Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Problems


  • This topic is locked This topic is locked
14 replies to this topic

#1 weijiex3

weijiex3

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 11:35 AM

Mod Edit: Split from http://www.bleepingcomputer.com/forums/topic452203.html - Hamluis.


Can anyone help me on this? I did the steps.


Farbar Service Scanner Version: 06-08-2012
Ran by User (administrator) on 10-08-2012 at 00:30:19
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-07-17 03:14] - [2011-12-28 11:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-07-17 03:08] - [2012-03-30 19:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 08:09] - [2009-07-14 09:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 07:36] - [2009-07-14 09:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-07-17 03:13] - [2012-04-24 13:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



MiniToolBox by Farbar Version: 23-07-2012
Ran by User (administrator) on 10-08-2012 at 00:34:56
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Network
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2012 11:59:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (08/09/2012 01:36:05 PM) (Source: Chrome) (User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\7bea25eb-b5cc-472a-bc57-ba8a24d56a52.dmp

Error: (08/09/2012 01:35:22 PM) (Source: Chrome) (User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\a42ec5dc-0857-40a0-a33c-4850ca459628.dmp

Error: (08/08/2012 00:30:43 PM) (Source: Application Hang) (User: )
Description: The program MeowMS.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 698

Start Time: 01cd751e8c6dfdcd

Termination Time: 13

Application Path: C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exe

Report Id: ce69421c-e111-11e1-8ebc-8c89a5c1d452

Error: (08/07/2012 03:41:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Faulting module name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Exception code: 0xc0000005
Fault offset: 0x008099a6
Faulting process id: 0x131c
Faulting application start time: 0xMeowMS.exe0
Faulting application path: MeowMS.exe1
Faulting module path: MeowMS.exe2
Report Id: MeowMS.exe3

Error: (08/04/2012 04:42:39 PM) (Source: Chrome) (User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\4a3b5f33-ce22-4cf7-8036-89c699e70453.dmp

Error: (08/04/2012 00:10:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (08/02/2012 02:50:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Faulting module name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Exception code: 0x40000015
Fault offset: 0x0089a904
Faulting process id: 0x21e0
Faulting application start time: 0xMeowMS.exe0
Faulting application path: MeowMS.exe1
Faulting module path: MeowMS.exe2
Report Id: MeowMS.exe3

Error: (08/02/2012 02:47:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Faulting module name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Exception code: 0x40000015
Fault offset: 0x0089a904
Faulting process id: 0x1418
Faulting application start time: 0xMeowMS.exe0
Faulting application path: MeowMS.exe1
Faulting module path: MeowMS.exe2
Report Id: MeowMS.exe3

Error: (08/02/2012 01:09:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.


System errors:
=============
Error: (08/10/2012 00:33:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:33:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:33:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:28:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:28:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:28:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:26:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:26:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:26:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 00:26:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/09/2012 11:59:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe

Error: (08/09/2012 01:36:05 PM) (Source: Chrome)(User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\7bea25eb-b5cc-472a-bc57-ba8a24d56a52.dmp

Error: (08/09/2012 01:35:22 PM) (Source: Chrome)(User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\a42ec5dc-0857-40a0-a33c-4850ca459628.dmp

Error: (08/08/2012 00:30:43 PM) (Source: Application Hang)(User: )
Description: MeowMS.exe1.0.0.169801cd751e8c6dfdcd13C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exece69421c-e111-11e1-8ebc-8c89a5c1d452

Error: (08/07/2012 03:41:21 PM) (Source: Application Error)(User: )
Description: MeowMS.exe1.0.0.14fbf758fMeowMS.exe1.0.0.14fbf758fc0000005008099a6131c01cd7465df594b96C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exeC:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exe47d830a7-e063-11e1-8ebc-8c89a5c1d452

Error: (08/04/2012 04:42:39 PM) (Source: Chrome)(User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\4a3b5f33-ce22-4cf7-8036-89c699e70453.dmp

