tcpview - 'unknown'

[jimnall]

I'm following the 'im infected' procedure in the forum.

My system has been running slow but i'm also hearing a sound, probably from "C", that is an abnormal clicking.

I'm also trying to receive audio streaming from "Broadwave' unsuccessfully.

When I ran TCPVIEW I saw a procedure labelled 'unknown' which I was unable to display th properties of. After a few minutes that procedure line in TCPVIEW suddenly turned RED and disappeared.

Whan I ran GMER rootkit I got an error saying I had a malicious win32.mbroot code @ 156280323. I also have PE Builder on my system with an address of 156280345.

For all of the above reasons I'd like your assistance to determine whether I have a reason to be concerned.

I'm running Microsoft Security Essentials and MBAM only.

I didn't run the diagnostic programs in the exact order specified in the 'im infected' post. If I need to do that please let me know and i'll redo this.

The requested logs from DDS, TCPVIEW, GMER, MBAM and MSE are attached/copied.

DDS.txt

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by jim nall at 10:12:14 on 2011-08-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1029 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\NCH Swift Sound\VRS\vrs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NCH Swift Sound\VRS\vrs.exe

C:\Program Files\MSI\DigiCell\DigiCell.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\jim nall\Desktop\c5pkrslg.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://search.myheritage.com

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [skyTel] SkyTel.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [VRS] "c:\program files\nch swift sound\vrs\vrs.exe" -logon

StartupFolder: c:\docume~1\jimnal~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digicell.lnk - c:\program files\msi\digicell\DigiCell.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\ati technologies\ati.ace\StartUpDualCoreCenter.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309482421578

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.mytripjournal.com/ImageUploader7.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6EC65E08-84D6-4F4C-AF1C-9EC8484B386B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C438724-3BAD-4391-8163-FC4F0A4641DD} : DhcpNameServer = 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKslf5eee746;MpKslf5eee746;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\MpKslf5eee746.sys [2011-8-24 28752]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-1 366640]

R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2011-8-22 1206276]

R3 DigiCellDriver;DigiCellDriver;c:\program files\msi\digicell\NTGLM7X.sys [2006-6-7 28672]

R3 DualCoreCenter;DualCoreCenter;c:\program files\ati technologies\ati.ace\NTGLM7X.sys [2011-6-30 28160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-1 22712]

R3 RushTopDevice2;RushTopDevice2;c:\program files\ati technologies\ati.ace\RushTop.sys [2011-6-30 46080]

R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-8-22 49240]

S0 cerc6;cerc6; [x]

S1 MpKsl11f4823c;MpKsl11f4823c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl11f4823c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl11f4823c.sys [?]

S1 MpKsl15de8a0c;MpKsl15de8a0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\mpksl15de8a0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\MpKsl15de8a0c.sys [?]

S1 MpKsl2abbd54e;MpKsl2abbd54e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl2abbd54e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl2abbd54e.sys [?]

S1 MpKsl5ef8b15e;MpKsl5ef8b15e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl5ef8b15e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl5ef8b15e.sys [?]

S1 MpKsl706531cd;MpKsl706531cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl706531cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl706531cd.sys [?]

S1 MpKsl7b3f26d9;MpKsl7b3f26d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl7b3f26d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl7b3f26d9.sys [?]

S1 MpKslefbd943c;MpKslefbd943c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpkslefbd943c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKslefbd943c.sys [?]

S1 MpKslf0e7be37;MpKslf0e7be37;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\mpkslf0e7be37.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\MpKslf0e7be37.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

.

=============== Created Last 30 ================

.

