Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus survivesreformat, mbr virus? other?


  • This topic is locked This topic is locked
17 replies to this topic

#1 jhp11b

jhp11b

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 11 February 2013 - 01:28 PM

From a fresh install of windows 8, after running clean all from diskpart and reinstalling OS from disk virus is present.  Before ever connecting to the internet, installing anything, or connecting any devices other then keyboard mouse and monitor. 5 + users exist within registry, admin privileges set to be managed remotely, tons of sketch permissions for "trusted installer" and "authenticated user" on everything while lacking permission for my individual user account.  If I don't pretty much immediately go into safe mode to connect to the internet from fresh install, windows will soon after start crashing endlessly and restarting automatically without any warning or error log updates.  PLZ help tried to much on my own probably already, these logs are from fresh install followed by boot into safe mode with networking.  Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16384
Run by goregasm at 13:07:19 on 2013-02-11
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.16365.14861 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{573079D5-78E7-4450-8EC0-2EF8C9175E5A} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
.
=============== Created Last 30 ================
.
2013-02-11 20:22:15 -------- d-----r- C:\Users\goregasm\Searches
2013-02-11 20:22:15 -------- d-----r- C:\Users\goregasm\Contacts
.
==================== Find3M  ====================
.
.
============= FINISH: 13:07:24.72 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:31 PM

Posted 15 February 2013 - 05:01 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 15 February 2013 - 09:35 PM

Thanks for your help.  To clarify, I had been having this problem with a ssd 120 gig  and a hhd 2 tb before I tried to no avail running a new hd I had.  I was planning on sending computer back to manufacturer for repair thinking some of this is hardware, so I put back in the original hard drives it shipped with.  I was still having the same problem though, I'm not sure if you want me to rerun the initial scan I posted for this drive.  I however ran the scan you requested results as follow.  Sorry for the hastle, appreciate your understanding.

 

OTL logfile created on: 2/15/2013 8:06:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\goregasm\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.98 Gb Total Physical Memory | 14.65 Gb Available Physical Memory | 91.64% Memory free
21.48 Gb Paging File | 20.13 Gb Available in Paging File | 93.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.90 Gb Total Space | 92.45 Gb Free Space | 77.75% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1862.78 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
 
