MBR:\...\PHYSICALDRIVE0

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

MBR:...PHYSICALDRIVE0

Post by Qaytu on Sat 20 Aug 2011, 9:01 am

I can only start in safe mode. I'm running Vista 2nd update. I was running avast 5 when the scan picked up this rootkit virus. Here are the OTL and extras texts, also the aswMBR text.
_________
OTL Extras logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB27AC-24E6-4F7E-BEA2-6F73537DF84D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{079DA964-225A-43E4-93BB-B65133AC839F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{168B8360-B228-483D-8600-947717636C47}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{186FBE03-BDF2-41D1-95C9-6A511CED26FE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{1DF635C1-187F-4ADB-9265-A4926B4DE20F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2054BF37-22A4-4C7C-BFFF-EB4CB2BB082E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{2D0DF968-39FA-47A1-8733-6AB9CB9A1C96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5875486D-ADCB-4136-BB4A-BEC9C2585115}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{596B81AE-1645-4401-8024-F70FAA557305}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{62BBE71C-73B4-429F-9BB4-440FC74144B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6776A08F-221C-4935-BA9A-FAA700D546B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A5406E2-EBBF-4F87-8751-32EE2D76616A}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{80B4C7DA-CE48-4EC3-8A9D-EC09E3E16FEE}" = lport=2178 | protocol=6 | dir=in | app=system |
"{812641CE-E0D2-42D6-8709-6881581B25AC}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{970412A7-EE29-4E4D-B7E1-FF95F8B9D388}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9BA664CB-3F3D-4CFA-B434-A19B335928AD}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{B2EA9E6A-3878-47DF-9FB3-FAF4668F1F03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B96FFD81-237B-495C-87FF-4CB7C19170C6}" = rport=2178 | protocol=6 | dir=out | app=system |
"{FF2DD0DA-16F5-4455-9587-A14374CB03EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F8A22-CE7F-499E-BCB9-57BB669FFD4A}" = protocol=6 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{02791285-D961-4EBB-9E30-F584D45A2202}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{0ABD1915-6627-403E-A5D6-66253926081C}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{0DD01FB4-6A2E-4D9E-8481-ACB67F1140C6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{112F719D-FC66-4EE1-B09B-7BA9575A83A4}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{1AB1EAF3-8E46-4466-85BE-336EF2F10FE6}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{21083DA9-C628-418C-B49E-7FB18A0F2369}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{2B0E4EC6-30B5-4CC8-BB78-C24AEC663266}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3465BEB3-3D56-4DFA-BDE1-31482078A0D9}" = protocol=17 | dir=in | app=e:\ravenhearst_en.exe |
"{35C0A966-D908-4BE6-96CC-7A3914E552C2}" = protocol=6 | dir=in | app=e:\ravenhearst_en.exe |
"{3627E63F-91AB-40BD-B07E-13CAD63E990B}" = protocol=17 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{3C8F36C2-7101-45CE-9C17-D22468EA8F52}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{3F604EBF-A50D-48AC-8261-D21C5EA4677C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{464475BB-7526-4C54-9820-108376FCE2FE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4855DE68-82EB-4190-9C24-96EAA4FF3574}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48EEAF7C-CEBB-4713-81DD-ACAE44986001}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{4DA67A1D-68D1-42D8-B230-C191986E50B2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{527867F9-D766-4A17-90D7-F07775F11B80}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5F9AC933-139D-4C29-A014-57A9BCE625DA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{611ACD0A-C6A4-48AD-8276-05DE2F52F464}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{7C616388-42B7-48CC-8CA3-7AA3AB06C383}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"{7EE6E32C-406E-4492-9CE2-B73894242405}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{80A17717-6007-490D-A201-DB40D189A878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81B470E0-E1C9-497B-8736-B9C22CFE39B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82B571A5-C9CF-4A1D-9C61-EC8BF779700F}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{8CFABF60-EF2B-4E8A-9995-4CF844571CD0}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9BD3A751-3F4E-4068-A9B4-D1217898F493}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9ED94F92-8848-4BFB-8B2D-8D47991EF3D9}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"{A5EAE059-798D-46EE-868C-E74DCB40D5E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ABEE3B27-FF12-4E94-9FA1-BC02FB4503B3}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{ADC25442-7AC3-4801-9429-BD257139CE7E}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{B6858DB1-58E8-408D-B3EF-01316158FAA8}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{BA482BE8-6F17-4580-9DEA-AFB34E794237}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BFFDCD7A-5457-414A-847C-852C46F1C57A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C5B0E0F1-64F5-4103-B87C-BD503A590DD4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C7F59A8E-1023-482D-90F2-673EFE9A1B3D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CD8F569D-8510-4A69-9325-3B6874152CFE}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D4C54C4C-C178-4C2A-B445-F71BCEBE3B08}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{D7912B64-A4D0-4BF9-9702-7C6A7FDAAB93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C43FEA-0875-4ADC-BAF1-385E2E5A6D02}" = protocol=6 | dir=out | app=system |
"{E30EC8A2-8789-40E7-BC1E-7F5FE153D3E0}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{EB735D33-FDD7-49FE-A7D8-A0D928636EE0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F1DB4E70-0882-49D0-8DEB-56EC8E4A8800}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F209C1A4-E119-4F81-9A1A-FAD1BF8B4569}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{F81D17C5-8692-4283-992C-1B7D75D804C2}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"{FCD733CF-CD32-47B0-8C9E-0D59792DCC82}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"TCP Query User{28A56EDD-A2BD-4A8A-9CB1-2E023AF0E6E1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9BBA9B99-A202-4C92-A76A-9B6CD10A449A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0475727-8B76-49FA-A9EB-176A7B233391}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{A86B132D-E4F4-43AA-BBBF-84D29785AECA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{EF23B7DE-BB94-423D-8B9E-140328C22C14}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2907FA5D-B046-4726-80F4-7E3CB6434058}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{D46FE928-7BCE-46D1-9B5E-CC74FE7150C2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E36CFC14-1C12-4EB7-BCDB-0C11D8CB22E2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F49022B7-F1CB-4C4D-AD64-5B253B425D72}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F79E9878-7514-4C98-B1CB-2259116ED0E1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.2.79
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"BfgBar" = Big Fish Games Toolbar 2.0
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"conduitEngine" = Conduit Engine
"eGames GameButler" = eGames GameButler
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Puzzle & Board Games 2009" = Hoyle Puzzle & Board Games 2009
"IObit Security 360_is1" = IObit Security 360
"isoHunt Toolbar" = isoHunt Toolbar
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Live Billiards 2" = Live Billiards 2
"Magic Encyclopedia Moon Light 1.00" = Magic Encyclopedia Moon Light 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NetSight" = Nielsen
"OpenAL" = OpenAL
"Origin" = Origin
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RollerCoaster Tycoon Setup" = Roll
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
"Smart Defrag 2_is1" = Smart Defrag 2
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Voodoo Whisperer - Curse of a Legend" = Voodoo Whisperer - Curse of a Legend
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