Error: (08/04/2012 00:10:05 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe

Error: (08/02/2012 02:50:02 PM) (Source: Application Error)(User: )
Description: MeowMS.exe1.0.0.14fbf758fMeowMS.exe1.0.0.14fbf758f400000150089a90421e001cd707ad3601431C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exeC:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exe485a4aa7-dc6e-11e1-8a1e-8c89a5c1d452

Error: (08/02/2012 02:47:16 PM) (Source: Application Error)(User: )
Description: MeowMS.exe1.0.0.14fbf758fMeowMS.exe1.0.0.14fbf758f400000150089a904141801cd707793920f28C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exeC:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exee5994dfb-dc6d-11e1-8a1e-8c89a5c1d452

Error: (08/02/2012 01:09:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe


**** End of log ****

i cant get into windows and i cant go services and start cause its not available in safe mode.

Edited by hamluis, 09 August 2012 - 01:15 PM.
PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 04:04 PM

Welcome aboard Posted Image

How did you actually create the above log if you can't get to Windows?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 weijiex3

weijiex3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 06:55 PM

Sorry for not specifying clearly, i was able to get into safe mode networking. But not the "actual windows" as in not the safe mode.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 07:09 PM

Stay in safe mode with networking for now...

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 weijiex3

weijiex3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 07:31 PM

From Security Check -


Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
JavaFX 2.1.1 SDK
Java™ 6 Update 33
Java™ 7 Update 5
Java™ SE Development Kit 6 Update 33
Java SE Development Kit 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


From MiniToolBox -

MiniToolBox by Farbar Version: 23-07-2012
Ran by User (administrator) on 10-08-2012 at 08:15:27
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Network
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : WJWorkstation-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 8C-89-A5-C1-D4-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e03f:5ca6:4342:289%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 10 August, 2012 8:07:02 AM
Lease Expires . . . . . . . . . . : Friday, 10 August, 2012 12:07:02 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 244091301
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-95-88-43-8C-89-A5-C1-D4-52
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-C9-BE-3A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5c9:be3a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2d2b:e5f8:7cf9:b6ef%16(Preferred)
IPv4 Address. . . . . . . . . . . : 5.201.190.58(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Friday, 10 August, 2012 8:07:02 AM
Lease Expires . . . . . . . . . . : Saturday, 10 August, 2013 8:09:09 AM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 360348071
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-95-88-43-8C-89-A5-C1-D4-52
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3BBDFEE2-CB5D-42A9-95EC-28DFB3E3C94F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: gateway.gateway.2wire.net
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 2404:6800:4003:802::1004


Pinging google.com [173.194.38.142] with 32 bytes of data:
Reply from 173.194.38.142: bytes=32 time=3ms TTL=53
Reply from 173.194.38.142: bytes=32 time=3ms TTL=53

Ping statistics for 173.194.38.142:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms
Server: gateway.gateway.2wire.net
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
209.191.122.70
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=309ms TTL=45
Reply from 98.139.183.24: bytes=32 time=362ms TTL=42

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 309ms, Maximum = 362ms, Average = 335ms
Server: gateway.gateway.2wire.net
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...8c 89 a5 c1 d4 52 ......Realtek PCIe GBE Family Controller
16...7a 79 05 c9 be 3a ......Hamachi Network Interface
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.201.190.58 9256
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
5.0.0.0 255.0.0.0 On-link 5.201.190.58 9256
5.201.190.58 255.255.255.255 On-link 5.201.190.58 9256
5.255.255.255 255.255.255.255 On-link 5.201.190.58 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 5.201.190.58 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 5.201.190.58 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::5c9:be3a/128 On-link
11 276 fe80::/64 On-link
16 276 fe80::/64 On-link
16 276 fe80::2d2b:e5f8:7cf9:b6ef/128
On-link
11 276 fe80::e03f:5ca6:4342:289/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/10/2012 02:12:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (08/10/2012 01:13:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (08/09/2012 11:59:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (08/09/2012 01:36:05 PM) (Source: Chrome) (User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\7bea25eb-b5cc-472a-bc57-ba8a24d56a52.dmp

Error: (08/09/2012 01:35:22 PM) (Source: Chrome) (User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\a42ec5dc-0857-40a0-a33c-4850ca459628.dmp

Error: (08/08/2012 00:30:43 PM) (Source: Application Hang) (User: )
Description: The program MeowMS.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 698

Start Time: 01cd751e8c6dfdcd

Termination Time: 13

Application Path: C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exe

Report Id: ce69421c-e111-11e1-8ebc-8c89a5c1d452

Error: (08/07/2012 03:41:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Faulting module name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Exception code: 0xc0000005
Fault offset: 0x008099a6
Faulting process id: 0x131c
Faulting application start time: 0xMeowMS.exe0
Faulting application path: MeowMS.exe1
Faulting module path: MeowMS.exe2
Report Id: MeowMS.exe3

Error: (08/04/2012 04:42:39 PM) (Source: Chrome) (User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\4a3b5f33-ce22-4cf7-8036-89c699e70453.dmp

Error: (08/04/2012 00:10:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (08/02/2012 02:50:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Faulting module name: MeowMS.exe, version: 1.0.0.1, time stamp: 0x4fbf758f
Exception code: 0x40000015
Fault offset: 0x0089a904
Faulting process id: 0x21e0
Faulting application start time: 0xMeowMS.exe0
Faulting application path: MeowMS.exe1
Faulting module path: MeowMS.exe2
Report Id: MeowMS.exe3


System errors:
=============
Error: (08/10/2012 08:14:42 AM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (08/10/2012 08:14:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:14:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:14:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:09:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:09:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:09:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:09:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:09:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/10/2012 08:09:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/10/2012 02:12:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe

Error: (08/10/2012 01:13:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe

Error: (08/09/2012 11:59:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe

Error: (08/09/2012 01:36:05 PM) (Source: Chrome)(User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\7bea25eb-b5cc-472a-bc57-ba8a24d56a52.dmp

Error: (08/09/2012 01:35:22 PM) (Source: Chrome)(User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\a42ec5dc-0857-40a0-a33c-4850ca459628.dmp

Error: (08/08/2012 00:30:43 PM) (Source: Application Hang)(User: )
Description: MeowMS.exe1.0.0.169801cd751e8c6dfdcd13C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exece69421c-e111-11e1-8ebc-8c89a5c1d452

Error: (08/07/2012 03:41:21 PM) (Source: Application Error)(User: )
Description: MeowMS.exe1.0.0.14fbf758fMeowMS.exe1.0.0.14fbf758fc0000005008099a6131c01cd7465df594b96C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exeC:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exe47d830a7-e063-11e1-8ebc-8c89a5c1d452

Error: (08/04/2012 04:42:39 PM) (Source: Chrome)(User: WJWORKSTATION-P)WJWORKSTATION-P
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\User\AppData\Local\Google\CrashReports\4a3b5f33-ce22-4cf7-8036-89c699e70453.dmp

Error: (08/04/2012 00:10:05 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Users\User\Desktop\GMS v111\SoftonicDownloader_for_hamachi.exe

Error: (08/02/2012 02:50:02 PM) (Source: Application Error)(User: )
Description: MeowMS.exe1.0.0.14fbf758fMeowMS.exe1.0.0.14fbf758f400000150089a90421e001cd707ad3601431C:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exeC:\Users\User\Desktop\GMS v111\GMS v111\MapleStory\MeowMS.exe485a4aa7-dc6e-11e1-8a1e-8c89a5c1d452


