /startup
mRun: [Ykuxacepepajon] rundll32.exe "c:\windows\agafedah.dll ",Startup
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe "
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma07.mail.gm.com/iNotes6W.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191119545093
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://asp.congnamul.com/AspActiveX/CongnamulMap4Asp_V27.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} - hxxp://www.congnamul.com/ActiveX/Release/Congnamul/CongnamulMap_V17.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: fakojavoy - {04d9db63-51ac-484e-911d-7ddc2976433a} - c:\windows\system32\jojekode.dll
STS: tokatiluy: {04d9db63-51ac-484e-911d-7ddc2976433a} - c:\windows\system32\jojekode.dll

============= SERVICES / DRIVERS ===============

R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-9-21 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-18 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-8-10 31616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2006-12-21 17432]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-10 135616]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-10-3 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-10-3 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-10-3 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-21 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-6-21 1017224]

=============== Created Last 30 ================

2010-08-31 01:34:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 01:34:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 01:12:48 0 d--h--w- c:\windows\PIF
2010-08-30 22:24:32 1033728 ------w- c:\windows\explorer.exe
2010-08-27 01:15:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-19 19:24:04 850 ----a-w- c:\documents and settings\mary\Application DataProductTweaks.xml
2010-08-19 16:51:10 385 ----a-w- c:\documents and settings\mary\Application Datauser_gensett.xml
2010-08-12 16:17:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-12 16:14:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-12 16:10:00 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-11 16:31:34 376 ----a-w- c:\documents and settings\mary\Application Dataprivacy.xml
2010-08-10 22:30:26 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-08-10 21:54:41 0 d-----w- c:\docume~1\mary\applic~1\BitDefender

==================== Find3M ====================

2010-08-21 12:55:14 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-10 21:46:43 81984 ----a-w- c:\windows\system32\bdod.bin
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-07 00:03:09 201728 ----a-w- c:\windows\system32\edward-monkton-screensaver.scr
2007-10-14 01:20:09 359461 -csh--w- c:\windows\system32\opqss.bak1
2007-10-21 13:10:28 293320 -csh--w- c:\windows\system32\opqss.bak2
2007-10-09 06:19:01 408156 -csh--w- c:\windows\system32\orutv.bak1
2007-10-10 07:04:40 642446 -csh--w- c:\windows\system32\orutv.bak2
2007-10-10 07:28:12 642565 -csh--w- c:\windows\system32\orutv.ini2
2010-02-04 20:51:49 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-12-28 12:49:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122820081229\index.dat

============= FINISH: 18:36:30.20 ===============

broni · 2010/08/31

Welcome aboard

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jdblue1976 · 2010/09/01

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4521

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/1/2010 7:31:06 AM
mbam-log-2010-09-01 (07-31-06).txt

Scan type: Quick scan
Objects scanned: 189746
Time elapsed: 1 hour(s), 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

However, during the scanning process a BitDefender notice came up that it blocked Win32.Loader.O accessed by: svchost.exe; Location: C:\System\Volume Information\_restore(.........)\RP15\A0002255.exe

broni · 2010/09/01

Location: C:\System\Volume Information\_restore(.........)\RP15\A0002255.exe
Click to expand...

Nothing to worry about. It's not active, as long, as you don't touch restore points.
We'll reset them at the end, when your computer is clean again.

jdblue1976 · 2010/09/02

I have the other log files to post now. But first a comment. If the virus isn't active why does IE still redirects away from potential anti-virus sites like this one? My BitDefender has found the virus in Explorer and Winlogon, but MBAM doesn't.

jdblue1976 · 2010/09/02

Also, the GMR log file is almost a Meg, should I still post that?