__________________________
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 11:19:55
-----------------------------
11:19:55.458 OS Version: Windows 6.0.6002 Service Pack 2
11:19:55.458 Number of processors: 1 586 0x1601
11:19:55.458 ComputerName: JOYCE-PC UserName: dummy
11:19:56.050 Initialize success
11:20:02.602 AVAST engine defs: 11081200
11:20:10.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:20:10.699 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
11:20:12.727 Disk 0 MBR read successfully
11:20:12.727 Disk 0 MBR scan
11:20:12.742 Disk 0 Windows VISTA default MBR code
11:20:12.758 Disk 0 scanning sectors +488278016
11:20:12.836 Disk 0 scanning C:\Windows\system32\drivers
11:20:23.865 Service scanning
11:20:24.286 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **HIDDEN**
11:20:25.020 Modules scanning
11:20:30.043 Disk 0 trace - called modules:
11:20:30.074 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:20:30.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849194b0]
11:20:30.604 3 CLASSPNP.SYS[87ba78b3] -> nt!IofCallDriver -> [0x83a2a898]
11:20:30.604 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e49528]
11:20:31.431 AVAST engine scan C:\Windows
11:20:35.425 AVAST engine scan C:\Windows\system32
11:22:05.858 File: C:\Windows\system32\odbcbcpp.dll **INFECTED** Win32:Malware-gen
11:22:07.215 File: C:\Windows\system32\olecli322.dll **INFECTED** Win32:Malware-gen
11:22:20.116 File: C:\Windows\system32\schedsvcc.dll **INFECTED** Win32:Malware-gen
11:22:58.071 AVAST engine scan C:\Windows\system32\drivers
11:23:15.543 AVAST engine scan C:\Users\dummy
11:24:00.440 AVAST engine scan C:\ProgramData
11:29:02.612 Scan finished successfully
11:33:56.282 Disk 0 MBR has been saved successfully to "C:\Users\dummy\Desktop\MBR.dat"
11:33:56.282 The log file has been saved successfully to "C:\Users\dummy\Desktop\aswMBR.txt"


OTL logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/22 09:58:23 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/19 15:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/18 15:04:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/13 22:14:30 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/13 22:14:30 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/08/12 00:18:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (isoHunt Toolbar) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\Windows\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: conhost - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NielsenOnline - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 22:55:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Local\temp
[2011/08/13 02:44:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/13 02:08:40 | 000,061,440 | ---- | C] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/12 12:07:18 | 004,170,159 | R--- | C] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 04:58:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:55:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:55 | 178,215,952 | ---- | C] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:07:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/12 00:07:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/12 00:07:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/12 00:07:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/12 00:07:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/04 17:46:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/08/03 00:19:03 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle FaceCreator
[2011/08/03 00:19:02 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/07/30 03:32:38 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/30 03:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/29 22:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/29 22:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/25 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Vogat Interactive
[2011/07/18 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/07/15 00:35:04 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\Windows\System32\SDDEVMGR.dll
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 22:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/08/13 22:02:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 09:32:41 | 000,000,680 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/13 02:05:35 | 000,060,184 | ---- | M] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 11:33:56 | 000,000,512 | ---- | M] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:33:02 | 126,978,706 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:18:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/11 23:22:04 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 23:22:04 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/05 07:07:28 | 000,006,472 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/08/04 17:46:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/07/30 19:14:39 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:34:12 | 000,354,150 | ---- | M] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 10:34:06 | 000,188,155 | ---- | M] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/07/25 02:53:50 | 000,000,552 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 22:12:35 | 000,004,740 | ---- | M] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 01:29:58 | 000,000,632 | RHS- | M] () -- C:\Users\dummy\ntuser.pol
[2011/07/20 05:12:31 | 000,866,304 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/20 05:04:57 | 001,690,624 | RH-- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/15 00:35:04 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

The rest of the log will be in the next post.
Thanx!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 20 Aug 2011, 9:03 am

Here is the rest of the OTL log.

