Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

mwtype Mebroot

  • This topic is locked This topic is locked




  • Topic Starter
  • Member
  • PipPip
  • 12 posts
MBRCheck, version 1.2.3
© 2010, AD

Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF89B5000 \WINDOWS\system32\KDCOM.DLL
0xF88C5000 \WINDOWS\system32\BOOTVID.dll
0xF83A1000 spfp.sys
0xF89B7000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF8389000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF835B000 ACPI.sys
0xF834A000 pci.sys
0xF84B5000 ohci1394.sys
0xF84C5000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF84D5000 isapnp.sys
0xF8A7D000 pciide.sys
0xF84E5000 MountMgr.sys
0xF832B000 ftdisk.sys
0xF873D000 PartMgr.sys
0xF84F5000 VolSnap.sys
0xF8313000 atapi.sys
0xF8505000 disk.sys
0xF82F3000 fltmgr.sys
0xF82E1000 sr.sys
0xF8525000 PxHelp20.sys
0xF82CA000 KSecDD.sys
0xF823D000 Ntfs.sys
0xF8210000 NDIS.sys
0xF8535000 sisagp.sys
0xF81F6000 Mup.sys
0xF8565000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF85A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7569000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF7555000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8835000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF7531000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF85B5000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF85C5000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF85D5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85E5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF750E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF883D000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF74CC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF73DA000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF7327000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8845000 \SystemRoot\System32\Drivers\Modem.SYS
0xF72AF000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF728B000 \SystemRoot\system32\drivers\portcls.sys
0xF85F5000 \SystemRoot\system32\drivers\drmk.sys
0xF7272000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF89ED000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xF81BA000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF725A000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF884D000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8605000 \SystemRoot\system32\DRIVERS\serial.sys
0xF81B6000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7246000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8615000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8855000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8AC2000 \SystemRoot\system32\drivers\msmpu401.sys
0xF8AA4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8625000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF81B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF722F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8635000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8645000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF885D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF721E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8655000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8865000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF886D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8665000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8875000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF89EF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF71C0000 \SystemRoot\system32\DRIVERS\update.sys
0xF8945000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8675000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8685000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76AD000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF1FB9000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xF1FA4000 \SystemRoot\System32\drivers\ctac32k.sys
0xF1F8B000 \SystemRoot\System32\drivers\emupia2k.sys
0xF1F6C000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xF8885000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8A07000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B10000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A09000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8895000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF889D000 \SystemRoot\System32\drivers\vga.sys
0xF8A0B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88A5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF895D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1DE2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF1D89000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF1D61000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1D3F000 \SystemRoot\System32\drivers\afd.sys
0xF86C5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1C74000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF1C04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF86D5000 \SystemRoot\System32\Drivers\Fips.SYS
0xF1BDE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF86E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF86F5000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF88B5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF89A9000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF88BD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF8755000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF875D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7895000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF81CA000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF1CEF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF1106000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A2D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF1BDA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF87C5000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B08000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF1E31000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF0BB0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF89D5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0CBD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF0B30000 \SystemRoot\system32\DRIVERS\srv.sys
0xF880D000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xF07ED000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF07B0000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0860000 \SystemRoot\system32\drivers\sysaudio.sys
0xF05D6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF048A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF0429000 \SystemRoot\System32\Drivers\HTTP.sys
0xF0810000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8A15000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF8785000 \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys
0xF02E8000 \SystemRoot\system32\DRIVERS\1566358.sys
0xEFDC8000 \SystemRoot\system32\DRIVERS\15663581.sys
0xF0880000 \SystemRoot\system32\DRIVERS\15663582.sys
0xEFDA4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF115E000 \??\C:\WINDOWS\system32\Drivers\uti0ote5.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 System
584 C:\WINDOWS\system32\smss.exe
632 csrss.exe
656 C:\WINDOWS\system32\winlogon.exe
704 C:\WINDOWS\system32\services.exe
716 C:\WINDOWS\system32\lsass.exe
868 C:\WINDOWS\system32\svchost.exe
948 svchost.exe
1040 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1144 svchost.exe
1404 C:\WINDOWS\system32\spoolsv.exe
1524 svchost.exe
1576 C:\WINDOWS\system32\svchost.exe
1588 C:\WINDOWS\system32\svchost.exe
1620 C:\WINDOWS\system32\svchost.exe
1652 C:\WINDOWS\system32\svchost.exe
1728 C:\WINDOWS\system32\svchost.exe
1200 C:\WINDOWS\system32\wscntfy.exe
196 C:\WINDOWS\system32\ctfmon.exe
1680 alg.exe
2072 C:\WINDOWS\explorer.exe
3012 C:\WINDOWS\system32\notepad.exe
2892 C:\WINDOWS\system32\taskmgr.exe
3044 C:\WINDOWS\system32\notepad.exe
2808 C:\Documents and Settings\Michelle\Desktop\Virus Removal Tool\setup_9.0.0.722_02.02.2011_12-52\setup_9.0.0.722_02.02.2011_12-52.exe
2688 C:\Program Files\Opera\opera.exe
3584 C:\Documents and Settings\Michelle\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3200820A

Size Device Name MBR Status
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

  • 0




    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi Smitty20,

Nice Job! The log looks clean.

  • Download OTL to your desktop
  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

  • Then click the Run Fix button at the top
  • You may be asked to reboot - if so, choose Yes

We need to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image

Remove Other Tools
  • Download OTC to your desktop and run it
  • Click CleanUp! to begin the cleanup process and remove our tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Clean Temporary Files
  • Download TFC to your desktop
  • Open the file and close any other windows
  • It will close all programs itself when run - make sure to let it run uninterrupted
  • Click the Start button to begin the process - the program should not take long to finish its job
  • Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window


From your logs, I did not notice a firewall or antivirus application installed. I cannot stress enough how important it is to have these basic tools installed and kept current to thwart the spread of malware on your computer. It is necessary to have an antivirus program running on your computer to help catch and keep some of the many types of malware and virus that people keep putting on the web.

Below are some free antivirus programs that I recommend. There are also many antivirus programs that will give you a free trial or limited use to see if you like it before purchasing.

Microsoft Security Essentials
Click here for Avast Home Edition
Click here for AVG Anti-Virus

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For most users the default Windows Firewall is acceptable for basic security, but if you would like a more in-depth firewall with more features I would recommend these--

Click Here for Comodo Personal Firewall
Click Here for Sunbelt Personal Firewall


Java Outdated

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


Below are links to several programs that will help protect your computer.

I recommend downloading any of the following applications.
  • SpywareBlaster keeps spyware from installing on your system - read the tutorial here
  • SpywareGuard protects your browser and computer in real time - read the tutorial here
  • SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here


Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
  • Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
  • ERUNT (Emergency Recovery Utility NT) - a registry backup utility
  • Cobian Backup - a very good backup utility - read the tutorial here
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Well all looks good, updated Java, Removed all the old versions and installed SuperAntispyware AVG 2011 free edition and Comodo Firewall. Thanks a lot, I think that has it covered.
  • 0



    Trusted Helper

  • Malware Removal
  • 3,890 posts
Your welcome. :D
  • 0



    Trusted Helper

  • Malware Removal
  • 3,890 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP