Jump to content

ohaya

Honorary Members
 View Profile  See their activity

  • Posts

    21

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ohaya
    Naathim Any update on this? If this turns out to be a false positive, I would still like to clean off the files, etc. that were created. Thanks, Jim
  2. ohaya
    Naathim, I was wondering which, if any, of the files that we've created from the various tests thus far, I can delete? I can wait until we're at the conclusion, but am just curious about this. Thanks, Jim
  3. ohaya
    aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software Run date: 2014-11-03 13:52:29 ----------------------------- 13:52:29.991 OS Version: Windows x64 6.1.7600 13:52:29.991 Number of processors: 8 586 0x2D07 13:52:29.992 ComputerName: BIGBIGWINDOWS UserName: jl 13:52:30.099 Initialize success 13:52:30.150 VM: initialized successfully 13:52:30.151 VM: Intel CPU supported 13:53:09.080 VM: supported disk I/O ataport.SYS 13:53:46.122 AVAST engine defs: 14110301 13:54:11.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:54:11.020 Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 61057MB BusType: 11 13:54:11.021 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 13:54:11.022 Disk 1 Vendor: ST2000DM001-9YN164 CC4H Size: 1907729MB BusType: 11 13:54:11.023 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2 13:54:11.024 Disk 2 Vendor: WDC_WD1500AHFD-00RAR5 21.07QR5 Size: 143089MB BusType: 11 13:54:11.026 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-4 13:54:11.027 Disk 3 Vendor: ST2000DM001-9YN164 CC4H Size: 1907729MB BusType: 11 13:54:11.028 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP5T0L0-5 13:54:11.029 Disk 4 Vendor: ST2000DM001-1CH164 CC24 Size: 1907729MB BusType: 11 13:54:11.037 VM: Disk 0 MBR read successfully 13:54:11.039 Disk 0 MBR scan 13:54:11.041 Disk 0 Windows XP default MBR code 13:54:11.043 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 47998 MB offset 63 13:54:11.045 Disk 0 default boot code 13:54:11.053 Disk 0 scanning C:\Windows\system32\drivers 13:54:12.965 Service scanning 13:54:18.160 Modules scanning 13:54:18.163 Disk 0 trace - called modules: 13:54:18.165 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 13:54:18.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8026058060] 13:54:18.169 3 CLASSPNP.SYS[fffff8800195143f] -> nt!IofCallDriver -> [0xfffffa8025d671e0] 13:54:18.170 5 ACPI.sys[fffff88000f9a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8025da4060] 13:54:18.246 AVAST engine scan C:\ 14:03:28.996 Disk 0 statistics 13767707/0/14 @ 27.71 MB/s 14:03:29.011 Scan finished successfully 14:11:36.109 Disk 0 MBR has been saved successfully to "C:\Users\jl\Desktop\MBR.dat" 14:11:36.109 The log file has been saved successfully to "C:\Users\jl\Desktop\aswMBR.txt"
  4. ohaya
    Hi, To answer your question, "yes", I can boot each of those systems via the boot manager BING.
  5. ohaya
    Also, an additional piece of info: This system (when I ran the tools you asked for) was booting off of a Samsung SSD, i.e., Windows 7 was installed on the Samsung SSD. I think that the actual boot drive is a WD Raptor and that is where the BING resides, and then BING boots the Windows 7 that is on the Samsung SSD partition, or something like that.
  6. ohaya
    Hi, I'm not sure what you mean by "Is every system, on each drive, operational?"? As I said, I use BootIt NG ("BING"), which is an MBR/EMBR-based boot manager, to multi-boot (i.e., it allows me to have several different OSes installed and when I boot the system, BING allows me to select which of those OSes I want to boot into. As I understand it, BING installs itself partially into the MBR or EMBR of the actual Drive 0/Boot drive, and then it gets invoked when the system is booted, and BING then puts up a menu which allows me to select which "boot entry" I want to boot into. When I set up a boot entry BING also allows me to select which partitions on which physical drives are "visible", and I can make up to 4 partitions per physical drive visible. Does that answer your question? I think by "system", you mean an OS? If so, I think think that on that system, I have 2 different BING boot entries, both for Windows 7. One boots from Windows 7 partition that is on an SSD and the other boots from a Windows 7 partition that is on one of the physical hard drives, but ONLY ONE of those gets booted into each time I boot the system. Does that answer your question?
  7. ohaya
    Trying attach again ... TDSSKiller.3.0.0.41_03.11.2014_08.59.44_log.txt
  8. ohaya
    Attaching the larger TDSSkiller file..