=========================== Installed Programs ============================

????? (Version: 1.0)
????? (Version: 2.2.2)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AVG Security Toolbar (Version: 12.1.0.20)
Babylon toolbar on IE
Bing Bar (Version: 7.0.619.0)
BitLord 2.1 (Version: 2.1.1-91)
BitLord Security Bar Toolbar (Version: 6.8.9.0)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.31.1038.0)
ChatZum Toolbar (Version: 1.0.14)
ControlCenter (Version: 2.2.073)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dota 2
erLT (Version: 1.20.138.34)
Garena Plus (Version: 2011)
GlassFish Server Open Source Edition 3.1.2.2
GOM Player (Version: 2.1.43.5119)
Google Chrome (Version: 21.0.1180.60)
Intel® Management Engine Components (Version: 8.0.0.1351)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.1.209)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Internet Download Manager
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java SE Development Kit 7 Update 5 (Version: 1.7.0.50)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 5 (Version: 7.0.50)
Java™ SE Development Kit 6 Update 33 (Version: 1.6.0.330)
JavaFX 2.1.1 (Version: 2.1.1)
JavaFX 2.1.1 SDK (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LG Burning Tool (Version: 6.2.5218a)
LG CyberLink Media Suite (Version: 8.0.2808)
LG CyberLink PowerBackup (Version: 2.5.6023)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 2.31)
LogMeIn Hamachi (Version: 2.1.0.210)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
MapleStory
McAfee Security Scan Plus (Version: 3.0.207.4)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSI Afterburner 2.1.0 (Version: 2.1.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MySQL Query Browser 1.1 (Version: 1.1.20)
NetBeans IDE 7.2 (Version: 7.2)
Nexon Game Manager
No-IP DUC (Version: 3.0.4)
Norton Internet Security (Version: 19.7.1.5)
Notepad++ (Version: 6.1.2)
NVIDIA 3D Vision Controller Driver 296.16 (Version: 296.16)
NVIDIA 3D Vision Driver 296.39 (Version: 296.39)
NVIDIA Control Panel 296.39 (Version: 296.39)
NVIDIA Graphics Driver 296.39 (Version: 296.39)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9639)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
Optical Disc Doctor
PCOPT 5.2
PremiumSoft Navicat 10.1 for MySQL
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6526)
RegCure (Version: 3.0.2.0)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
TeamViewer 7 (Version: 7.0.13989)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.3 (Version: 2.0.3)
WampServer 2.2
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Yontoo 1.10.02 (Version: 1.10.02)
YourFileDownloader (Version: 1.0.1)

========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 8145.57 MB
Available physical RAM: 6923.84 MB
Total Pagefile: 16289.28 MB
Available Pagefile: 14989.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.7 MB

========================= Partitions: =====================================

1 Drive c: (Weijie's Rubbish Bin) (Fixed) (Total:931.42 GB) (Free:840.3 GB) NTFS
2 Drive d: (Weijie's Garbage Tray) (Fixed) (Total:931.5 GB) (Free:931.38 GB) NTFS
3 Drive e: (Weijie's Precious DIsk.) (Fixed) (Total:119.24 GB) (Free:119.15 GB) NTFS

========================= Users: ========================================

User accounts for \\WJWORKSTATION-P

Administrator Guest UpdatusUser
User


**** End of log ****


For ASWMBR.txt -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 08:22:00
-----------------------------
08:22:00.615 OS Version: Windows x64 6.1.7600
08:22:00.615 Number of processors: 4 586 0x3A09
08:22:00.615 ComputerName: WJWORKSTATION-P UserName: User
08:22:01.844 Initialize success
08:26:43.669 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:26:43.669 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
08:26:43.669 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
08:26:43.669 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
08:26:43.669 Disk 1 MBR read successfully
08:26:43.669 Disk 1 MBR scan
08:26:43.669 Disk 1 Windows 7 default MBR code
08:26:43.684 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:26:43.684 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
08:26:43.700 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
08:26:43.731 Disk 1 scanning C:\Windows\system32\drivers
08:26:47.012 Service scanning
08:26:52.136 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
08:26:52.853 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
08:26:59.633 Modules scanning
08:26:59.633 Disk 1 trace - called modules:
08:26:59.644 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:26:59.644 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076a7060]
08:26:59.644 3 CLASSPNP.SYS[fffff88001ab843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800767b680]
08:26:59.644 Scan finished successfully
08:27:32.589 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
08:27:32.589 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