2011-08-24 15:07:10 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\MpKslf5eee746.sys

2011-08-24 15:06:52 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\mpengine.dll

2011-08-22 20:15:48 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys

2011-08-22 20:09:51 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Nero

2011-08-22 19:02:16 0 ----a-w- c:\windows\ativpsrm.bin

2011-08-20 20:58:36 -------- d-----w- c:\program files\Rocket Division Software

2011-08-05 15:38:54 -------- d-----w- c:\windows\Logs

2011-08-05 15:27:13 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Google

2011-08-01 15:44:00 -------- d-----w- c:\program files\RealVNC

2011-07-31 21:23:58 -------- d-----w- c:\documents and settings\jim nall\application data\NCH Software

2011-07-31 21:23:29 -------- d-----w- c:\program files\NCH Swift Sound

2011-07-31 21:23:11 -------- d-----w- c:\program files\NCH Software

2011-07-31 21:12:59 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU

2011-07-31 21:12:58 -------- d-----w- c:\documents and settings\jim nall\application data\AVS4YOU

2011-07-31 21:11:25 -------- d-----w- c:\program files\common files\AVSMedia

2011-07-31 21:11:11 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-07-31 21:11:10 24576 ----a-w- c:\windows\system32\msxml3a.dll

2011-07-31 21:11:10 -------- d-----w- c:\program files\AVS4YOU

2011-07-30 19:49:41 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Identities

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-07-30 17:06:34 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Apple

2011-07-30 17:05:49 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Apple Computer

2011-07-27 16:09:58 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2011-07-27 16:09:58 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-07-27 16:09:56 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-07-27 16:09:56 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.

==================== Find3M ====================

.

2011-08-11 18:42:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec

2011-06-21 21:23:58 389136 ----a-w- c:\windows\system32\FTBSaver.scr

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-14 03:09:22 65328 ----a-w- c:\windows\apppatch\matsshim.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 10:13:02.14 ===============

ATTACH.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/30/2011 6:35:47 PM

System Uptime: 8/24/2011 9:34:00 AM (1 hours ago)

.

Motherboard: MSI | | MS-7250

Processor: AMD Athlon 64 X2 Dual Core Processor 6400+ | CPU 1 | 3200/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 55.368 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 298 GiB total, 145.749 GiB free.

G: is FIXED (NTFS) - 932 GiB total, 699.624 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\4&126B373&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&126B373&0

Service: i8042prt

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&126B373&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&126B373&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1: 6/30/2011 6:37:51 PM - System Checkpoint

RP2: 6/30/2011 6:43:44 PM - Installed Realtek High Definition Audio Driver

RP3: 6/30/2011 6:46:44 PM - Installed Realtek High Definition Audio Driver

RP4: 6/30/2011 6:49:29 PM - Installed MSI DigiCell

RP5: 6/30/2011 7:45:45 PM - Software Distribution Service 3.0

RP6: 6/30/2011 7:48:09 PM - Software Distribution Service 3.0

RP7: 6/30/2011 8:16:13 PM - Windows Product Key Update Tool

RP8: 6/30/2011 8:20:47 PM - Software Distribution Service 3.0

RP9: 6/30/2011 8:31:52 PM - Installed Windows XP WgaNotify.

RP10: 6/30/2011 8:42:39 PM - Installed Windows Media Player 11

RP11: 6/30/2011 8:42:46 PM - Installed Windows XP Wudf01000.

RP12: 6/30/2011 8:43:24 PM - Installed Windows XP MSCompPackV1.

RP13: 6/30/2011 8:44:23 PM - Software Distribution Service 3.0

RP14: 6/30/2011 11:57:47 PM - Software Distribution Service 3.0

RP15: 7/1/2011 9:36:24 AM - Microsoft Antimalware Checkpoint

RP16: 7/1/2011 10:15:06 AM - Software Distribution Service 3.0

RP17: 7/1/2011 10:31:59 AM - Software Distribution Service 3.0

RP18: 7/1/2011 4:55:25 PM - Installed Microsoft Office Professional Edition 2003

RP19: 7/1/2011 5:12:10 PM - Software Distribution Service 3.0

RP20: 7/2/2011 10:11:22 AM - Software Distribution Service 3.0

RP21: 7/2/2011 10:21:08 AM - Software Distribution Service 3.0

RP22: 7/2/2011 10:43:56 AM - Installed Adobe Reader X (10.1.0).

RP23: 7/3/2011 3:42:15 PM - Software Distribution Service 3.0

RP24: 7/3/2011 6:04:45 PM - Software Distribution Service 3.0

RP25: 7/5/2011 11:37:33 AM - Software Distribution Service 3.0

RP26: 7/7/2011 8:35:35 AM - Software Distribution Service 3.0

RP27: 7/7/2011 9:56:45 AM - Installed %1 %2.

RP28: 7/7/2011 3:47:34 PM - Software Distribution Service 3.0

RP29: 7/7/2011 6:49:22 PM - Installed DAK Wave MP3 Editor PRO v6.1b

RP30: 7/7/2011 7:22:50 PM - Installed OmniPage SE

RP31: 7/7/2011 8:07:54 PM - Installed Manual CanoScan 4200F

RP32: 7/7/2011 9:21:46 PM - Printer Driver HP Officejet Pro 8500 A909a Series fax Installed

RP33: 7/8/2011 6:31:06 PM - Software Distribution Service 3.0

RP34: 7/8/2011 6:49:39 PM - Installed HP Product Detection.

RP35: 7/8/2011 8:19:59 PM - Software Distribution Service 3.0

RP36: 7/10/2011 9:32:15 AM - Software Distribution Service 3.0

RP37: 7/10/2011 10:15:17 AM - Software Distribution Service 3.0

RP38: 7/11/2011 11:14:13 AM - Software Distribution Service 3.0

RP39: 7/12/2011 9:17:30 AM - Removed NetAssistant

RP40: 7/12/2011 9:29:29 AM - Removed MPM

RP41: 7/12/2011 7:05:49 PM - Installed Windows XP KB932716-v2.

RP42: 7/12/2011 7:05:55 PM - Software Distribution Service 3.0

RP43: 7/13/2011 12:21:21 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP44: 7/13/2011 12:21:37 AM - Installed Java 6 Update 22

RP45: 7/13/2011 12:21:57 AM - Installed OpenOffice.org 3.3

RP46: 7/15/2011 10:00:48 AM - Software Distribution Service 3.0

RP47: 7/15/2011 12:10:33 PM - Installed DirectX

RP48: 7/15/2011 12:11:08 PM - Installed Nero 9 4.4.9.0

RP49: 7/16/2011 9:31:31 AM - Software Distribution Service 3.0

RP50: 7/16/2011 10:28:48 AM - Software Distribution Service 3.0

RP51: 7/16/2011 5:00:32 PM - Software Distribution Service 3.0

RP52: 7/18/2011 11:33:07 AM - Software Distribution Service 3.0

RP53: 7/18/2011 5:54:03 PM - Installed Adobe Photoshop Elements 8.0.