  9. ohaya
    From MBRScan: MBRScan v1.1.1 OS : Windows 7 (64 bit)PROCESSOR : Intel64 Family 6 Model 45 Stepping 7, GenuineIntelBOOT : Normal BootDATE : 2014/11/03 (ISO 8601) at 09:11:16________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __SAMSUNG SSD 830 Series (CXM03B1Q)BUS_TYPE : (0x0B) S-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________ DISK : Device\Harddisk1\DR1 __ST2000DM001-9YN164 (CC4H)BUS_TYPE : (0x0B) S-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________ DISK : Device\Harddisk2\DR2 __WDC WD1500AHFD-00RAR5 (21.07QR5)BUS_TYPE : (0x0B) S-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________ DISK : Device\Harddisk3\DR3 __ST2000DM001-9YN164 (CC4H)BUS_TYPE : (0x0B) S-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________ DISK : Device\Harddisk4\DR4 __ST2000DM001-1CH164 (CC24)BUS_TYPE : (0x0B) S-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________ DISK : Device\Harddisk5\DR5 __ST975042 0AS (0001)BUS_TYPE : (0x07) USBUSE_PIO : NOMAX_TRANSFER : 64 KbALIGNMENT_MASK : byte aligned________________________________________________________________________________ Device\Harddisk0\DR0 59.63 Go [Fixed] ==> XP MBR Code MBR_MD5 : 4DF1A22A86B9B29747DCB69B488AF2E5MBR_SHA1 : 37F829FB05BD50F8E739FE40787C1C753E14DD7A Device\Harddisk0\Partition1 46.87 Go 0x07 NTFS / HPFS __ BOOTABLE __________________________________________________________________________________ Device\Harddisk1\DR1 1.82 To [Fixed] ==> XP MBR Code MBR_MD5 : E6D2CD646B3B7ED425661F1B2AAA5EF2MBR_SHA1 : 10EFEC9B678025942478FBACD795906A120B1127 Device\Harddisk1\Partition1 39.06 Go 0x07 NTFS / HPFSDevice\Harddisk1\Partition2 1.78 To 0x07 NTFS / HPFS________________________________________________________________________________ Device\Harddisk2\DR2 139.7 Go [Fixed] ==> Unknown MBR Code MBR_MD5 : 1CC2FBA0C3068C09B293D26A1AC8F8E7MBR_SHA1 : 05F8F6B4BAF063840CACBDB2BD8871B9C6400161 Device\Harddisk2\Partition1 22.46 Go 0x0C FAT32 [LBA] ________________________________________________________________________________ Device\Harddisk3\DR3 1.82 To [Fixed] ==> XP MBR Code MBR_MD5 : 1D150155A815BB1F5BDEDEC841211E87MBR_SHA1 : 5FAB6D8D01727171E99DEFE481F36B9876E0BBB3 Device\Harddisk3\Partition1 1.82 To 0x07 NTFS / HPFS________________________________________________________________________________ Device\Harddisk4\DR4 1.82 To [Fixed] ==> XP MBR Code MBR_MD5 : D57D0710A40EAB5F8D3745DD9F693D29MBR_SHA1 : EE5FB6E2012AFD2C452AA6B95FCAD5DE53AC1367 Device\Harddisk4\Partition1 1.82 To 0x07 NTFS / HPFS________________________________________________________________________________ Device\Harddisk5\DR5 698.6 Go [Fixed] ==> 7 MBR Code .... MBR_MD5 : 00AE180CFA94A9BC0340840A7BF56543MBR_SHA1 : 94417A0574FB6BF70968EFE161BC3B45FA522B51 Device\Harddisk5\Partition1 698.6 Go 0x07 NTFS / HPFS________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\system32\hal.dll => Invisible on the diskADDRESS : 0x03403000SIZE : 292.0 Ko DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the diskADDRESS : 0x00BAA000SIZE : 40.0 Ko DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the diskADDRESS : 0x00C31000SIZE : 272.0 Ko DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the diskADDRESS : 0x00C89000SIZE : 376.0 Ko DRIVER : C:\Windows\system32\CI.dll => Invisible on the diskADDRESS : 0x00CE7000SIZE : 768.0 Ko DRIVER : C:\Windows\system32\drivers\38116396.sys => Invisible on the diskADDRESS : 0x00DA7000SIZE : 256.0 Ko DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the diskADDRESS : 0x00EBF000SIZE : 656.0 Ko DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the diskADDRESS : 0x00F63000SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ACPI.sys => Invisible on the diskADDRESS : 0x00F72000SIZE : 348.0 Ko DRIVER : C:\Windows\system32\DRIVERS\WMILIB.SYS => Invisible on the diskADDRESS : 0x00FC9000SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\msisadrv.sys => Invisible on the diskADDRESS : 0x00FD2000SIZE : 40.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pci.sys => Invisible on the diskADDRESS : 0x00E00000SIZE : 204.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vdrvroot.sys => Invisible on the diskADDRESS : 0x00E33000SIZE : 52.0 Ko DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the diskADDRESS : 0x00E40000SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\volmgr.sys => Invisible on the diskADDRESS : 0x00E55000SIZE : 84.0 Ko DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the diskADDRESS : 0x0106F000SIZE : 368.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pcmcia.sys => Invisible on the diskADDRESS : 0x010CB000SIZE : 228.0 Ko DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the diskADDRESS : 0x01104000SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\atapi.sys => Invisible on the diskADDRESS : 0x0111E000SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ataport.SYS => Invisible on the diskADDRESS : 0x01127000SIZE : 168.0 Ko DRIVER : C:\Windows\system32\DRIVERS\msahci.sys => Invisible on the diskADDRESS : 0x01151000SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\PCIIDEX.SYS => Invisible on the diskADDRESS : 0x0115C000SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\asahci64.sys => Invisible on the diskADDRESS : 0x0116C000SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\amdxata.sys => Invisible on the diskADDRESS : 0x0117B000SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the diskADDRESS : 0x01186000SIZE : 304.0 Ko DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the diskADDRESS : 0x011D2000SIZE : 80.0 Ko DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the diskADDRESS : 0x01257000SIZE : 1.64 Mo DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the diskADDRESS : 0x01000000SIZE : 376.