I have never used this tool so I cannot advise what you should do next. Did you tell the tool to remove the infection?

There was a command for the bootkit remover "%userprofile%\Desktop\remover.exe" fix , but it was unable to remove the bug.

And I had just found and ran the MBRCheck right before I posted.

Im reading thru a bunch of posts, and this file is related and it shows on my PC. Going to keep reading and find concise instructions for MBRcheck.

# Run MBRCheck.exe
# Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
# Please push the 'Y' key and then press Enter
# When program ask you Enter your choice: enter 2 and press the Enter key
# Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
# Enter 0 and press the Enter key.
# The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
# The program will prompt for confirmation. Type 'YES' and hit Enter.
# Left click on the title bar (where program name and path is written).
# From menu chose Edit -> Select All
# Hit the Enter key on your keyboard to copy selected text.
# Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
# Restart your PC.

I followed these instructions and have a clean follow up MBRcheck log. So far I havent seen a return of iexplore.exe in processes and wav volume is staying all the way up.

Going to re-install winamp and cross my fingers, 8-]

MBRCheck, version 1.1.0

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status


465 GB \\.\PhysicalDrive0 Windows XP MBR code detected

Done! Press ENTER to exit...

I will update you tomorrow or later tonight, Thanks again


I am back to normal! MBAM found nothing, SuperAntiSpyware just found tracking cookies, Avast has been quiet. Im not seeing iexplore.exe in my processes and the .wav volume has stayed put.

Thanks again for all you help, have a nice weekend.

My Flickr url got snipped, PM me if you need it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.