========== Files Created - No Company Name ==========

[2011/08/13 02:05:35 | 000,060,184 | ---- | C] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 11:33:56 | 000,000,512 | ---- | C] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 00:07:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/12 00:07:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/12 00:07:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/12 00:07:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/12 00:07:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:42:58 | 126,978,706 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/05 02:51:50 | 000,006,472 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/30 05:28:02 | 000,354,150 | ---- | C] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 05:27:56 | 000,188,155 | ---- | C] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/25 02:53:50 | 000,000,552 | ---- | C] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 04:36:03 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/07/20 04:47:10 | 001,690,624 | RH-- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/20 04:47:10 | 000,866,304 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/15 00:35:04 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[2011/07/08 03:30:34 | 000,004,608 | ---- | C] () -- C:\Users\dummy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 22:16:12 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/05/09 11:37:00 | 000,004,740 | ---- | C] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/05/06 23:43:52 | 000,011,026 | -HS- | C] () -- C:\ProgramData\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2
[2011/05/03 16:48:47 | 000,000,680 | ---- | C] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/05/03 16:48:16 | 000,000,036 | ---- | C] () -- C:\Users\dummy\AppData\Local\housecall.guid.cache
[2011/05/03 13:15:21 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/05/03 13:15:21 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/09 13:38:06 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~22470408r
[2011/04/09 13:38:05 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~22470408
[2011/04/09 13:38:01 | 000,000,336 | -H-- | C] () -- C:\ProgramData\22470408
[2011/04/08 04:02:53 | 000,012,416 | -HS- | C] () -- C:\ProgramData\2935481361
[2011/04/08 03:59:45 | 000,012,404 | -HS- | C] () -- C:\ProgramData\ve3k80q6ia
[2011/04/07 06:55:18 | 000,011,400 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/03/27 01:41:01 | 000,011,936 | -HS- | C] () -- C:\ProgramData\106v50l53jpe0d87ue1i
[2011/03/23 03:58:47 | 000,010,572 | -HS- | C] () -- C:\ProgramData\fb22xu425vb5fp54wy6lyr05k7ql7026w3vc55a2845p1
[2010/10/28 17:40:57 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/10/28 17:40:56 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010/08/31 16:50:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/08/31 16:50:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/08/31 16:50:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/05/22 09:58:23 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2010/04/19 22:09:40 | 000,003,330 | -HS- | C] () -- C:\ProgramData\22k5paIc
[2010/03/18 20:44:11 | 000,000,473 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/02/23 21:57:59 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/08 06:04:27 | 000,000,044 | -H-- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/01/28 06:09:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/13 22:14:30 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/01/13 22:14:30 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/12/21 05:58:30 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/11/20 08:10:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/11/19 10:05:41 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dxdiaag.exe
[2009/11/04 04:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards.INI
[2009/10/21 05:20:38 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/08/14 12:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/14 12:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/05 19:31:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/26 17:52:58 | 000,055,954 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/10/15 16:36:13 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/16 00:56:10 | 000,023,040 | ---- | C] () -- C:\Windows\System32\PopWait.exe
[2008/09/05 22:49:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/09/05 22:49:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/09/04 19:29:18 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/07/18 17:32:08 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/18 17:32:08 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/18 17:32:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/18 17:32:08 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/03 16:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,266,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\clleanmgr.exe
[2006/11/02 03:33:01 | 000,594,698 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,100,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/07 17:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\system32\temppf.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/05/03 10:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/11/19 23:14:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/10 12:41:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Adventure Chronicles
[2011/05/03 10:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/02/18 00:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/02/04 09:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/22 16:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2011/07/30 03:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bejeweled 3
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\BfgBar
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/12 12:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Celeris
[2008/07/18 15:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/08/13 02:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/19 06:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/07/03 14:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2008/07/18 09:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/09/19 20:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Cryo Interactive Entertainment
[2008/07/18 14:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/12/29 17:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2008/07/18 15:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/18 15:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2011/02/28 19:12:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Diablo II
[2011/05/03 10:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/01/24 23:31:14 | 000,000,000 | -H-D | M] -- C:\Program Files\directx
[2011/05/03 10:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Chronicles - The Chosen Child
[2010/01/28 00:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
[2011/06/17 01:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/11/17 06:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/07/03 04:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Free YouTube Downloader
[2011/08/10 00:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2011/07/03 14:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ganymede
[2011/07/05 23:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Golden Trails 2 The Lost Legacy
[2010/01/31 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/05/03 10:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Green Moon
[2011/07/03 14:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Hoyle Puzzle & Board Games 2009
[2011/07/15 00:35:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/18 14:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/05/09 12:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/05/10 22:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/07/03 14:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\isoHunt
[2009/05/25 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/10/17 23:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/03 10:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/08/22 16:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/11/10 04:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/07/24 23:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 10:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Marooned
[2010/02/01 20:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/07/18 14:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/18 14:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 05:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/05 09:03:58 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2010/01/19 14:01:47 | 000,000,000 | -H-D | M] -- C:\Program Files\My Downloaded Games
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Nightmare Adventure - Witchs Prison
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2011/06/17 01:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Origin
[2009/12/06 04:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\OXXOGames
[2011/07/15 00:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2010/04/10 01:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/21 00:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2006/11/02 05:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/19 05:32:26 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Secret Mission - The Forgotten Island
[2010/07/30 09:18:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Snark Busters Welcome to the Club
File not found -- C:\Program Files\Sultan of Persia
[2011/08/12 03:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 01:10:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Telltale Games
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trapped - The Abduction
[2009/02/02 17:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2006/11/02 05:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/05/03 13:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Viva Media Game Center
[2011/05/05 02:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Voodoo Whisperer - Curse of a Legend
[2010/04/24 09:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2011/07/15 20:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/13 20:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/04/08 07:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/05/03 10:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/05/10 09:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/19 10:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/18 04:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/12/30 04:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games


< MD5 for: AGP440.SYS >
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 19:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 19:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 02:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-03 21:32:52