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the diskADDRESS : 0x01200000SIZE : 104.0 Ko DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the diskADDRESS : 0x014D2000SIZE : 460.0 Ko DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the diskADDRESS : 0x01545000SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the diskADDRESS : 0x01556000SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the diskADDRESS : 0x016D0000SIZE : 968.0 Ko DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the diskADDRESS : 0x01600000SIZE : 384.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the diskADDRESS : 0x01660000SIZE : 172.0 Ko DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the diskADDRESS : 0x01800000SIZE : 1.99 Mo DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the diskADDRESS : 0x01560000SIZE : 296.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vmstorfl.sys => Invisible on the diskADDRESS : 0x0168B000SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\volsnap.sys => Invisible on the diskADDRESS : 0x015AA000SIZE : 304.0 Ko DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the diskADDRESS : 0x0169B000SIZE : 32.0 Ko DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the diskADDRESS : 0x017C2000SIZE : 232.0 Ko DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the diskADDRESS : 0x016AD000SIZE : 72.0 Ko DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the diskADDRESS : 0x016BF000SIZE : 36.0 Ko DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the diskADDRESS : 0x01400000SIZE : 232.0 Ko DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the diskADDRESS : 0x0143A000SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the diskADDRESS : 0x01450000SIZE : 192.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgrkx64.sys => Invisible on the diskADDRESS : 0x01480000SIZE : 40.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgloga.sys => Invisible on the diskADDRESS : 0x00E6A000SIZE : 316.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgmfx64.sys => Invisible on the diskADDRESS : 0x0148A000SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidsha.sys => Invisible on the diskADDRESS : 0x0121A000SIZE : 196.0 Ko DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the diskADDRESS : 0x00C00000SIZE : 168.0 Ko DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the diskADDRESS : 0x015F6000SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the diskADDRESS : 0x016C8000SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the diskADDRESS : 0x0105E000SIZE : 56.0 Ko DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the diskADDRESS : 0x02C20000SIZE : 148.0 Ko DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the diskADDRESS : 0x02C45000SIZE : 64.0 Ko DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the diskADDRESS : 0x02C55000SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the diskADDRESS : 0x02C5E000SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the diskADDRESS : 0x02C67000SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the diskADDRESS : 0x02C70000SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the diskADDRESS : 0x02C7B000SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the diskADDRESS : 0x02C8C000SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the diskADDRESS : 0x02CAA000SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgtdia.sys => Invisible on the diskADDRESS : 0x02CB7000SIZE : 280.0 Ko DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the diskADDRESS : 0x02CFD000SIZE : 276.0 Ko DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the diskADDRESS : 0x02D42000SIZE : 552.0 Ko DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the diskADDRESS : 0x02DCC000SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the diskADDRESS : 0x02DD7000SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the diskADDRESS : 0x040B7000SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the diskADDRESS : 0x040DD000SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the diskADDRESS : 0x040F3000SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the diskADDRESS : 0x04102000SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the diskADDRESS : 0x0411F000SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\VBoxUSBMon.sys => Invisible on the diskADDRESS : 0x0413A000SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\VBoxDrv.sys => Invisible on the diskADDRESS : 0x04160000SIZE : 268.0 Ko DRIVER : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the diskADDRESS : 0x041A3000SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the diskADDRESS : 0x04000000SIZE : 324.0 Ko DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the diskADDRESS : 0x04051000SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the diskADDRESS : 0x0405D000SIZE : 44.0 Ko DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the diskADDRESS : 0x04068000SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the diskADDRESS : 0x04284000SIZE : 524.0 Ko DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the diskADDRESS : 0x04307000SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the diskADDRESS : 0x04325000SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgldx64.sys => Invisible on the diskADDRESS : 0x04336000SIZE : 256.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidsdrivera.sys => Invisible on the diskADDRESS : 0x04376000SIZE : 288.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgdiska.sys => Invisible on the diskADDRESS : 0x043BE000SIZE : 164.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the diskADDRESS : 0x04200000SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the diskADDRESS : 0x0FE4E000SIZE : 12.36 Mo DRIVER : C:\Windows\System32\Drivers\nvBridge.kmd => Invisible on the diskADDRESS : 0x10AA9000SIZE : 8.0 Ko DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the diskADDRESS : 0x10AAB000SIZE : 976.0 Ko DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the diskADDRESS : 0x10B9F000SIZE : 280.