Computer Name: GOREGASM-PC | User Name: goregasm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/15 20:04:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\goregasm\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/07/25 23:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 22:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 22:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/26 00:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/26 00:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/26 00:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 23:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 23:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 23:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 21:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 17:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/28 21:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/02 09:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/06/02 09:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 CB EE AF 9A 08 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{573079D5-78E7-4450-8EC0-2EF8C9175E5A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
 CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/15 20:04:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\goregasm\Desktop\OTL.exe
[2013/02/11 16:07:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\goregasm\Desktop\dds.com
[2013/02/11 16:00:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\goregasm\Desktop\aswMBR.exe
[2013/02/11 15:59:35 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Roaming\Macromedia
[2013/02/11 15:22:15 | 000,000,000 | R--D | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/11 15:22:15 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Searches
[2013/02/11 15:22:15 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Contacts
[2013/02/11 15:22:15 | 000,000,000 | R--D | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/11 15:22:15 | 000,000,000 | -H-D | C] -- C:\Users\goregasm\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/02/11 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Roaming\Adobe
[2013/02/11 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Local\VirtualStore
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\AppData\Local\Temporary Internet Files
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Templates
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Start Menu
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\SendTo
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Recent
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\PrintHood
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\NetHood
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Documents\My Videos
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Documents\My Pictures
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Documents\My Music
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\My Documents
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Local Settings
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\AppData\Local\History
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Cookies
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\Application Data
[2013/02/11 15:21:56 | 000,000,000 | -HSD | C] -- C:\Users\goregasm\AppData\Local\Application Data
[2013/02/11 15:21:56 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Local\Packages
[2013/02/11 15:21:55 | 000,000,000 | --SD | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Videos
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Saved Games
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Pictures
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Music
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Links
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Favorites
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Downloads
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Documents
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\Desktop
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/02/11 15:21:55 | 000,000,000 | R--D | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/02/11 15:21:55 | 000,000,000 | -H-D | C] -- C:\Users\goregasm\AppData
[2013/02/11 15:21:55 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Local\Temp
[2013/02/11 15:21:55 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Local\Microsoft
[2013/02/11 15:21:55 | 000,000,000 | ---D | C] -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/02/11 15:14:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/16 05:00:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/16 05:00:49 | 843,251,709 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/15 20:05:17 | 000,803,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 20:05:17 | 000,682,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 20:05:17 | 000,124,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/15 20:04:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\goregasm\Desktop\OTL.exe
[2013/02/15 20:02:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 16:46:41 | 000,000,000 | ---- | M] () -- C:\Users\goregasm\defogger_reenable
[2013/02/11 16:32:49 | 000,050,477 | ---- | M] () -- C:\Users\goregasm\Desktop\Defogger.exe
[2013/02/11 16:07:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\goregasm\Desktop\dds.com
[2013/02/11 16:01:44 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\goregasm\Desktop\aswMBR.exe
[2013/02/11 15:59:30 | 000,001,428 | ---- | M] () -- C:\Users\goregasm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/11 15:35:19 | 000,000,017 | ---- | M] () -- C:\Users\goregasm\AppData\Local\resmon.resmoncfg
[2013/02/11 15:15:37 | 000,044,876 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/02/11 15:15:37 | 000,044,876 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013/02/11 16:46:41 | 000,000,000 | ---- | C] () -- C:\Users\goregasm\defogger_reenable
[2013/02/11 16:32:49 | 000,050,477 | ---- | C] () -- C:\Users\goregasm\Desktop\Defogger.exe
[2013/02/11 15:59:30 | 000,001,428 | ---- | C] () -- C:\Users\goregasm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/11 15:35:19 | 000,000,017 | ---- | C] () -- C:\Users\goregasm\AppData\Local\resmon.resmoncfg
[2013/02/11 15:22:14 | 000,001,434 | ---- | C] () -- C:\Users\goregasm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/02/11 15:21:56 | 000,000,352 | ---- | C] () -- C:\Users\goregasm\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/11 15:21:56 | 000,000,334 | ---- | C] () -- C:\Users\goregasm\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/02/11 15:16:06 | 843,251,709 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/11 15:15:00 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2012/08/27 16:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 19:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 22:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 22:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
<  %SYSTEMDRIVE%\*.* >
[2012/07/25 22:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 09:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2013/02/16 05:00:49 | 843,251,709 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 05:00:50 | 1610,612,735 | -HS- | M] () -- C:\pagefile.sys
[2013/02/16 05:00:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
 
<  %systemroot%\*. /mp /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >



#4 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 15 February 2013 - 09:37 PM

OTL Extras logfile created on: 2/15/2013 8:06:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\goregasm\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.98 Gb Total Physical Memory | 14.65 Gb Available Physical Memory | 91.64% Memory free
21.48 Gb Paging File | 20.13 Gb Available in Paging File | 93.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.90 Gb Total Space | 92.45 Gb Free Space | 77.75% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1862.78 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
 
Computer Name: GOREGASM-PC | User Name: goregasm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26585FB5-B7B2-490B-925A-04BB83469462}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2A7B4117-B735-44BF-B946-8771BEF692BC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{32DC07BD-93B6-4AC4-A345-5B9F5983AF1C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{44BADBB5-62EE-43FC-8758-C7B5F128FD4F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{6CB7675D-B22A-4D90-9098-B041FC00EE39}" = dir=out | name=windows_ie_ac_001 |
"{6D78DD6F-9B71-47CD-B18A-5115816BE5AD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A605F3AC-08C7-455B-A51B-BD46A7B5A119}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A8A44995-DAA2-4BCC-A000-EC2E86AD627F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AFBB1B39-2B64-4AB6-9A49-7BDE518FF82B}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{CB951E80-360C-4882-9E6E-884821946078}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{CECAE886-DA5D-46FE-BE6C-4D0D55ADCF58}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D16A301A-21E1-4FC0-A298-71FB7ABCC1FE}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D286C911-159C-4DDE-9706-FA29DD505460}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{DB70F55B-187E-4A88-A659-8CA029C897B5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E0515AF8-FD8A-41C1-8A4D-6A459C967B95}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E744172B-0E72-4261-A2E7-841B7890270B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7FEDAB8-E193-4B88-A5F1-7C7CFB025111}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{F0ED9BC2-2054-4579-90CB-85B45CC873A4}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FD72BC0E-64DF-435E-BBB9-E7B70DB80E19}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/11/2013 4:21:56 PM | Computer Name = goregasm-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80070057
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c752c2e0-7c17-4af4-bba6-6f8aa1e698bc;NotificationInterval=1440;Trigger=TimerEvent
 