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:33611CFB
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:43157EDE
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:88B0DDFD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:7158CB97
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E5122BD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0310A379
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6D94BA26
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:506E1E25
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:3DA71AE7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:398D29B6
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PBPUV9VK9V89VMRV5V4REABYEKLPH9E48E2R0T5PL34DBWFLM3TLVVVVVVVVVVJVK
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:852F2262
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:70B67720
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:65521523
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:47B543D8
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:6EE919A7
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:359B5EAB
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:37F92FC5
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:C144EBE0
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:E3892B6D
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C946DB94
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:37C5B4CA
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FEF90995
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:8D4852A2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6F863BC7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F073D52C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5E85021E
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:42EF7FC8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:33E12B7A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:05487299
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D373CB5C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:058A7351
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D41E806D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:97AD6135
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:ED86E7AC
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:72739815
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:40DB6D00
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0C9C1FE0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9F36615A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:60EA2068
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0479E312
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7FEAB9B8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4AA3DAA3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:250A84D5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DDA2D0EB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCC862FF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9F222B60
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:50F94E7B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:367F03D2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:349CACE5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F1D9186A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9BFAA502
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3D0C4F47
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:16EC8A23
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D3DFEDE1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B4FDEF97
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AE8D9000
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9CD61266
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1E6E20D4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F8F070C2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F5D81BA1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E39052E1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CC228581
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:59ABA9C6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0803A95E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ACBFC561
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A72132CC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FC5AE643
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:341C1FBD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:13EF4AF6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F24AD862
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EC94F18F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:31426EDF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1170D6E4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A26AC9FC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6B05AF40
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:49DB5ACF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3C75E5BE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:04CE8640
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E8A39657
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D53344E0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4D9D205F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:322C7029
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:04F67B3D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8101D728
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:42A3BDD7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:115FA012
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D197DC80
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:447AD91E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:41DAF48E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D3168CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CC0D80AD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C186F20B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:90C12AC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B430BE3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:715EDF9F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07A0D262
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F0E0213B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:35D692B0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CD346A22
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BFAF71E0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7C819E94
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5795E8B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:12FE8709
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B9F6BE51
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8DCF53BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:195E2CF2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1FCF7DE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:92610EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3F9A3DFF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F5F91AE1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ECE19DD1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B77C5DEF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B64F7263
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:725A4A66
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:62B9E014
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:615B50FC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:541F9F51
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFEECAB4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F25B38E8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F0C1FF18
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:988216DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1477B2F8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FA1EAA7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E8CB831A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D3930F74
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74F3CA70
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73D86CD1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:69C58877
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5947273C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F7763364
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DC85983B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C1ECC69C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:90A2BDE4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8F248747
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:54CB420C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:437B9941
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:41B89F80
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:133CC4C3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC2D8A6F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E736CE6B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AC4DECA9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A5F155F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8ACA54F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3BAE765B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1C90EF4F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:15606AA7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0DCCEC7C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D0BB00BB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C92A6B45
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1CF2F47C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A57500CB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8B3A123D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7B626525
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:53C0A7FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:18EE7F24
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1898E06D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:05DCA64A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D941299B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B688AC76
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:81B5B293
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6FC375B1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C99C213
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BFD53918
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8CCA8DB4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:583D44CB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2361E235
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2C22C34B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EB12FF2B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DB4C77AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FEAEBBCA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:57176330
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:08EA7FD1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A37A44E3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:938EC881
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:20685A31
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D8C96088
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B6FD7157
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8BB2EC84
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D8228ABB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CFF21EA7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:10D98D98
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:026B76F2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AAF55C17
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9C012695
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8D9EB6DC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49951DEB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B47F9D81
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F52A6209
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0664ADFC
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:38BFF11F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F74C32B0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5070F1A6

< End of report >

Hopefully someone can help.
Thanx!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Sun 21 Aug 2011, 4:24 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon 22 Aug 2011, 5:41 am

ComboFix 11-08-21.01 - dummy 08/21/2011 11:26:48.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1669 [GMT -7:00]
Running from: c:\users\dummy\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\Ethan!\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\dummy\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\debi!!\AppData\Local\temp
2011-08-05 09:48 . 2011-08-05 14:25 -------- d-----w- c:\programdata\STOPzilla!
2011-08-05 09:48 . 2011-08-05 09:48 -------- d-----w- c:\program files\Common Files\iS3
2011-08-05 00:46 . 2011-08-05 00:46 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-05 00:46 . 2011-08-05 00:46 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-05 00:46 . 2011-08-05 00:46 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-05 00:46 . 2011-08-05 00:46 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-05 00:46 . 2011-08-05 00:46 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-05 00:46 . 2011-08-05 00:46 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-05 00:46 . 2011-08-05 00:46 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-05 00:46 . 2011-08-05 00:46 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-05 00:46 . 2011-08-05 00:46 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-05 00:46 . 2011-08-05 00:46 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-05 00:46 . 2011-08-05 00:46 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-05 00:46 . 2011-08-05 00:46 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-03 07:19 . 2011-08-21 13:54 -------- d-----w- c:\users\dummy\AppData\Roaming\Hoyle FaceCreator
2011-08-03 07:19 . 2011-08-21 13:55 -------- d-----w- c:\users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
2011-07-30 10:32 . 2011-07-30 10:32 -------- d-----w- c:\users\dummy\AppData\Roaming\AVG10
2011-07-30 10:30 . 2011-08-12 11:33 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-30 10:30 . 2011-07-30 10:31 -------- d-----w- c:\programdata\AVG10
2011-07-30 10:30 . 2011-07-30 10:30 -------- d-----w- c:\program files\AVG
2011-07-30 05:58 . 2011-07-30 05:58 -------- d--h--w- c:\programdata\Common Files
2011-07-30 05:58 . 2011-08-12 11:34 -------- d-----w- c:\programdata\MFAData
2011-07-25 17:56 . 2011-07-25 17:56 -------- d-----w- c:\users\dummy\AppData\Roaming\Vogat Interactive
2011-07-25 13:40 . 2011-07-25 13:40 -------- d-----w- c:\users\debi!!\AppData\Roaming\SUPERAntiSpyware.com
2011-07-25 06:27 . 2011-07-25 06:27 54016 ----a-w- c:\windows\system32\drivers\cgscfs.sys
2011-07-24 15:31 . 2011-07-24 15:31 -------- d-----w- c:\users\debi!!\AppData\Roaming\Looking_Glass_Lane_Gude
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 22:12 . 2011-07-07 22:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 19:36 . 2010-05-12 23:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-07 19:36 . 2010-05-12 23:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-07 02:52 . 2010-03-11 05:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-03-11 05:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 08:42 . 2011-06-17 07:34 1324 ----a-w- c:\windows\system32\ealregsnapshot1.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 00:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 18:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2010-05-12 16:39 2515552 ----a-w- c:\program files\isoHunt\tbiso1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\Alwil Software\Avast5\ashShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-18 22:04 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKLM\~\startupfolder\C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk]
path=c:\users\debi!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7249907A.lnk
backup=c:\windows\pss\7249907A.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 07:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 12:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conhost]
c:\program files\Internet Explorer\conhost.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline]
c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 14:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-05-22 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:18]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{43D50626-08A0-4A24-B741-20D9B51DC7DF}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-21 11:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5]
"ImagePath"="\??\c:\program files\Unlocker\UnlockerDriver5.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(700)
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2011-08-21 11:37:05
ComboFix-quarantined-files.txt 2011-08-21 18:37
ComboFix2.txt 2011-08-13 09:45
ComboFix3.txt 2011-08-12 19:20
ComboFix4.txt 2011-08-12 07:20
.
Pre-Run: 59,385,589,760 bytes free
Post-Run: 59,348,746,240 bytes free
.
- - End Of File - - B8EF6A72C0FFBDB3111B6896C8BF7E4F