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the diskADDRESS : 0x0FE00000SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the diskADDRESS : 0x0FE24000SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the diskADDRESS : 0x04226000SIZE : 344.0 Ko DRIVER : C:\Windows\system32\DRIVERS\asmtxhci.sys => Invisible on the diskADDRESS : 0x04467000SIZE : 424.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the diskADDRESS : 0x044D1000SIZE : 672.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the diskADDRESS : 0x04579000SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the diskADDRESS : 0x04585000SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the diskADDRESS : 0x045A3000SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\VMkbd.sys => Invisible on the diskADDRESS : 0x045B2000SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the diskADDRESS : 0x045BD000SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the diskADDRESS : 0x045CC000SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the diskADDRESS : 0x045D5000SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the diskADDRESS : 0x045EB000SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the diskADDRESS : 0x04400000SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the diskADDRESS : 0x04416000SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the diskADDRESS : 0x0443A000SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the diskADDRESS : 0x04077000SIZE : 188.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the diskADDRESS : 0x04446000SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the diskADDRESS : 0x041B7000SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the diskADDRESS : 0x10BE5000SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\VBoxNetAdp.sys => Invisible on the diskADDRESS : 0x041D8000SIZE : 160.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the diskADDRESS : 0x0FE35000SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\VBoxNetFlt.sys => Invisible on the diskADDRESS : 0x04893000SIZE : 172.0 Ko DRIVER : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the diskADDRESS : 0x048BE000SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the diskADDRESS : 0x048C0000SIZE : 268.0 Ko DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the diskADDRESS : 0x04903000SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vmnetadapter.sys => Invisible on the diskADDRESS : 0x04915000SIZE : 32.0 Ko DRIVER : C:\Windows\system32\DRIVERS\VMNET.SYS => Invisible on the diskADDRESS : 0x0491D000SIZE : 40.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the diskADDRESS : 0x04927000SIZE : 360.0 Ko DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the diskADDRESS : 0x04981000SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\nvhda64v.sys => Invisible on the diskADDRESS : 0x04996000SIZE : 164.0 Ko DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the diskADDRESS : 0x049BF000SIZE : 244.0 Ko DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the diskADDRESS : 0x04800000SIZE : 136.0 Ko DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the diskADDRESS : 0x04822000SIZE : 24.0 Ko DRIVER : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the diskADDRESS : 0x0585C000SIZE : 4.52 Mo DRIVER : C:\Windows\system32\DRIVERS\asmthub3.sys => Invisible on the diskADDRESS : 0x05CE1000SIZE : 148.0 Ko DRIVER : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the diskADDRESS : 0x05D06000SIZE : 216.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the diskADDRESS : 0x05D3C000SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the diskADDRESS : 0x05D57000SIZE : 8.0 Ko DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the diskADDRESS : 0x05D59000SIZE : 56.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the diskADDRESS : 0x05D67000SIZE : 48.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the diskADDRESS : 0x05D73000SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the diskADDRESS : 0x05D7E000SIZE : 76.0 Ko DRIVER : C:\Windows\System32\win32k.sys => Invisible on the diskADDRESS : 0x000E0000SIZE : 3.06 Mo DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the diskADDRESS : 0x05D91000SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the diskADDRESS : 0x05D9D000SIZE : 56.0 Ko DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the diskADDRESS : 0x00540000SIZE : 40.0 Ko DRIVER : C:\Windows\System32\cdd.dll => Invisible on the diskADDRESS : 0x00730000SIZE : 156.0 Ko DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the diskADDRESS : 0x05DAB000SIZE : 140.0 Ko DRIVER : C:\Windows\system32\drivers\mbam.sys => Invisible on the diskADDRESS : 0x05DCE000SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the diskADDRESS : 0x05DD8000SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vmnetbridge.sys => Invisible on the diskADDRESS : 0x05800000SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the diskADDRESS : 0x0580C000SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the diskADDRESS : 0x04828000SIZE : 332.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the diskADDRESS : 0x05821000SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the diskADDRESS : 0x05834000SIZE : 96.0 Ko DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the diskADDRESS : 0x046F7000SIZE : 800.0 Ko DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the diskADDRESS : 0x047BF000SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the diskADDRESS : 0x047DD000SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the diskADDRESS : 0x04600000SIZE : 176.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the diskADDRESS : 0x0462C000SIZE : 308.