For Malware SCAN -

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.01

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
User :: WJWORKSTATION-P [administrator]

Protection: Disabled

10/8/2012 8:28:14 AM
mbam-log-2012-08-10 (08-30-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213641
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 70
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> No action taken.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> No action taken.
HKCR\25F34715-C28B-C193-A8D5-C59A32767CA4.Addr.1 (PUP.Funshion) -> No action taken.
HKCR\25F34715-C28B-C193-A8D5-C59A32767CA4.Addr (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03} (Adware.BDSearch) -> No action taken.
HKCR\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172} (Adware.BDSearch) -> No action taken.
HKCR\Interface\{2923508C-9425-4A61-B9CE-A98239055916} (Adware.BDSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX (Adware.BDSearch) -> No action taken.
HKCR\BarBroker.BDBroker.1 (Adware.BDSearch) -> No action taken.
HKCR\BarBroker.BDBroker (Adware.BDSearch) -> No action taken.
HKCR\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
HKCR\CLSID\{23A2B2B7-21DE-4B88-AFBA-5A918ABBF463} (Trojan.Cinmus) -> No action taken.
HKCR\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6} (Trojan.Cinmus) -> No action taken.
HKCR\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC} (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBarX.BDLogin.1 (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBarX.BDLogin (Trojan.Cinmus) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23A2B2B7-21DE-4B88-AFBA-5A918ABBF463} (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBarX.BandIE.1 (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBarX.BandIE (Trojan.Cinmus) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCR\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBar.Tool.1 (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBar.Tool (Trojan.Cinmus) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> No action taken.
HKCR\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBarX.ToolBand.1 (Trojan.Cinmus) -> No action taken.
HKCR\BaiduBarX.ToolBand (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> No action taken.
HKCR\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.5 (Adware.BDSearch) -> No action taken.
HKCR\BaiduBarEx.BDHomePage (Adware.BDSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> No action taken.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
HKCR\BaiduBar.Tool (PUP.Baidu) -> No action taken.
HKCR\BaiduBar.Tool.1 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.1 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> No action taken.
HKCR\BaiduBarEx.BDHomePage.5 (PUP.Baidu) -> No action taken.
HKLM\SOFTWARE\Baidu (PUP.Baidu) -> No action taken.
HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> No action taken.
HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> No action taken.
HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> No action taken.
HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: 12 -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 19
C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\skin (PUP.Funshion) -> No action taken.
C:\Users\User\funshion (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\Baiduflash (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\Cacheflash (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flash (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashStamp (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\popwind (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\control (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\historyTorrent (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\ini (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\Seed (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\Shortcut (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update (PUP.Funshion) -> No action taken.