Thanx alot for getting back to me!!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Tue 23 Aug 2011, 7:36 am

Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Wed 24 Aug 2011, 3:53 am

Here are the logs.

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7544

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

8/23/2011 5:46:05 AM
mbam-log-2011-08-23 (05-46-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 370645
Time elapsed: 45 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/23/2011 at 06:41 AM

Application Version : 4.56.1000

Core Rules Database Version : 7591
Trace Rules Database Version: 5403

Scan type : Complete Scan
Total Scan Time : 00:39:57

Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 9405
Registry threats detected : 0
File items scanned : 27912
File threats detected : 8

Adware.Tracking Cookie
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@lfstmedia[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@collective-media[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@ads.bleepingcomputer[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@ad.yieldmanager[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@media6degrees[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@statcounter[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@content.yieldmanager[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@invitemedia[2].txt


C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\FBStoolbar.exe.vir a variant of Win32/BHO.OCS trojan deleted - quarantined
C:\Tools\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\debi!!\Desktop\game torrents\House_M.D\House M.D\li-games-silent-2.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\debi!!\Desktop\rar games\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\debi!!\Desktop\Tools\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\debi!!\Downloads\duplicate-file-detective-3.0.1.69.exe a variant of Win32/Agent.QHQ trojan deleted - quarantined
C:\Users\debi!!\Downloads\Empress of the Deep - The Darkest Secret.exe a variant of Win32/Agent.RRG trojan cleaned by deleting - quarantined
C:\Users\debi!!\Downloads\Reincarnations 3 - Back to Reality BETA.exe a variant of Win32/TrojanDropper.Small.NMF trojan cleaned by deleting - quarantined
C:\Users\debi!!\Downloads\Twisted Land - Shadow Town\Twisted Land - Shadow Town.exe Win32/Delf.PQO trojan deleted - quarantined
C:\Windows\System32\clleanmgr.exe Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\dxdiaag.exe Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\odbcbcpp.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\olecli322.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\schedsvcc.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Wed 24 Aug 2011, 4:03 am

The startup on my computer is a little faster but I still can't start Windows normally. The BSoD message is still the same.

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Wed 24 Aug 2011, 7:51 am

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu 25 Aug 2011, 9:20 am

Status: Deleted (events: 16)
8/23/2011 4:49:19 PM Deleted Trojan program Trojan.Win32.Koblu.bsz C:\Documents and Settings\debi!!\Desktop\game torrents\Big Fish Games - Trapped The Abduction - PreCrack-no.exe High
8/23/2011 4:49:19 PM Deleted Trojan program Trojan.Win32.Koblu.bsz C:\Documents and Settings\debi!!\Desktop\game torrents\Big Fish Games - Trapped The Abduction - PreCrack-no.exe//svchost.exe High
8/23/2011 4:48:54 PM Deleted Trojan program Trojan.Win32.VB.yxt C:\Documents and Settings\debi!!\Desktop\game torrents\Marooned-no\Marooned.exe High
8/23/2011 4:48:54 PM Deleted Trojan program Trojan.Win32.VB.yxt C:\Documents and Settings\debi!!\Desktop\game torrents\Marooned-no\Marooned.exe//openfile.exe High
8/23/2011 4:52:56 PM Deleted Trojan program Backdoor.Win32.VB.lac C:\Documents and Settings\debi!!\Desktop\rar games\Allora_and_the_Broken_Portal_BETA.rar High
8/23/2011 4:52:56 PM Deleted Trojan program Backdoor.Win32.VB.lac C:\Documents and Settings\debi!!\Desktop\rar games\Allora_and_the_Broken_Portal_BETA.rar//Allora and the Broken Portal BETA/Security.dll High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar//Twisted Land - Shadow Town.exe High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar//Twisted Land - Shadow Town.exe//data0002 High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0016.res High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0016.res//Magic_Encyclopedia_Moon_Light.exe High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0000.cab High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe//lu.07.10.exe High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe//xxxl.15.10.exe High

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Fri 26 Aug 2011, 11:38 am

Your computer has keygens/cracks, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

Other than that, any other issues?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Fri 26 Aug 2011, 7:27 pm

How would I go about getting rid of those things? Also I can still only start in safe mode. When I try to start Windows normally I get BSoD. The stop message is 0x0000008E (0xC0000005, 0x81E7C7EF, 0x803EC644, 0x00000000). Lastly, did all the scans that were done find and get rid of the MBR:\...\PHYSICALDRIVE0 rootkit virus?