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the diskADDRESS : 0x04679000SIZE : 140.0 Ko DRIVER : C:\Windows\system32\drivers\hcmon.sys => Invisible on the diskADDRESS : 0x0469C000SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\vmci.sys => Invisible on the diskADDRESS : 0x046A8000SIZE : 80.0 Ko DRIVER : C:\Windows\system32\drivers\vmx86.sys => Invisible on the diskADDRESS : 0x05EB3000SIZE : 864.0 Ko DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the diskADDRESS : 0x05E00000SIZE : 664.0 Ko DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the diskADDRESS : 0x05EA6000SIZE : 44.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the diskADDRESS : 0x05F8B000SIZE : 180.0 Ko DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the diskADDRESS : 0x05FB8000SIZE : 72.0 Ko DRIVER : C:\Windows\system32\drivers\vmnetuserif.sys => Invisible on the diskADDRESS : 0x05FCA000SIZE : 40.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the diskADDRESS : 0x0689E000SIZE : 420.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the diskADDRESS : 0x06907000SIZE : 608.0 Ko DRIVER : C:\Windows\System32\drivers\rdpdr.sys => Invisible on the diskADDRESS : 0x0699F000SIZE : 184.0 Ko DRIVER : C:\Windows\system32\drivers\tdtcp.sys => Invisible on the diskADDRESS : 0x069CD000SIZE : 44.0 Ko DRIVER : C:\Windows\System32\DRIVERS\tssecsrv.sys => Invisible on the diskADDRESS : 0x069D8000SIZE : 60.0 Ko DRIVER : C:\Windows\System32\Drivers\RDPWD.SYS => Invisible on the diskADDRESS : 0x06800000SIZE : 224.0 Ko DRIVER : C:\Windows\system32\drivers\mwac.sys => Invisible on the diskADDRESS : 0x06838000SIZE : 72.0 Ko DRIVER : C:\Windows\system32\drivers\MBAMSwissArmy.sys => Invisible on the diskADDRESS : 0x0684A000SIZE : 140.0 Ko DRIVER : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the diskADDRESS : 0x08AE1000SIZE : 44.0 Ko DRIVER : C:\Windows\System32\smss.exe => Invisible on the diskADDRESS : 0x475B0000SIZE : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001B0 00 00 00 00 00 2C 44 63 31 81 5C 9C 00 00 80 01 .....,Dc1.\.....0x000001C0 01 00 07 FE FF FF 3F 00 00 00 E8 F6 DB 05 00 00 ...þ..?...èöÛ...0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª _______MBR \Device\Harddisk1\DR1 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001B0 00 00 00 00 00 2C 44 63 18 F9 E0 60 00 00 00 01 .....,Dc.ùà`....0x000001C0 01 00 07 FE FF FF 3F 00 00 00 EC ED E1 04 00 00 ...þ..?...ìíá...0x000001D0 C1 FF 07 FE FF FF 2B EE E1 04 96 86 FE E3 00 00 Á..þ..+îá...þã..0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª _______MBR \Device\Harddisk2\DR2 0x00000000 FC EB 47 80 42 6F 6F 74 69 74 20 45 4D 42 52 49 üëG.Bootit EMBRI0x00000010 20 32 2E 30 31 0D 0A 0A 00 43 6F 70 79 72 69 67 2.01....Copyrig0x00000020 68 74 20 28 63 29 20 31 39 39 36 2D 32 30 30 30 ht (c) 1996-20000x00000030 2C 20 32 30 30 35 20 54 65 72 61 42 79 74 65 20 , 2005 TeraByte 0x00000040 55 6E 6C 69 6D 69 74 65 64 2E 33 C0 BE 00 30 FA Unlimited.3À¾.0ú0x00000050 8E D6 89 C4 FB EA 5A 00 C0 07 0E 1F BE 04 00 E8 .Ö.ÄûêZ.À...¾..è0x00000060 BB 00 8E C0 8B F8 B4 08 8A 16 03 00 CD 13 72 1F »..À.ø´.....Í.r.0x00000070 80 E1 3F 88 0E 91 01 B4 02 A0 91 01 33 DB B9 01 .á?....´....3Û¹.0x00000080 00 33 D2 8A 16 03 00 68 E0 07 07 CD 13 73 05 BE .3Ò....hà..Í.s.¾0x00000090 38 01 EB 7C 06 1F 81 C3 00 02 8D 77 02 AD 3D 49 8.ë|...Ã...w.­=I0x000000A0 42 75 0A AD 3D 4D 20 75 04 81 C3 00 02 89 DE AD Bu.­=M u..Ã...Þ­0x000000B0 3D 45 4D 75 2A AD 3D 42 52 75 24 AC 24 E0 75 1A =EMu*­=BRu$¬$àu.0x000000C0 AC 2E 3A 06 91 01 77 0D AD 50 AD 3D 00 02 74 14 ¬.:...w.­P­=..t.0x000000D0 BE 38 01 EB 3B BE 68 01 EB 36 BE 5A 01 EB 31 BE ¾8.ë;¾h.ë6¾Z.ë1¾0x000000E0 76 01 EB 2C 58 24 3F C1 E0 09 01 C3 8B 07 3D 55 v.ë,X$?Áà..Ã..=U0x000000F0 AA 75 1A 89 DE 33 FF 68 00 20 07 B9 00 28 F3 A5 ªu..Þ3.h. .¹.(ó¥0x00000100 1E 07 2E 8A 2E 03 00 EA 03 00 00 20 CB BE 83 01 .......ê... ˾..0x00000110 0E 1F E8 08 00 BE 47 01 E8 02 00 EB FE 06 53 50 ..è..¾G.è..ëþ.SP0x00000120 56 57 AC 3C 00 74 0B BB 07 00 B4 0E 56 CD 10 5E VW¬<.t.»..´.VÍ.^0x00000130 EB F0 5F 5E 58 5B 07 C3 48 61 72 64 77 61 72 65 ëð_^X[.ÃHardware0x00000140 20 45 72 72 6F 72 00 07 20 2D 20 53 79 73 74 65 Error.. - Syste0x00000150 6D 20 48 61 6C 74 65 64 21 00 56 65 72 73 69 6F m Halted!.Versio0x00000160 6E 20 43 68 65 63 6B 00 53 50 54 20 3C 20 4D 69 n Check.SPT < Mi0x00000170 6E 69 6D 75 6D 00 45 4D 42 52 20 6D 69 73 73 69 nimum.EMBR missi0x00000180 6E 67 00 45 4D 42 52 4C 20 6D 69 73 73 69 6E 67 ng.EMBRL missing0x00000190 00 00 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E .. system.Missin0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x000001B0 65 6D 00 00 00 63 7B 9A A4 D9 24 4E 00 00 00 00 em...c{.¤Ù$N....0x000001C0 C1 FF 0C FE FF FF EE 6D 96 0D 74 BA CE 02 80 00 Á..þ..îm..tºÎ...0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª _______MBR \Device\Harddisk3\DR3 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001B0 00 00 00 00 00 2C 44 63 D7 B2 DD 03 00 00 00 20 .....,DcײÝ.... 0x000001C0 21 00 07 4E CD FF 00 08 00 00 00 80 E0 E8 00 00 !..NÍ.......àè..0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª _______MBR \Device\Harddisk4\DR4 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001B0 00 00 00 00 00 2C 44 63 96 AC 07 76 00 00 00 20 .....,Dc.¬.v... 0x000001C0 21 00 07 4E CD FF 00 08 00 00 00 80 E0 E8 00 00 !..NÍ.......àè..0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª _______MBR \Device\Harddisk5\DR5 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x000001B0 65 6D 00 00 00 63 7B 9A D4 71 E6 61 00 00 00 20 em...c{.Ôqæa... 0x000001C0 21 00 07 14 D3 FF 00 08 00 00 00 50 54 57 00 00 !...Ó......PTW..0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
  10. ohaya
    Hi, Your forum won't allow posting the 2nd, longer report from TDSSkiller because it is too long (583K)...