Files Detected: 55
C:\Program Files (x86)\Baidu\{25F34715-C28B-C193-A8D5-C59A32767CA4}\AddressBar.dll (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Baidu\Toolbar\BarBroker.exe (Adware.BDSearch) -> No action taken.
C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (Trojan.Cinmus) -> No action taken.
C:\Program Files (x86)\Baidu\{25F34715-C28B-C193-A8D5-C59A32767CA4}\ASBarBroker.exe (PUP.Funshion) -> No action taken.
C:\Users\User\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Funshion) -> No action taken.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> No action taken.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> No action taken.
C:\Users\User\FunShion.ini (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.log (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default.fskin (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family.fskin (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Popular.fskin (PUP.Funshion) -> No action taken.
C:\Program Files (x86)\Funshion Online\Funshion\skin\small.fskin (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flash\B0553E07_BC99_DCE3_5689_BA5484C2B68F.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\0A8850AC_66B3_FBE2_4546_1D68730B65E2.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\16C0BB73_D44F_2246_F085_4BEE5D17A4E1.flv (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\245F2C16_4494_50D6_6FA4_D6A406B3C87F.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\2B33C3A0_FF80_48AF_3220_DDDA2D3747AA.date1343393571.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\2B93547D_1CE7_0F4B_BF65_23634988ACA4.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\37BD1CF3_5EB7_C421_EF6F_B4C037A5590E.date1343393571.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\39262C52_1F96_D2C5_B92C_1C69289C9C8A.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\3EAE6C6C_C847_EBE7_E4D4_D119BE84E342.date1343393571.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\485A45BA_2E55_9471_177C_B65F143D80E3.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\5A140FB4_16F3_B60D_52D5_36AE3E2373C3.date1343461311.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\60E10815_8981_DE96_7D70_E7C0651FF9F8.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\75039C35_3A4A_B7A9_BA43_97E28059D1BE.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\7CA1705A_2368_D625_26A4_57AFC351993F.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\844A9533_7152_5114_F20F_25F5CD355277.date1343393571.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\8CC9F8AE_7199_D4CA_9A33_025962CD229C.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\A321EB56_D06B_27D0_0617_FEB54BD39671.flv (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\AF496056_0431_2F86_0270_8347863AFE59.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\BB702686_5C8D_6D03_347A_ACFE477136CA.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\CC22A7EA_DA17_D778_01CD_16E28964DE74.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\D8DC8FA0_4BCD_94BE_8474_F1E27C71191C.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\flashNew\F3122240_A867_31F5_AF40_3AC1E7DB0FCC.date1343393571.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\cache\popwind\14EFBA34_7AAA_F0A3_7B12_1F20812B9146.swf (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\ad_define.fai (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\ad_define.fai.bak (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\ad_material.fax (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\flashParam.txt (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\flashParam.txt.bak (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\Funshion Game.lnk (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\popwind.json (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> No action taken.
C:\Users\User\funshion\update\updatexmlfile.txt (PUP.Funshion) -> No action taken.

(end)



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 07:36 PM

Your MBAM log says "No action taken".
Re-run it, FIX ALL issues and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 weijiex3

weijiex3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 07:43 PM

MBAM LOG - Removed everything

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.01

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
User :: WJWORKSTATION-P [administrator]