Thank you very much for the help you have given me. I really appreciate it!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Fri 26 Aug 2011, 11:24 pm

As far as I know, that bad stuff is now gone.

However, there are a couple of scans to be run real quick, if you suspect your MBR is infected, despite the MBR log above being clean...

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.



Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 27 Aug 2011, 3:33 am

Here are the next two logs you asked for.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C18000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD1000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80674000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80682000 \SystemRoot\system32\drivers\acpi.sys
0x806C8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D9000 \SystemRoot\system32\drivers\pci.sys
0x80700000 \SystemRoot\System32\drivers\partmgr.sys
0x8070F000 \SystemRoot\system32\drivers\volmgr.sys
0x8071E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80768000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8076F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8077D000 \SystemRoot\system32\drivers\pciide.sys
0x80784000 \SystemRoot\System32\drivers\mountmgr.sys
0x80794000 \SystemRoot\system32\drivers\atapi.sys
0x8079C000 \SystemRoot\system32\drivers\ataport.SYS
0x807BA000 \SystemRoot\system32\drivers\fltmgr.sys
0x807EC000 \SystemRoot\system32\drivers\fileinfo.sys
0x805BE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8227D000 \SystemRoot\system32\drivers\ndis.sys
0x82388000 \SystemRoot\system32\drivers\msrpc.sys
0x823B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x87806000 \SystemRoot\System32\drivers\tcpip.sys
0x878F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B14000 \SystemRoot\system32\drivers\volsnap.sys
0x87B55000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5C000 \SystemRoot\System32\Drivers\mup.sys
0x87B6B000 \SystemRoot\System32\drivers\ecache.sys
0x87B92000 \SystemRoot\system32\drivers\disk.sys
0x87BA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC4000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8790B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87914000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8794F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8795A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87998000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B006000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B093000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B09E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B0B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B0E5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B126000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B131000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B148000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B153000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B176000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B185000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B199000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1AE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B1BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B1C9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B1D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B1D6000 \SystemRoot\system32\DRIVERS\ks.sys
0x879A7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x879B1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879BE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x879F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87BF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B000000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87B4D000 \SystemRoot\System32\Drivers\Null.SYS
0x805E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E7000 \SystemRoot\System32\drivers\vga.sys
0x8B200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B221000 \SystemRoot\System32\drivers\watchdog.sys
0x8B22D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B235000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B240000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B24E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B257000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B26D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B281000 \SystemRoot\system32\drivers\afd.sys
0x8B2C9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B2FB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B304000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B31A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B328000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B364000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B36E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B385000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91870000 \SystemRoot\System32\win32k.sys
0x8B38D000 \SystemRoot\System32\drivers\Dxapi.sys
0x91A80000 \SystemRoot\System32\drivers\dxg.sys
0x91AB0000 \SystemRoot\System32\TSDDD.dll
0x91B30000 \SystemRoot\System32\framebuf.dll
0x8B397000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B3A4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B3AF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B3B7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B3D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9360B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93644000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9365C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x93666000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D40000 \Windows\System32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1564 C:\Windows\explorer.exe
280 C:\Windows\System32\wbem\unsecapp.exe
412 WmiPrvSE.exe
4512 C:\Program Files\IObit\IObit Security 360\is360.exe
4540 C:\Program Files\IObit\IObit Security 360\is360tray.exe
3004 C:\Program Files\Internet Explorer\iexplore.exe
1736 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 6.0.6002 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Sat 27 Aug 2011, 6:40 am

Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 27 Aug 2011, 9:39 am

No disrespect, I'm just curious. Why Windows XP MBR codes when I have Vista?

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sat 27 Aug 2011, 10:51 am

This is the log after I did the MBR fix.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C38000 \SystemRoot\system32\ntkrnlpa.exe
0x81C05000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80678000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80686000 \SystemRoot\system32\drivers\acpi.sys
0x806CC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DD000 \SystemRoot\system32\drivers\pci.sys
0x80704000 \SystemRoot\System32\drivers\partmgr.sys
0x80713000 \SystemRoot\system32\drivers\volmgr.sys
0x80722000 \SystemRoot\System32\drivers\volmgrx.sys
0x8076C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80773000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80781000 \SystemRoot\system32\drivers\pciide.sys
0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
0x80798000 \SystemRoot\system32\drivers\atapi.sys
0x807A0000 \SystemRoot\system32\drivers\ataport.SYS
0x807BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807F0000 \SystemRoot\system32\drivers\fileinfo.sys
0x805B7000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82207000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82278000 \SystemRoot\system32\drivers\ndis.sys
0x82383000 \SystemRoot\system32\drivers\msrpc.sys
0x823AE000 \SystemRoot\system32\drivers\NETIO.SYS
0x87805000 \SystemRoot\System32\drivers\tcpip.sys
0x878EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B12000 \SystemRoot\system32\drivers\volsnap.sys
0x87B53000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5A000 \SystemRoot\System32\Drivers\mup.sys
0x87B69000 \SystemRoot\System32\drivers\ecache.sys
0x87B90000 \SystemRoot\system32\drivers\disk.sys
0x87BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87BF6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790A000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87945000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87950000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8798E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE99000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AEA4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEBC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEEB000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF2C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF4E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF59000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF7C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF8B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF9F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFB4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFC4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFDA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8799D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFDC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823E9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8AFF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AE07000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x805D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87B4B000 \SystemRoot\System32\Drivers\Null.SYS
0x82200000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E2000 \SystemRoot\System32\drivers\vga.sys
0x8B006000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B027000 \SystemRoot\System32\drivers\watchdog.sys
0x8B033000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B03B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B046000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B054000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B05D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B073000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B087000 \SystemRoot\system32\drivers\afd.sys
0x8B0CF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B101000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B10A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B120000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B12E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B16A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B174000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B18B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91640000 \SystemRoot\System32\win32k.sys
0x8B193000 \SystemRoot\System32\drivers\Dxapi.sys
0x91850000 \SystemRoot\System32\drivers\dxg.sys
0x91880000 \SystemRoot\System32\TSDDD.dll
0x91900000 \SystemRoot\System32\framebuf.dll
0x8B19D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B1AA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B1B5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B1BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B1D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93804000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9383D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93855000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9385F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77740000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1384 C:\Windows\explorer.exe
1904 C:\Windows\System32\wbem\unsecapp.exe
1148 WmiPrvSE.exe
1860 C:\Program Files\Internet Explorer\iexplore.exe
1768 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Sun 28 Aug 2011, 9:30 am