  11. ohaya
    TDSSkiller reported no theats found and produced 2 different .txt files: TDSSKiller.3.0.0.41_03.11.2014_08.57.21_log.txt 08:57:21.0427 0x0cf4 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:3408:57:35.0228 0x0cf4 ============================================================08:57:35.0228 0x0cf4 Current date / time: 2014/11/03 08:57:35.022808:57:35.0228 0x0cf4 SystemInfo:08:57:35.0228 0x0cf4 08:57:35.0228 0x0cf4 OS Version: 6.1.7600 ServicePack: 0.008:57:35.0228 0x0cf4 Product type: Workstation08:57:35.0228 0x0cf4 ComputerName: BIGBIGWINDOWS08:57:35.0228 0x0cf4 UserName: jl08:57:35.0228 0x0cf4 Windows directory: C:\Windows08:57:35.0228 0x0cf4 System windows directory: C:\Windows08:57:35.0228 0x0cf4 Running under WOW6408:57:35.0228 0x0cf4 Processor architecture: Intel x6408:57:35.0228 0x0cf4 Number of processors: 808:57:35.0228 0x0cf4 Page size: 0x100008:57:35.0228 0x0cf4 Boot type: Normal boot08:57:35.0228 0x0cf4 ============================================================08:57:35.0587 0x0cf4 KLMD registered as C:\Windows\system32\drivers\71415493.sys08:57:35.0681 0x0cf4 System UUID: {22F86B55-BBDB-9118-27E3-1DBFC76B0F0F}08:57:36.0011 0x0cf4 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 ( 59.63 Gb ), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:57:36.0011 0x0cf4 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:57:36.0276 0x0cf4 Drive \Device\Harddisk2\DR2 - Size: 0x22EF13E000 ( 139.74 Gb ), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:57:36.0276 0x0cf4 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:57:36.0495 0x0cf4 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:57:36.0495 0x0cf4 Drive \Device\Harddisk5\DR5 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'08:57:36.0838 0x0cf4 ============================================================08:57:36.0838 0x0cf4 \Device\Harddisk0\DR0:08:57:36.0838 0x0cf4 MBR partitions:08:57:36.0838 0x0cf4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5DBF6E808:57:36.0838 0x0cf4 \Device\Harddisk1\DR1:08:57:36.0838 0x0cf4 MBR partitions:08:57:36.0838 0x0cf4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC08:57:36.0838 0x0cf4 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0xE3FE869608:57:36.0838 0x0cf4 \Device\Harddisk2\DR2:08:57:36.0838 0x0cf4 MBR partitions:08:57:36.0838 0x0cf4 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0xD966DEE, BlocksNum 0x2CEBA7408:57:36.0838 0x0cf4 \Device\Harddisk3\DR3:08:57:36.0838 0x0cf4 MBR partitions:08:57:36.0838 0x0cf4 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0800008:57:36.0838 0x0cf4 \Device\Harddisk4\DR4:08:57:36.0838 0x0cf4 MBR partitions:08:57:36.0838 0x0cf4 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0800008:57:36.0838 0x0cf4 \Device\Harddisk5\DR5:08:57:36.0854 0x0cf4 MBR partitions:08:57:36.0854 0x0cf4 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5754500008:57:36.0854 0x0cf4 ============================================================08:57:36.0854 0x0cf4 C: <-> \Device\Harddisk0\DR0\Partition108:57:36.0885 0x0cf4 D: <-> \Device\Harddisk1\DR1\Partition108:57:36.0900 0x0cf4 E: <-> \Device\Harddisk2\DR2\Partition108:57:36.0916 0x0cf4 F: <-> \Device\Harddisk1\DR1\Partition208:57:36.0947 0x0cf4 H: <-> \Device\Harddisk3\DR3\Partition108:57:36.0978 0x0cf4 I: <-> \Device\Harddisk4\DR4\Partition108:57:36.0994 0x0cf4 J: <-> \Device\Harddisk5\DR5\Partition108:57:36.0994 0x0cf4 ============================================================08:57:36.0994 0x0cf4 Initialize success08:57:36.0994 0x0cf4 ============================================================08:58:12.0340 0x0d00 KLMD registered as C:\Windows\system32\drivers\38116396.sys08:58:13.0321 0x0d00 Deinitialize success
  12. ohaya
    Hi, This finding only showed up when I manually went and checked the MBAM setting for "Scan for rootkits", which is, I guess, disabled by default. I think that that location that MBAM is pointing to is my boot drive, and I use a boot manager named "Boot It NG" or "BING", which installs into the drive MBR. Is it possible that MBAM is detecting BING as a rootkit? Thanks, Jim
  13. ohaya
    I found another similar topic and downloaded the tool mentioned there. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014Ran by jl (administrator) on BIGBIGWINDOWS on 02-11-2014 21:31:11Running from E:\ZiptempLoaded Profile: jl (Available profiles: jl)Platform: Windows 7 Ultimate (X64) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Uwe Sieber) E:\BBar\bbar.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [96880 2010-11-19] (VMware, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)HKU\S-1-5-21-740700426-1271673420-2014238276-1000\...\MountPoints2: {23390de2-4ecd-11e2-9db1-806e6f6e6963} - G:\ZToolBar.exeStartup: C:\Users\jl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ButtonBar.lnkShortcutTarget: ButtonBar.lnk -> E:\BBar\bbar.exe (Uwe Sieber)Startup: C:\Users\jl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnkShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x123AD998C7DFCD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330352] (VMware, Inc.)Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330352] (VMware, Inc.)Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438384] (VMware, Inc.)Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438384] (VMware, Inc.)Tcpip\..\Interfaces\{36EEA929-329F-44B5-AEEB-41C76A5C146F}: [NameServer] 192.168.0.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M7ABFE918-E24F-4B4F-A3F8-F7BC957C285D&SearchSource=55&CUI=&UM=6&UP=SPFABC287B-B718-4E3A-9BE5-FA011F23DA99&SSPV=CHR StartupUrls: Default -> "about:blank"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Profile: C:\Users\jl\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-02]CHR Extension: (Google Wallet) - C:\Users\jl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-12-01] (VMware, Inc.)S2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 21:30 - 2014-11-02 21:31 - 00000000 ____D () C:\FRST2014-11-02 20:59 - 2014-11-02 21:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-02 20:59 - 2014-11-02 20:59 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-02 20:59 - 2014-11-02 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-02 20:59 - 2014-11-02 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-02 20:59 - 2014-11-02 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-02 