Protection: Disabled

10/8/2012 8:39:17 AM
mbam-log-2012-08-10 (08-39-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213454
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 70
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\25F34715-C28B-C193-A8D5-C59A32767CA4.Addr.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\25F34715-C28B-C193-A8D5-C59A32767CA4.Addr (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{25F34715-C28B-C193-A8D5-C59A32767CA4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2923508C-9425-4A61-B9CE-A98239055916} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BarBroker.BDBroker.1 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BarBroker.BDBroker (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\CLSID\{23A2B2B7-21DE-4B88-AFBA-5A918ABBF463} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarX.BDLogin.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarX.BDLogin (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23A2B2B7-21DE-4B88-AFBA-5A918ABBF463} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarX.BandIE.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarX.BandIE (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBar.Tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBar.Tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarX.ToolBand.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\BaiduBarX.ToolBand (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.5 (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\BaiduBar.Tool (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBar.Tool.1 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.1 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.5 (PUP.Baidu) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Baidu (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: 12 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 19
C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 55
C:\Program Files (x86)\Baidu\{25F34715-C28B-C193-A8D5-C59A32767CA4}\AddressBar.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Baidu\Toolbar\BarBroker.exe (Adware.BDSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Baidu\{25F34715-C28B-C193-A8D5-C59A32767CA4}\ASBarBroker.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.log (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Popular.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\small.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flash\B0553E07_BC99_DCE3_5689_BA5484C2B68F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\0A8850AC_66B3_FBE2_4546_1D68730B65E2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\16C0BB73_D44F_2246_F085_4BEE5D17A4E1.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\245F2C16_4494_50D6_6FA4_D6A406B3C87F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\2B33C3A0_FF80_48AF_3220_DDDA2D3747AA.date1343393571.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\2B93547D_1CE7_0F4B_BF65_23634988ACA4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\37BD1CF3_5EB7_C421_EF6F_B4C037A5590E.date1343393571.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\39262C52_1F96_D2C5_B92C_1C69289C9C8A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\3EAE6C6C_C847_EBE7_E4D4_D119BE84E342.date1343393571.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\485A45BA_2E55_9471_177C_B65F143D80E3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\5A140FB4_16F3_B60D_52D5_36AE3E2373C3.date1343461311.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\60E10815_8981_DE96_7D70_E7C0651FF9F8.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\75039C35_3A4A_B7A9_BA43_97E28059D1BE.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\7CA1705A_2368_D625_26A4_57AFC351993F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\844A9533_7152_5114_F20F_25F5CD355277.date1343393571.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\8CC9F8AE_7199_D4CA_9A33_025962CD229C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\A321EB56_D06B_27D0_0617_FEB54BD39671.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\AF496056_0431_2F86_0270_8347863AFE59.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\BB702686_5C8D_6D03_347A_ACFE477136CA.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\CC22A7EA_DA17_D778_01CD_16E28964DE74.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\D8DC8FA0_4BCD_94BE_8474_F1E27C71191C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\flashNew\F3122240_A867_31F5_AF40_3AC1E7DB0FCC.date1343393571.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\cache\popwind\14EFBA34_7AAA_F0A3_7B12_1F20812B9146.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\User\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

(end)



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 07:51 PM

Try to boot normally.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 weijiex3

weijiex3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 07:55 PM

The same thing happens, when i boot it up, it will show the "Starting Windows" page. After that the picture of windows somehow fades away and restarts.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 07:56 PM

Go back to safe mode with networking.

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 weijiex3

weijiex3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 08:04 PM

The first one was able to run successfully -

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/10/2012 08:57:31 AM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\User\Desktop\rkill-backup\rkill-08-10-2012-08-57-32.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/10/2012 08:57:45 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


ASWMBR -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:01:47
-----------------------------
09:01:47.814 OS Version: Windows x64 6.1.7600
09:01:47.814 Number of processors: 4 586 0x3A09
09:01:47.814 ComputerName: WJWORKSTATION-P UserName: User
09:01:49.233 Initialize success
09:03:40.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:03:40.461 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
09:03:40.461 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:03:40.461 Disk 1 Vendor: Hitachi_HDS723020BLA642 MN6OA800 Size: 1907729MB BusType: 11
09:03:40.508 Disk 1 MBR read successfully
09:03:40.508 Disk 1 MBR scan
09:03:40.508 Disk 1 Windows 7 default MBR code
09:03:40.523 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:03:40.586 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953769 MB offset 206848
09:03:40.710 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 953858 MB offset 1953525760
09:03:40.742 Disk 1 scanning C:\Windows\system32\drivers
09:03:43.815 Service scanning
09:03:49.556 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
09:03:50.336 Service NTIOLib_1_0_C F:\NTIOLib_X64.sys **LOCKED** 21
09:03:55.328 Modules scanning
09:03:55.328 Disk 1 trace - called modules:
09:03:55.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:03:55.343 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80076ad060]
09:03:55.343 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007681680]
09:03:55.359 Scan finished successfully
09:04:05.878 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:04:05.881 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 08:16 PM

I don't see much there.
Possibly we have to use more advanced tools.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 weijiex3

weijiex3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 August 2012 - 08:37 PM

Have done the steps and posted! Thanks for helping me out Broni!
http://www.bleepingcomputer.com/forums/topic464584.html

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:59 PM

Posted 09 August 2012 - 08:44 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,903 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:59 AM

Posted 10 August 2012 - 06:31 AM

Hello,

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users