Try the MBR fix once more as stated above and post a new log, please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon 29 Aug 2011, 4:20 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C4E000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1B000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80679000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80687000 \SystemRoot\system32\drivers\acpi.sys
0x806CD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DE000 \SystemRoot\system32\drivers\pci.sys
0x80705000 \SystemRoot\System32\drivers\partmgr.sys
0x80714000 \SystemRoot\system32\drivers\volmgr.sys
0x80723000 \SystemRoot\System32\drivers\volmgrx.sys
0x8076D000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80774000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80782000 \SystemRoot\system32\drivers\pciide.sys
0x80789000 \SystemRoot\System32\drivers\mountmgr.sys
0x80799000 \SystemRoot\system32\drivers\atapi.sys
0x807A1000 \SystemRoot\system32\drivers\ataport.SYS
0x807BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x807F1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8227B000 \SystemRoot\system32\drivers\ndis.sys
0x82386000 \SystemRoot\system32\drivers\msrpc.sys
0x823B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x87807000 \SystemRoot\System32\drivers\tcpip.sys
0x878F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B1C000 \SystemRoot\system32\drivers\volsnap.sys
0x87B5D000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B64000 \SystemRoot\System32\Drivers\mup.sys
0x87B73000 \SystemRoot\System32\drivers\ecache.sys
0x87B9A000 \SystemRoot\system32\drivers\disk.sys
0x87BAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BCC000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BF5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790C000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87947000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87952000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87990000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE92000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AE9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEE4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF25000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF30000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF47000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF52000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF75000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF84000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF98000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFAD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFBD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFC8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFD3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AFD5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8799F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x879A9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879B6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x879EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x823EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805CB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87B55000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x823F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82200000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87800000 \SystemRoot\System32\Drivers\Null.SYS
0x80600000 \SystemRoot\System32\Drivers\Beep.SYS
0x805DB000 \SystemRoot\System32\drivers\vga.sys
0x8B006000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B027000 \SystemRoot\System32\drivers\watchdog.sys
0x8B033000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B03B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B046000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B054000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B05D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B073000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B087000 \SystemRoot\system32\drivers\afd.sys
0x8B0CF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B101000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B10A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B120000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B12E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B16A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B174000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B18B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x916F0000 \SystemRoot\System32\win32k.sys
0x8B193000 \SystemRoot\System32\drivers\Dxapi.sys
0x91900000 \SystemRoot\System32\drivers\dxg.sys
0x91930000 \SystemRoot\System32\TSDDD.dll
0x919B0000 \SystemRoot\System32\framebuf.dll
0x8B19D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B1AA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B1B5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B1BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B1D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BD5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9360F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93648000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93660000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9366A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77510000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1640 C:\Windows\explorer.exe
468 C:\Windows\System32\wbem\unsecapp.exe
940 WmiPrvSE.exe
1780 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Mon 29 Aug 2011, 10:48 am

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press Enter
  • Open a Notepad and press CTRL V
  • Post the output back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Mon 29 Aug 2011, 5:44 pm

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83000000
Boot sector MD5 is: d026fa10f7a4253b255e05f63e8ef364

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix


Done;
Press any key to quit...


Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Wed 31 Aug 2011, 9:26 pm

Please open Notepad and enter in the following:
@echo off
start remover.exe fix \.\PhysicalDrive0
exit
Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Thu 01 Sep 2011, 4:10 pm