20:59 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-02 20:59 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-02 20:59 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-11-02 20:39 - 2014-11-02 20:39 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB32014-11-02 20:20 - 2014-11-02 20:20 - 00000876 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk2014-11-02 20:20 - 2014-11-02 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID2014-11-02 20:20 - 2014-11-02 20:20 - 00000000 ____D () C:\Program Files\CPUID2014-11-02 20:19 - 2014-11-02 20:19 - 00000000 ___HD () C:\$AVG2014-11-02 20:19 - 2014-11-02 20:19 - 00000000 ____D () C:\Users\jl\AppData\Roaming\TuneUp Software2014-11-02 20:19 - 2014-11-02 20:19 - 00000000 ____D () C:\Users\jl\AppData\Roaming\AVG20152014-11-02 20:19 - 2014-11-02 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-11-02 20:19 - 2014-11-02 20:19 - 00000000 ____D () C:\ProgramData\AVG20152014-11-02 20:19 - 2014-11-02 20:19 - 00000000 ____D () C:\Program Files (x86)\AVG2014-11-02 20:18 - 2014-11-02 21:02 - 00000000 ____D () C:\Program Files (x86)\neurowise2014-11-02 20:17 - 2014-11-02 20:56 - 00000000 ____D () C:\ProgramData\MFAData2014-11-02 20:17 - 2014-11-02 20:22 - 00000000 ____D () C:\Users\jl\AppData\Local\Avg20152014-11-02 20:17 - 2014-11-02 20:17 - 00000000 ____D () C:\Users\jl\AppData\Local\MFAData2014-11-02 15:14 - 2014-11-02 15:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-11-02 15:14 - 2014-11-02 15:14 - 00000000 ____D () C:\ProgramData\Sun2014-11-02 15:14 - 2014-11-02 15:14 - 00000000 ____D () C:\ProgramData\Oracle2014-11-02 15:14 - 2014-11-02 15:14 - 00000000 ____D () C:\Program Files (x86)\Java2014-11-02 15:05 - 2014-11-02 15:05 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-11-02 15:05 - 2014-11-02 15:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-11-02 15:05 - 2014-11-02 15:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-11-02 15:05 - 2014-11-02 15:05 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-11-02 15:05 - 2014-11-02 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-10 15:14 - 2014-10-10 15:14 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys2014-10-07 21:43 - 2014-10-07 21:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys2014-10-05 21:41 - 2014-10-05 21:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 21:30 - 2009-07-13 23:45 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-02 21:30 - 2009-07-13 23:45 - 00014784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-02 21:28 - 2009-07-14 00:13 - 00782362 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-02 21:26 - 2012-12-21 16:14 - 00578719 _____ () C:\Windows\WindowsUpdate.log2014-11-02 21:23 - 2013-02-03 13:54 - 00000000 ____D () C:\ProgramData\NVIDIA2014-11-02 21:23 - 2012-12-21 17:42 - 00000000 ____D () C:\ProgramData\VMware2014-11-02 21:23 - 2012-12-21 17:36 - 00039462 _____ () C:\Windows\PFRO.log2014-11-02 21:23 - 2012-12-21 17:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-02 21:23 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-02 21:23 - 2009-07-13 23:51 - 00033766 _____ () C:\Windows\setupact.log2014-11-02 20:41 - 2012-12-21 17:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-02 20:39 - 2012-12-21 17:09 - 00029588 _____ () C:\Windows\DPINST.LOG2014-11-02 20:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources2014-11-02 15:26 - 2013-12-15 15:07 - 00000000 ____D () C:\Users\jl\.VirtualBox2014-11-02 15:05 - 2014-05-25 14:37 - 00000000 ____D () C:\Program Files\Java2014-11-02 14:36 - 2012-12-21 17:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-02 14:36 - 2012-12-21 17:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP:====================C:\Users\jl\AppData\Local\Temp\sfamcc00001.dllC:\Users\jl\AppData\Local\Temp\sfareca00001.dllC:\Users\jl\AppData\Local\Temp\sfextra.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-05-27 06:52 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014Ran by jl at 2014-11-02 21:31:26Running from E:\ZiptempBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)AVG 2015 (Version: 15.0.4189 - AVG Technologies) HiddenAVG 2015 (Version: 15.0.5557 - AVG Technologies) HiddenCPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenJava 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)NVIDIA 3D Vision Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.58 - NVIDIA Corporation)NVIDIA Graphics Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.2.19 - Client Connect LTD) <==== ATTENTIONSpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.5.15075 - VMware, Inc.)ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {613813BC-D483-40A5-9F9A-8A6893029A68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21] (Google Inc.)Task: {941E70C1-9303-4375-8A7E-B9AE42D8CD0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-19 23:17 - 2010-11-19 23:17 - 00970352 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll2010-11-19 23:18 - 2010-11-19 23:18 - 00068720 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll2007-11-29 22:39 - 2001-12-26 19:32 - 00003584 _____ () E:\BBar\BBar.dll2014-11-02 14:46 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-11-02 14:46 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-11-02 14:46 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-11-02 14:46 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-740700426-1271673420-2014238276-500 - Administrator - Disabled)Guest (S-1-5-21-740700426-1271673420-2014238276-501 - Limited - Disabled)jl (S-1-5-21-740700426-1271673420-2014238276-1000 - Administrator - Enabled) => C:\Users\jl__vmware_user__ (S-1-5-21-740700426-1271673420-2014238276-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/02/2014 08:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69eFaulting module name: kernel32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdeException code: 0xc0000005Fault offset: 0x00011349Faulting process id: 0x17d0Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/02/2014 08:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e0c Start Time: 01cff70471a1daa4 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: bd636228-62f7-11e4-b538-005056c00008 Error: (11/02/2014 08:19:05 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2015; Error = 0x80070422). Error: (11/02/2014 08:19:04 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2015; Error = 0x80070422). Error: (11/02/2014 08:19:03 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2015; Error = 0x80070422). Error: (11/02/2014 08:19:03 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed AVG 2015; Error = 0x80070422). Error: (11/02/2014 03:05:47 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java 7 Update 55 (64-bit); Error = 0x80070422). Error: (11/02/2014 03:05:40 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java 7 Update 55 (64-bit); Error = 0x80070422). Error: (11/02/2014 03:05:40 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java 7 Update 55 (64-bit); Error = 0x80070422). Error: (11/02/2014 03:05:39 PM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Java 7 Update 72 (64-bit); Error = 0x80070422). System errors:=============Error: (11/02/2014 09:23:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Orbiter service terminated with the following error: %%126 Error: (11/02/2014 09:14:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: pcmcia Error: (11/02/2014 09:14:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Orbiter service terminated with the following error: %%126 Error: (11/02/2014 09:10:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: pcmcia Error: (11/02/2014 09:10:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Orbiter service terminated with the following error: %%126 Error: (11/02/2014 09:03:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Orbiter service terminated with the following error: %%126 Error: (11/02/2014 08:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Update neurowise service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (11/02/2014 08:24:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Orbiter service terminated unexpectedly. It has done this 1 time(s). Error: (11/02/2014 08:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Search Protect Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/25/2014 02:23:03 PM) (Source: TermDD) (EventID: 56) (User: )Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.Client IP: 192.168.0.9. Microsoft Office Sessions:=========================Error: (11/02/2014 08:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe8.0.7600.163854a5bc69ekernel32.dll6.1.7600.163854a5bdbdec00000050001134917d001cff704fa626655C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\kernel32.dll3f487e6b-62f8-11e4-b538-005056c00008 Error: (11/02/2014 08:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: iexplore.exe8.0.7600.16385e0c01cff70471a1daa40C:\Program Files (x86)\Internet Explorer\iexplore.exebd636228-62f7-11e4-b538-005056c00008 Error: (11/02/2014 08:19:05 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x80070422 Error: (11/02/2014 08:19:04 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x80070422 Error: (11/02/2014 08:19:03 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x80070422 Error: (11/02/2014 08:19:03 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x80070422 Error: (11/02/2014 03:05:47 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VRemoved Java 7 Update 55 (64-bit)0x80070422 Error: (11/02/2014 03:05:40 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VRemoved Java 7 Update 55 (64-bit)0x80070422 Error: (11/02/2014 03:05:40 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VRemoved Java 7 Update 55 (64-bit)0x80070422 Error: (11/02/2014 03:05:39 PM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\Windows\system32\msiexec.exe /VInstalled Java 7 Update 72 (64-bit)0x80070422 CodeIntegrity Errors:=================================== Date: 2014-05-27 08:09:22.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-27 07:54:11.495 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-26 11:54:39.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-26 10:24:40.749 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-26 10:10:55.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-26 09:53:09.170 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 15:58:22.569 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-05-25 15:22:36.249 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-02-25 02:16:19.411 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2014-02-24 09:07:25.361 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-3820 CPU @ 3.60GHzPercentage of memory in use: 7%Total physical RAM: 49095.51 MBAvailable physical RAM: 45592.74 MBTotal Pagefile: 85093.66 MBAvailable Pagefile: 81399.51 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:46.87 GB) (Free:33.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (SWAP_ON-SG) (Fixed) (Total:39.06 GB) (Free:3.81 GB) NTFSDrive e: (RAPTORDATA) (Fixed) (Total:22.45 GB) (Free:4.9 GB) FAT32Drive f: (GUESTS3) (Fixed) (Total:1823.95 GB) (Free:1182.99 GB) NTFSDrive h: (SG3-2TBYTE) (Fixed) (Total:1863.02 GB) (Free:1725.98 GB) NTFSDrive i: (SG2-1BYTE) (Fixed) (Total:1863.02 GB) (Free:1734.59 GB) NTFSDrive j: (SG750) (Fixed) (Total:698.63 GB) (Free:223.9 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 59.6 GB) (Disk ID: 9C5C8131)Partition 1: (Active) - (Size=46.9 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 60E0F918)Partition 1: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=1824 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 139.7 GB) (Disk ID: 4E24D9A4)Partition 1: (Not Active) - (Size=22.5 GB) - (Type=0C)Partition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit. ========================================================Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 03DDB2D7)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ========================================================Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 7607AC96)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ========================================================Disk: 5 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 61E671D4)Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  14. ohaya
    Hi, When I run MBAM, it is detecting Unknown.rootkit.VBR (physical sector #0 on volume #2). I let MBAM quarantine it, then reboot, but when I re-run MBAM it is detecting the same thing. How can I eliminate this? Thanks, Jim
  15. ohaya
    Hi, FYI, I just downloaded 2014.07.09.03 and the popups stopped. I had the popups when I was on 2014.07.09.02.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.