jdblue1976 · 2010/09/02

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 154):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xB9EB9000 bdfsfltr.sys
0xB9EA4000 drvmcdb.sys
0xBA338000 PxHelp20.sys
0xB9E8D000 KSecDD.sys
0xB9E7A000 WudfPf.sys
0xB9DED000 Ntfs.sys
0xB9DC0000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9DA6000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA248000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9B58000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9612000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB95FE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB95D6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9478000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xBA488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9454000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA258000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB9440000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA498000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB93F4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA278000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB93C5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA288000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5FE000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA298000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB93A2000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\livecamv.sys
0xB937E000 \SystemRoot\system32\DRIVERS\portcls.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\drmk.sys
0xBA6CA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9367000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB980B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB97FB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA348000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9356000 \SystemRoot\system32\DRIVERS\psched.sys
0xB97EB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA360000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA368000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB97DB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA608000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB92F8000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D7E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA370000 \SystemRoot\system32\DRIVERS\omci.sys
0xB97CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB118F000 \SystemRoot\system32\drivers\sthda.sys
0xB103B000 \SystemRoot\system32\drivers\monfilt.sys
0xB1009000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB0F0C000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB0E5C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA378000 \SystemRoot\System32\Drivers\Modem.SYS
0xB978B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9B68000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA390000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA62E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6AD000 \SystemRoot\System32\Drivers\Null.SYS
0xBA630000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3A0000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA3A8000 \SystemRoot\System32\drivers\vga.sys
0xBA632000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9B64000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0466000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB040D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB03C9000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xAF09E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB92F4000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAF07C000 \SystemRoot\System32\drivers\afd.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3D0000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xAEFB1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAEF19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA318000 \SystemRoot\System32\Drivers\Fips.SYS
0xB92D0000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xAEC61000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAEFDC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAEC49000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA61C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAEC91000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA448000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA77F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA1F8000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA7D1000 \SystemRoot\system32\dla\tfsndres.sys
0xACB1B000 \SystemRoot\system32\dla\tfsnifs.sys
0xACC41000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA658000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA468000 \SystemRoot\system32\dla\tfsnboio.sys
0xBA238000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA7D7000 \SystemRoot\system32\dla\tfsndrct.sys
0xACADA000 \SystemRoot\system32\dla\tfsnudf.sys
0xACAC1000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBA380000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAC9E1000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAC9A5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC74C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC7D1000 \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
0xBA5E2000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xAC5DD000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC7C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC6AC000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAC280000 \SystemRoot\system32\drivers\wdmaud.sys
0xAC919000 \SystemRoot\system32\drivers\sysaudio.sys
0xAC143000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xAC113000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xAC0ED000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xABF69000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
0xABD65000 \SystemRoot\system32\drivers\bdfm.sys
0xABD4C000 \SystemRoot\system32\drivers\BDHV.SYS
0xABC43000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB6F9000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
860 C:\WINDOWS\system32\smss.exe
936 csrss.exe
964 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1024 C:\WINDOWS\system32\lsass.exe
1224 C:\WINDOWS\system32\ati2evxx.exe
1240 C:\WINDOWS\system32\svchost.exe
1356 svchost.exe
1500 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1520 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
1564 C:\WINDOWS\system32\svchost.exe
1648 C:\WINDOWS\system32\svchost.exe
1756 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1792 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1836 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
2004 svchost.exe
216 svchost.exe
436 C:\WINDOWS\system32\spoolsv.exe
536 svchost.exe
568 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
608 C:\WINDOWS\system32\CTSVCCDA.EXE
692 C:\Program Files\Java\jre6\bin\jqs.exe
760 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
940 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
1416 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1700 C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
2016 C:\WINDOWS\system32\svchost.exe
308 C:\Program Files\Viewpoint\Common\ViewpointService.exe
928 C:\WINDOWS\system32\wuauclt.exe
2172 C:\WINDOWS\system32\ati2evxx.exe
2608 wmiprvse.exe
2852 wmiprvse.exe
1964 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3080 G:\explorer.exe
3404 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3472 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3488 C:\Program Files\Java\jre6\bin\jusched.exe
3504 C:\WINDOWS\stsystra.exe
3548 C:\Program Files\Dell\Media Experience\PCMService.exe
3592 C:\WINDOWS\system32\rundll32.exe
3652 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3784 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
3716 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3796 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3816 C:\WINDOWS\system32\dla\tfswctrl.exe
3840 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
3848 C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
3880 C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe
2216 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
1172 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
708 C:\DOCUME~1\Mary\LOCALS~1\Temp\clclean.0001
1260 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
1380 C:\WINDOWS\system32\ctfmon.exe
268 C:\Program Files\AIM\aim.exe
272 C:\WINDOWS\system32\wuauclt.exe
1900 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
3832 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
1532 C:\WINDOWS\system32\svchost.exe
3684 G:\Windows BBS Tools\AntiVirus Ware\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`30f1d000 (NTFS)