.\debug.cpp(238) : Debug log started at 01.09.2011 - 05:05:46
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : [You must be registered and logged in to see this link.]
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x81c35000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x81c02000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80407000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8040e000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8047e000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8048f000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80497000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804d8000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060c000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8067d000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8068b000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x806d1000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x806da000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x806e2000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80709000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80718000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80727000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x80771000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x80778000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x80786000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x8078d000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8079d000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x807a5000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x807c3000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x805b8000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x807f5000 0x00009000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x82203000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x82274000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8237f000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x823aa000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8780a000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x878f4000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x87a0d000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x87b1d000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x87b5e000 0x00007000 "\SystemRoot\System32\Drivers\SmartDefragDriver.sys"
.\debug.cpp(256) : 0x87b65000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x87b74000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x87b9b000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x87bac000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x87bcd000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x87a00000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x87bf6000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8790f000 0x0003b000 "\SystemRoot\system32\DRIVERS\e1e6032.sys"
.\debug.cpp(256) : 0x8794a000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x87955000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x87993000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8ae00000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8ae8d000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0x8ae98000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8aeb0000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x8aedf000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8af20000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8af2b000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8af42000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x8af4d000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8af70000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8af7f000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8af93000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x8afa8000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8afb8000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8afc3000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8afce000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8afd0000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x879a2000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x879ac000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x879b9000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x879ee000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x87800000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x823e5000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x87b56000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8affa000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x823f5000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x80600000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x805c8000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x805cf000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x805d6000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8b20e000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8b22f000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8b23b000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8b243000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8b24e000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8b25c000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8b265000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8b27b000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8b28f000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8b2d7000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8b309000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8b312000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8b328000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8b336000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8b372000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8b37c000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8b393000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x91630000 0x00202000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8b39b000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x91840000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x91870000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x918f0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x8b3a5000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8b3b2000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8b3bd000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x8b3c5000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x8b3de000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x87bd6000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x93601000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9363a000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x93652000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0x9365c000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x77d80000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_413C&PID_2105#5&2beb6c46&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6939eb09-54e7-11dd-bb3a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&39bfd449&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&179223db&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&715777&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{368ABA44-F30B-4B9B-B006-B5A2DB131DBF}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10000000Offset283000000Length37B2100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_020D1028&REV_02#3&2411e6fe&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPLDS_DVD+-RW_DH-16A6S___________________YD11____#5&384a886&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{601A5F35-E01E-4A22-A307-3541312908BA}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_020D1028&REV_02#3&2411e6fe&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00C#6&18bc8808&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6939eb0c-54e7-11dd-bb3a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02#3&2411e6fe&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&a57e816&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10000000Offset3000000Length280000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43D50626-08A0-4A24-B741-20D9B51DC7DF}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C00C#5&ec9b327&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2eb13f0&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&39bfd449&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmartDefragDevice"
.\debug.cpp(400) : Destination "\Device\SmartDefragDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1c8e8b0d&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPLDS_DVD+-RW_DH-16A6S___________________YD11____#5&384a886&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1c8e8b0d&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_020D1028&REV_02#3&2411e6fe&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2105#6&317302eb&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_020D1028&REV_02#3&2411e6fe&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{059AADCD-DBEE-4EFE-8B16-95D461FD49E3}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1e8ef8fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00C#6&18bc8808&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b3c86208-d456-11e0-9aa8-001d0992b6b4}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10000000Offset7E00Length2F08E00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6939eb08-54e7-11dd-bb3a-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10C0&SUBSYS_020D1028&REV_02#3&2411e6fe&0&C8#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{850EA409-FC82-49A7-9DEB-BABC66146CA7}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_413C&PID_2105#6&317302eb&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1BF750B1-526C-4A92-AB43-3E98014FEAAB}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2eb13f0&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&24cde621&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3250310AS_____________________________3.ADA___#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{43D50626-08A0-4A24-B741-20D9B51DC7DF}"
.\debug.cpp(400) : Destination "\Device\INTELPRO_{43D50626-08A0-4A24-B741-20D9B51DC7DF}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1864D492-6A40-4724-8E18-1BD485915190}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C2DDE639-5711-4A78-AC2A-A0C408C51DC0}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&39e334e0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3977ee9f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{401CAE3D-D892-4C15-9E1B-481BC03D183E}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_020D1028&REV_02#3&2411e6fe&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14fdf0fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83000000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: d026fa10f7a4253b255e05f63e8ef364
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

I hope this is what you want

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Thu 01 Sep 2011, 10:15 pm

Now, please re-run MBRCheck and post a new log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Qaytu on Sun 04 Sep 2011, 8:10 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C4D000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1A000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8067F000 \SystemRoot\system32\drivers\acpi.sys
0x806C5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806CE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D6000 \SystemRoot\system32\drivers\pci.sys
0x806FD000 \SystemRoot\System32\drivers\partmgr.sys
0x8070C000 \SystemRoot\system32\drivers\volmgr.sys
0x8071B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80765000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8076C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8077A000 \SystemRoot\system32\drivers\pciide.sys
0x80781000 \SystemRoot\System32\drivers\mountmgr.sys
0x80791000 \SystemRoot\system32\drivers\atapi.sys
0x80799000 \SystemRoot\system32\drivers\ataport.SYS
0x807B7000 \SystemRoot\system32\drivers\fltmgr.sys
0x807E9000 \SystemRoot\system32\drivers\fileinfo.sys
0x805C0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82280000 \SystemRoot\system32\drivers\ndis.sys
0x8238B000 \SystemRoot\system32\drivers\msrpc.sys
0x823B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87806000 \SystemRoot\System32\drivers\tcpip.sys
0x878F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B19000 \SystemRoot\system32\drivers\volsnap.sys
0x87B5A000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B61000 \SystemRoot\System32\Drivers\mup.sys
0x87B70000 \SystemRoot\System32\drivers\ecache.sys
0x87B97000 \SystemRoot\system32\drivers\disk.sys
0x87BA8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC9000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790B000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x87946000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87951000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8798F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AE07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE94000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8AE9F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AEE6000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AF27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AF32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AF49000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AF54000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AF86000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF9A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFAF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFBF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFCA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFD5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8799E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AFD7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x823F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87B52000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x807F9000 \SystemRoot\System32\Drivers\Null.SYS
0x805E2000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E9000 \SystemRoot\System32\drivers\vga.sys
0x8B20A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B22B000 \SystemRoot\System32\drivers\watchdog.sys
0x8B237000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B23F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B24A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B258000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B261000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B277000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B28B000 \SystemRoot\system32\drivers\afd.sys
0x8B2D3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B305000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B30E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B324000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B332000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B36E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B378000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B38F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91880000 \SystemRoot\System32\win32k.sys
0x8B397000 \SystemRoot\System32\drivers\Dxapi.sys
0x91A90000 \SystemRoot\System32\drivers\dxg.sys
0x91AC0000 \SystemRoot\System32\TSDDD.dll
0x91B40000 \SystemRoot\System32\framebuf.dll
0x8B3A1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B3AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B3B9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B3C1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B3DA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93801000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9383A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93852000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9385C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BD0000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1576 C:\Windows\explorer.exe
284 C:\Windows\System32\wbem\unsecapp.exe
412 WmiPrvSE.exe
1568 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Qaytu

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2011-08-12
Operating System : Vista 2nd update

View user profile

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by DragonMaster Jay on Mon 05 Sep 2011, 10:22 pm

Follow this tutorial to fix the MBR manually...

[You must be registered and logged in to see this link.]

See the section: Fix MBR in Vista.

Once done, post a new MBRCheck log, please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBR:\...\PHYSICALDRIVE0

Post by Sponsored content Today at 4:35 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum