RogueKiller prompted me to delete what was checked. You didn't say to do this, so I didn't.
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Administrator [Admin rights]
Mode: Scan -- Date: 08/22/2012 21:35:41
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]
¤¤¤ Registry Entries: 9 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] 660fd9b99918e0b5a3661b8c69037b40
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 230071 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 471202515 | Size: 8393 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001ec
Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A70000 \WINDOWS\system32\KDCOM.DLL
0xF7980000 \WINDOWS\system32\BOOTVID.dll
0xF7441000 ACPI.sys
0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7430000 pci.sys
0xF7570000 isapnp.sys
0xF7580000 ohci1394.sys
0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B38000 pciide.sys
0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A74000 viaide.sys
0xF7A76000 intelide.sys
0xF75A0000 MountMgr.sys
0xF7411000 ftdisk.sys
0xF7A78000 dmload.sys
0xF73EB000 dmio.sys
0xF77F8000 PartMgr.sys
0xF75B0000 VolSnap.sys
0xF7316000 iaStor.sys
0xF72FE000 atapi.sys
0xF72BB000 ftsata2.sys
0xF72A3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75C0000 disk.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7283000 fltmgr.sys
0xF7271000 sr.sys
0xF7202000 mfehidk.sys
0xF75E0000 bb-run.sys
0xF75F0000 PxHelp20.sys
0xF71EB000 KSecDD.sys
0xF715E000 Ntfs.sys
0xF7131000 NDIS.sys
0xF7117000 Mup.sys
0xF7620000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7720000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7950000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xF6387000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6373000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7958000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF634F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7960000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6236000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF6213000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AB2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7968000 \SystemRoot\System32\Drivers\Modem.SYS
0xF61EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF70D3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF61A0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6169000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7730000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7970000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7978000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xF70CF000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7740000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A08000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6152000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7750000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7760000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7800000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6141000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7770000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6116000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF609C000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7840000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7848000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF606C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7780000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7850000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AB6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF600E000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7790000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77A0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF77B0000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF35FF000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF35DB000 \SystemRoot\system32\drivers\portcls.sys
0xF77C0000 \SystemRoot\system32\drivers\drmk.sys
0xF7ABA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BAD000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ABC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7878000 \SystemRoot\System32\drivers\vga.sys
0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7880000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7888000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6106000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3558000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF34FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF34EA000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF34C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF349C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF60F2000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF347A000 \SystemRoot\System32\drivers\afd.sys
0xF6A23000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3458000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7890000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF342D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF33BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF69E3000 \SystemRoot\System32\Drivers\Fips.SYS
0xF69D3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF69C3000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF5FFE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF69B3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7898000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78A0000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF5FFA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7AC2000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xF30D1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF30AD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3095000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF35C7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BF8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xBA584000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA528000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9110000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8FB7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8C17000 \SystemRoot\system32\drivers\cfwids.sys
0xB8F27000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB7B1B000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB7BE7000 \SystemRoot\system32\drivers\mfebopk.sys
0xB7AF0000 \SystemRoot\system32\drivers\kmixer.sys
0xBA448000 \??\c:\windows\system32\drivers\TrueSight.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 65):
0 System Idle Process
4 System
740 C:\WINDOWS\system32\smss.exe
816 csrss.exe
840 C:\WINDOWS\system32\winlogon.exe
884 C:\WINDOWS\system32\services.exe
896 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1228 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1604 C:\WINDOWS\system32\spoolsv.exe
1768 C:\WINDOWS\explorer.exe
164 svchost.exe
288 C:\Program Files\SUPERAntiSpyware\SASCore.exe
296 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
316 C:\WINDOWS\arservice.exe
356 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
416 C:\Program Files\Bonjour\mDNSResponder.exe
540 C:\WINDOWS\ehome\ehrecvr.exe
660 C:\WINDOWS\ehome\ehSched.exe
1200 C:\Program Files\Java\jre7\bin\jqs.exe
1256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1292 C:\Program Files\Google\Update\GoogleUpdate.exe
1300 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1396 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1488 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1512 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1704 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1812 C:\WINDOWS\system32\mfevtps.exe
1924 C:\WINDOWS\system32\nvsvc32.exe
1952 svchost.exe
1764 svchost.exe
260 C:\WINDOWS\system32\svchost.exe
568 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2320 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2372 mcrdsvc.exe
2412 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3420 alg.exe
3012 C:\WINDOWS\system32\svchost.exe
3964 C:\Program Files\McAfee.com\Agent\mcagent.exe
4092 C:\WINDOWS\system32\ctfmon.exe
1364 C:\WINDOWS\ehome\ehtray.exe
2748 C:\WINDOWS\RTHDCPL.EXE
2852 C:\Program Files\DISC\DISCUpdMgr.exe
2092 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2868 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2916 C:\Program Files\iTunes\iTunesHelper.exe
2944 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2952 C:\Program Files\Unlocker\UnlockerAssistant.exe
2972 C:\Program Files\Messenger\msmsgs.exe
2996 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
2884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3308 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3372 C:\Program Files\OpenOffice.org 3\program\soffice.bin
900 C:\Program Files\iPod\bin\iPodService.exe
1108 C:\hp\KBD\kbd.exe
3772 C:\WINDOWS\system\hpsysdrv.exe
2688 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
3492 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2404 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
3000 RogueKiller.exe
2196 C:\WINDOWS\system32\notepad.exe
3208 C:\Program Files\Internet Explorer\iexplore.exe
3716 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600 (FAT32)
PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CE
B
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!