PhysicalDrive0 Model Number: ST980825AS, Rev: 8.02

Size Device Name MBR Status
--------------------------------------------
73 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D21BD8D161AAE2A5526E0F37D27A127EF80AC72E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: DiskDump0Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

broni · 2010/09/02

If the virus isn't active why does IE still redirects away from potential anti-virus sites like this one? My BitDefender has found the virus in Explorer and Winlogon, but MBAM doesn't.
Click to expand...

That's caused by some other culprit(s).
For instance, your MBR seems to be infected.
We'll get to it in a moment.

Regarding GMER....
Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link).

jdblue1976 · 2010/09/02

My GMRlog.log can be found here.

http://www.filedropper.com/gmrlog

broni · 2010/09/02

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

jdblue1976 · 2010/09/02

Here is the first requested MBRCheck result.

However, note that I'm having to start explorer.exe manually from a thumb drive right now.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 154):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xB9EB9000 bdfsfltr.sys
0xB9EA4000 drvmcdb.sys
0xBA338000 PxHelp20.sys
0xB9E8D000 KSecDD.sys
0xB9E7A000 WudfPf.sys
0xB9DED000 Ntfs.sys
0xB9DC0000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9DA6000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA218000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA580000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB93AF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB939B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9373000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9215000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB91F1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA228000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB91DD000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA488000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA238000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9191000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA248000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9162000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5F8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA498000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA258000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5FA000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA268000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA278000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB913F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\livecamv.sys
0xB911B000 \SystemRoot\system32\DRIVERS\portcls.sys
0xBA288000 \SystemRoot\system32\DRIVERS\drmk.sys
0xBA7AF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A98000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9104000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9731000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9721000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB90F3000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9711000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA348000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9701000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9095000 \SystemRoot\system32\DRIVERS\update.sys
0xB9A84000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA370000 \SystemRoot\system32\DRIVERS\omci.sys
0xB96F1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0F65000 \SystemRoot\system32\drivers\sthda.sys
0xB0E11000 \SystemRoot\system32\drivers\monfilt.sys
0xB0DDF000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB0CE2000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB0C32000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA390000 \SystemRoot\System32\Drivers\Modem.SYS
0xB96C1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9D6E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA620000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA752000 \SystemRoot\System32\Drivers\Null.SYS
0xBA622000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3A0000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA3A8000 \SystemRoot\System32\drivers\vga.sys
0xBA624000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA626000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9D66000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB087B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0822000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB07DE000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xB07B6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9D45000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB0794000 \SystemRoot\System32\drivers\afd.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3C0000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB0769000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB06D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA58C000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB96A1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAEA35000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5BC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAEA71000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA420000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA79D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA188000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA6A1000 \SystemRoot\system32\dla\tfsndres.sys