RP54: 7/20/2011 10:07:30 AM - Software Distribution Service 3.0

RP55: 7/27/2011 11:21:02 AM - Software Distribution Service 3.0

RP56: 7/27/2011 11:26:38 AM - Installed Java 6 Update 26

RP57: 7/28/2011 1:30:31 PM - Software Distribution Service 3.0

RP58: 7/30/2011 11:25:23 AM - Software Distribution Service 3.0

RP59: 7/30/2011 12:06:49 PM - Installed QuickTime

RP60: 7/31/2011 3:58:36 PM - Software Distribution Service 3.0

RP61: 8/1/2011 4:20:12 PM - System Checkpoint

RP62: 8/3/2011 9:00:46 AM - Software Distribution Service 3.0

RP63: 8/4/2011 10:08:37 AM - Software Distribution Service 3.0

RP64: 8/5/2011 10:21:01 AM - Software Distribution Service 3.0

RP65: 8/5/2011 10:59:06 AM - Installed DirectX

RP66: 8/7/2011 3:43:24 PM - Software Distribution Service 3.0

RP67: 8/9/2011 9:27:58 AM - Software Distribution Service 3.0

RP68: 8/9/2011 10:09:24 PM - Software Distribution Service 3.0

RP69: 8/10/2011 9:00:13 PM - Software Distribution Service 3.0

RP70: 8/11/2011 9:09:42 AM - Software Distribution Service 3.0

RP71: 8/12/2011 10:56:30 AM - Software Distribution Service 3.0

RP72: 8/12/2011 10:03:40 PM - Software Distribution Service 3.0

RP73: 8/14/2011 12:44:15 PM - Software Distribution Service 3.0

RP74: 8/16/2011 4:28:07 PM - Software Distribution Service 3.0

RP75: 8/17/2011 5:04:36 PM - System Checkpoint

RP76: 8/17/2011 8:15:08 PM - Software Distribution Service 3.0

RP77: 8/19/2011 11:04:31 AM - Software Distribution Service 3.0

RP78: 8/20/2011 12:18:40 PM - System Checkpoint

RP79: 8/22/2011 10:47:38 AM - Software Distribution Service 3.0

RP80: 8/23/2011 12:25:41 PM - Software Distribution Service 3.0

RP81: 8/23/2011 6:25:57 PM - Software Distribution Service 3.0

RP82: 8/24/2011 10:06:45 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 4.57

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Photoshop Elements 8.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.0)

Advertising Center

Apple Application Support

Apple Software Update

Ask Toolbar

AVS Image Converter 2.0.2.160

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.4

Bing Bar

Bing Bar Platform

bpd_scan

Canon CanoScan Toolbox 4.6

DAK DePopper 3.x

DAK Wave MP3 Editor PRO v6.1b

Dell Driver Download Manager

DolbyFiles

DualCoreCenter

Express Burn Disc Burning Software

Google Earth

Google Update Helper

Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP Deskjet 3900 series

HP Product Detection

HP Update

HPDeskjet3900Series

ImagXpress

Internet Explorer (Enable DEP)

Java Auto Updater

Java 6 Update 26

Malwarebytes' Anti-Malware version 1.51.1.1800

Manual CanoScan 4200F

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Fix it Center

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Movie Templates - Starter Kit

MSI DigiCell

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyHeritage Family Tree Builder

Nero 9

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero DiscSpeed

Nero DriveSpeed

Nero InfoTool

Nero Installer

Nero PhotoSnap

Nero Recode

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero Vision

Nero WaveEditor

NeroBurningROM

NeroExpress

neroxml

NVIDIA Drivers

OmniPage SE 2.0

OpenOffice.org 3.3

PhotoPad Image Editor

PhotoStage Slideshow Producer

Pixillion Image Converter

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SoundTap Streaming Audio Recorder

SoundTrax

Switch Sound File Converter

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VNC Free Edition 4.1.3

VRS Recording System

WavePad Sound Editor

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Yahoo! Detect

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/20/2011 10:12:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

8/19/2011 10:54:24 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

MBAM quick scan log

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7553

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/24/2011 10:50:04 AM

mbam-log-2011-08-24 (10-50-04).txt

Scan type: Quick scan

Objects scanned: 171596

Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

_____________________________________END

GMER

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-24 11:24:12

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000073 ST3808110AS rev.3.AAD

Running: c5pkrslg.exe; Driver: C:\DOCUME~1\JIMNAL~1\LOCALS~1\Temp\pglyypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB955F000, 0x29C9F0, 0xE8000020]

? C:\DOCUME~1\JIMNAL~1\LOCALS~1\Temp\pglyypog.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3696] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323

Disk \Device\Harddisk0\DR0 PE file @ sector 156280345

---- EOF - GMER 1.0.15 ----

[screen317]

Hi and welcome to Malwarebytes.

My system has been running slow but i'm also hearing a sound, probably from "C", that is an abnormal clicking.

This means your hard drive is beginning to fail.

I highly recommend backing up your important data and purchasing a new hard drive to install Windows on. If yours is clicking then it wont last much longer.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!