0xAC8DF000 \SystemRoot\system32\dla\tfsnifs.sys
0xACA25000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA614000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA450000 \SystemRoot\system32\dla\tfsnboio.sys
0xBA198000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA69E000 \SystemRoot\system32\dla\tfsndrct.sys
0xAC8C6000 \SystemRoot\system32\dla\tfsnudf.sys
0xAC8AD000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBA468000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAC7B5000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAC785000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC510000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC5A9000 \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
0xBA608000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xAC3A1000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC57D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC480000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAC06D000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
0xABE91000 \SystemRoot\system32\drivers\bdfm.sys
0xABE78000 \SystemRoot\system32\drivers\BDHV.SYS
0xABDC3000 \SystemRoot\system32\drivers\wdmaud.sys
0xAC81D000 \SystemRoot\system32\drivers\sysaudio.sys
0xABD75000 \SystemRoot\system32\drivers\kmixer.sys
0xABD4E000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xABC7E000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xABC58000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xBA408000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xABA4C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB96B000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
856 C:\WINDOWS\system32\smss.exe
908 csrss.exe
940 C:\WINDOWS\system32\winlogon.exe
988 C:\WINDOWS\system32\services.exe
1000 C:\WINDOWS\system32\lsass.exe
1180 C:\WINDOWS\system32\ati2evxx.exe
1196 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1316 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1332 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
1404 C:\WINDOWS\system32\svchost.exe
1492 C:\WINDOWS\system32\svchost.exe
1584 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1624 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1648 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1780 svchost.exe
1812 svchost.exe
184 C:\WINDOWS\system32\spoolsv.exe
272 svchost.exe
308 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
380 C:\WINDOWS\system32\CTSVCCDA.EXE
552 C:\Program Files\Java\jre6\bin\jqs.exe
612 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
652 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
796 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
820 C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
892 C:\WINDOWS\system32\svchost.exe
1048 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1708 C:\WINDOWS\system32\wuauclt.exe
2512 wmiprvse.exe
3628 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
2124 C:\WINDOWS\system32\ati2evxx.exe
2280 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
2716 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
3980 C:\WINDOWS\system32\taskmgr.exe
1876 G:\explorer.exe
2564 C:\WINDOWS\system32\wuauclt.exe
2484 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2300 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2352 C:\Program Files\Java\jre6\bin\jusched.exe
1192 C:\WINDOWS\stsystra.exe
2956 C:\Program Files\Dell\Media Experience\PCMService.exe
3024 C:\WINDOWS\system32\rundll32.exe
3044 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3160 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
3208 C:\DOCUME~1\Mary\LOCALS~1\Temp\clclean.0001
3268 wmiprvse.exe
1824 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3284 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3324 C:\WINDOWS\system32\dla\tfswctrl.exe
3360 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
3432 C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
3440 C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe
3684 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3556 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
3760 C:\WINDOWS\system32\ctfmon.exe
3776 C:\Program Files\AIM\aim.exe
832 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
2176 G:\Windows BBS Tools\AntiVirus Ware\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`30f1d000 (NTFS)

PhysicalDrive0 Model Number: ST980825AS, Rev: 8.02

Size Device Name MBR Status
--------------------------------------------
73 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D21BD8D161AAE2A5526E0F37D27A127EF80AC72E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

jdblue1976 · 2010/09/02

Second MBR Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 154):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xB9EB9000 bdfsfltr.sys
0xB9EA4000 drvmcdb.sys
0xBA338000 PxHelp20.sys
0xB9E8D000 KSecDD.sys
0xB9E7A000 WudfPf.sys
0xB9DED000 Ntfs.sys
0xB9DC0000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9DA6000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9283000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA578000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB90DA000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB90C6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB909E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8F40000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8F1C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9273000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB8F08000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA480000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB9263000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB8EBC000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB9253000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8E8D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA490000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9243000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5F4000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8E6A000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA498000 \SystemRoot\system32\DRIVERS\livecamv.sys
0xB8E46000 \SystemRoot\system32\DRIVERS\portcls.sys
0xBA208000 \SystemRoot\system32\DRIVERS\drmk.sys
0xBA683000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA218000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B52000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E2F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA238000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8E1E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA248000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA258000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8DC0000 \SystemRoot\system32\DRIVERS\update.sys
0xB9B42000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA348000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA268000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0C68000 \SystemRoot\system32\drivers\sthda.sys
0xB0B14000 \SystemRoot\system32\drivers\monfilt.sys
0xB0AE2000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB09E5000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB0924000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA360000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA298000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9D45000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA60A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA77E000 \SystemRoot\System32\Drivers\Null.SYS
0xBA60C000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA370000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA378000 \SystemRoot\System32\drivers\vga.sys
0xBA60E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA610000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA380000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA388000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9D3D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB057E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0525000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB04E1000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xAFE69000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9D31000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAFE47000 \SystemRoot\System32\drivers\afd.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA390000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xAFE1C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAFD84000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8DA0000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA2E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA1B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE59D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA634000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9D62000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAEA44000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA772000 \SystemRoot\system32\dla\tfsndres.sys
0xAC447000 \SystemRoot\system32\dla\tfsnifs.sys
0xAC591000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA638000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA3E0000 \SystemRoot\system32\dla\tfsnboio.sys
0xAEA34000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA77D000 \SystemRoot\system32\dla\tfsndrct.sys
0xAC42E000 \SystemRoot\system32\dla\tfsnudf.sys
0xAC415000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAC3D1000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAC301000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC078000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC115000 \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
0xBA5BC000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xABF31000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC0B9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC038000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xABBFD000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
0xBA398000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xABA71000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xABA5C000 \SystemRoot\system32\drivers\wdmaud.sys
0xABE79000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB997000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xAB967000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xAB941000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xAB735000 \SystemRoot\system32\drivers\bdfm.sys
0xAB71C000 \SystemRoot\system32\drivers\BDHV.SYS
0xAB59B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAAE21000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
852 C:\WINDOWS\system32\smss.exe
904 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1180 C:\WINDOWS\system32\ati2evxx.exe
1196 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1320 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1348 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
1400 C:\WINDOWS\system32\svchost.exe
1484 C:\WINDOWS\system32\svchost.exe
1568 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1608 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1640 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1764 svchost.exe
1808 svchost.exe
2040 C:\WINDOWS\system32\spoolsv.exe
224 svchost.exe
296 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
332 C:\WINDOWS\system32\CTSVCCDA.EXE
428 C:\Program Files\Java\jre6\bin\jqs.exe
540 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
584 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
656 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
768 C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
880 C:\WINDOWS\system32\svchost.exe
160 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1540 C:\WINDOWS\system32\wuauclt.exe
2188 wmiprvse.exe
2300 wmiprvse.exe
2536 C:\WINDOWS\system32\ati2evxx.exe
3904 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3940 C:\WINDOWS\system32\taskmgr.exe
1592 G:\explorer.exe
2204 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2252 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2288 C:\Program Files\Java\jre6\bin\jusched.exe
2424 C:\WINDOWS\stsystra.exe
2404 C:\Program Files\Dell\Media Experience\PCMService.exe
2576 C:\WINDOWS\system32\rundll32.exe
2812 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2660 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2896 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2936 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2956 C:\WINDOWS\system32\dla\tfswctrl.exe
2984 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
2996 C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
3068 C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe
2280 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
2272 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
360 C:\DOCUME~1\Mary\LOCALS~1\Temp\clclean.0001
3372 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
3416 C:\WINDOWS\system32\wuauclt.exe
3424 C:\WINDOWS\system32\ctfmon.exe
3496 C:\Program Files\AIM\aim.exe
3704 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
608 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
3200 G:\Windows BBS Tools\AntiVirus Ware\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`30f1d000 (NTFS)

PhysicalDrive0 Model Number: ST980825AS, Rev: 8.02

Size Device Name MBR Status
--------------------------------------------
73 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D21BD8D161AAE2A5526E0F37D27A127EF80AC72E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

broni · 2010/09/02

Our fix didn't work.
We need to use different way...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

jdblue1976 · 2010/09/02

Still running explorer from the thumb drive

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 154):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xB9EB9000 bdfsfltr.sys
0xB9EA4000 drvmcdb.sys
0xBA338000 PxHelp20.sys
0xB9E8D000 KSecDD.sys
0xB9E7A000 WudfPf.sys
0xB9DED000 Ntfs.sys
0xB9DC0000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9DA6000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB98DF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9465000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9451000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9429000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB92CB000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xBA488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB92A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB9293000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA498000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9247000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA218000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9218000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA600000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA228000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA602000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA248000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB91F5000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\livecamv.sys
0xB91D1000 \SystemRoot\system32\DRIVERS\portcls.sys
0xBA258000 \SystemRoot\system32\DRIVERS\drmk.sys
0xBA7F9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB98CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB91BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA348000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB91A9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA360000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA368000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA604000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB914B000 \SystemRoot\system32\DRIVERS\update.sys
0xBA584000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA370000 \SystemRoot\system32\DRIVERS\omci.sys
0xB965E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0FF3000 \SystemRoot\system32\drivers\sthda.sys
0xB0E9F000 \SystemRoot\system32\drivers\monfilt.sys
0xB0E6D000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB0D70000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB0CC0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA378000 \SystemRoot\System32\Drivers\Modem.SYS
0xB962E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9D41000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA616000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA775000 \SystemRoot\System32\Drivers\Null.SYS
0xBA618000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA388000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA390000 \SystemRoot\System32\drivers\vga.sys
0xBA61C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA61E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA398000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9D39000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0909000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB08B0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB086C000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xB01F4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9D2D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB01D2000 \SystemRoot\System32\drivers\afd.sys
0xB960E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3A8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB01A7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB010F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB95EE000 \SystemRoot\System32\Drivers\Fips.SYS
0xB912F000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xB95DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB95CE000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA168000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAEA62000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA646000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB08A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA69D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAFA4F000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA759000 \SystemRoot\system32\dla\tfsndres.sys
0xAC90C000 \SystemRoot\system32\dla\tfsnifs.sys
0xACA5A000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA64C000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA3F0000 \SystemRoot\system32\dla\tfsnboio.sys
0xAFA3F000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA75A000 \SystemRoot\system32\dla\tfsndrct.sys
0xAC8F3000 \SystemRoot\system32\dla\tfsnudf.sys
0xAC8DA000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBA400000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAC7FA000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAC7BE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC49D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC5DA000 \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
0xBA5C8000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xAC3CE000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC4D2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC542000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAC0C2000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
0xAC00D000 \SystemRoot\system32\drivers\wdmaud.sys
0xAC2AE000 \SystemRoot\system32\drivers\sysaudio.sys
0xABF98000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xABF68000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xABF42000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xABB56000 \SystemRoot\system32\drivers\bdfm.sys
0xABB3D000 \SystemRoot\system32\drivers\BDHV.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xABAF1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xABA88000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB399000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
852 C:\WINDOWS\system32\smss.exe
908 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1176 C:\WINDOWS\system32\ati2evxx.exe
1192 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1320 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1332 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
1404 C:\WINDOWS\system32\svchost.exe
1492 C:\WINDOWS\system32\svchost.exe
1580 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1632 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1656 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1792 svchost.exe
1816 svchost.exe
2024 C:\WINDOWS\system32\spoolsv.exe
252 svchost.exe
300 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
336 C:\WINDOWS\system32\CTSVCCDA.EXE
428 C:\Program Files\Java\jre6\bin\jqs.exe
548 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
588 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
676 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
764 C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
904 C:\WINDOWS\system32\svchost.exe
960 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1500 C:\WINDOWS\system32\wuauclt.exe
2264 wmiprvse.exe
2336 C:\WINDOWS\system32\ati2evxx.exe
2692 wmiprvse.exe
4000 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
4024 C:\WINDOWS\system32\taskmgr.exe
988 G:\explorer.exe
2448 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2528 C:\Program Files\Java\jre6\bin\jusched.exe
2956 C:\WINDOWS\stsystra.exe
3064 C:\Program Files\Dell\Media Experience\PCMService.exe
3072 C:\WINDOWS\system32\rundll32.exe
3084 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3240 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2712 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2380 C:\DOCUME~1\Mary\LOCALS~1\Temp\clclean.0001
640 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
420 C:\WINDOWS\system32\dla\tfswctrl.exe
3280 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
1356 C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
1604 <unknown>
3616 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
3652 C:\WINDOWS\system32\rundll32.exe
3660 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3668 C:\WINDOWS\system32\wuauclt.exe
3764 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
3772 C:\WINDOWS\system32\ctfmon.exe
3804 C:\Program Files\AIM\aim.exe
1740 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
2932 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
652 G:\Windows BBS Tools\AntiVirus Ware\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`30f1d000 (NTFS)

PhysicalDrive0 Model Number: ST980825AS, Rev: 8.02

Size Device Name MBR Status
--------------------------------------------
73 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/09/02

Still running explorer from the thumb drive
Click to expand...

Explain the above little bit more.

MBRCheck log looks good now.

Delete your GMER file, download fresh one and post new log.

Then....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jdblue1976 · 2010/09/02

explorer.exe doesn't start on boot up. So I got a copy from my desktop and put it on a usb drive and manually start it using task manager.

broni · 2010/09/02

OK. Go on...

jdblue1976 · 2010/09/02

PEV.exe thru an exception error.

Is that important?

Log in or Sign up

Solved Win32.Loader.O Infection

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Win32.Loader.O Infection

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

Share This Page

Useful Searches