Error - 2/11/2013 4:21:57 PM | Computer Name = goregasm-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80070057
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c752c2e0-7c17-4af4-bba6-6f8aa1e698bc;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 2/11/2013 9:11:47 PM | Computer Name = goregasm-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80070057
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c752c2e0-7c17-4af4-bba6-6f8aa1e698bc;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
[ System Events ]
Error - 2/11/2013 4:14:58 PM | Computer Name = WIN-LCMJLH06SK2 | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
 
< End of report >
 



#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:31 PM

Posted 16 February 2013 - 12:08 AM

Hello jhp11b,

 

OK thank you for those logs. Nothing there.

 

Please download aswMBR by gmerto your Desktop.

  • Please visit this site for instructions on how to run the tool.
  • Once familiar with this tool, double click aswMBR.exe to run it.
  • Click the Scan button to start the scan.
  • Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.

 

=====

 

  • Also, please download MBRScan and save it to your Desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on Run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your Desktop and post its content in your next reply.

 

=====

 

Please provide the contents of both logs in your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 16 February 2013 - 12:29 AM

aswMBR.exe stops shortly after running, when windows says it encounters an error, last thing it scans is "Service WInDefend C:Program Files".  Attaching a screenshot, downloading the 2nd tool now.

Attached Files



#7 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 16 February 2013 - 12:33 AM

Here's the mbrscan.exe report log.  Thanks so much for your help and patience.

 

 

MBRScan v1.1.1
OS             : Windows 8  (64 bit)
PROCESSOR      : AMD64 Family 21 Model 1 Stepping 2, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2013/02/16 (ISO 8601) at 00:30:51
________________________________________________________________________________
DISK           : Device\Harddisk0\DR0 __SanDisk SDSSDP128G (2.0.0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
DISK           : Device\Harddisk1\DR1 __ST2000DM001-9YN164 (CC4B)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 119.2 Go  [Fixed] ==> 7 MBR Code
MBR_MD5   : CE273335EE218629DC1E13975617CAF8
MBR_SHA1  : C177A290167B9E0D6B89DCF278543A78075700F9
Device\Harddisk0\Partition1 350.0 Mo   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 118.9 Go   0x07 NTFS / HPFS
________________________________________________________________________________
Device\Harddisk1\DR1 1.82 To  [Fixed] ==> 7 MBR Code
MBR_MD5   : B53AF0DAA8EE90F95E4C9A181E727E89
MBR_SHA1  : 651BE419B629F7B0FF553B23D05350C9714E0266
Device\Harddisk1\Partition1 1.82 To   0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER  : C:\Windows\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0xF547F000
SIZE    : 7.28 Mo
DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0xF5413000
SIZE    : 432.0 Ko
DRIVER  : C:\Windows\system32\kd.dll => Invisible on the disk
ADDRESS : 0xF4BA0000
SIZE    : 36.0 Ko
DRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00CD8000
SIZE    : 112.0 Ko
DRIVER  : C:\Windows\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CF4000
SIZE    : 368.0 Ko
DRIVER  : C:\Windows\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0x00D50000
SIZE    : 140.0 Ko
DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 508.0 Ko
DRIVER  : C:\Windows\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x00D92000
SIZE    : 396.0 Ko
DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x0106F000
SIZE    : 776.0 Ko
DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x01131000
SIZE    : 64.0 Ko
DRIVER  : C:\Windows\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0x01141000
SIZE    : 92.0 Ko
DRIVER  : C:\Windows\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0x01158000
SIZE    : 44.0 Ko
DRIVER  : C:\Windows\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x01163000
SIZE    : 436.0 Ko
DRIVER  : C:\Windows\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x011D0000
SIZE    : 40.0 Ko
DRIVER  : C:\Windows\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x011DA000
SIZE    : 40.0 Ko
DRIVER  : C:\Windows\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 244.0 Ko
DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01284000
SIZE    : 560.0 Ko
DRIVER  : C:\Windows\system32\drivers\tpm.sys => Invisible on the disk
ADDRESS : 0x01310000
SIZE    : 160.0 Ko
DRIVER  : C:\Windows\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x01343000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0x01350000
SIZE    : 92.0 Ko
DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x01367000
SIZE    : 104.0 Ko
DRIVER  : C:\Windows\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0x01381000
SIZE    : 292.0 Ko
DRIVER  : C:\Windows\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x013CA000
SIZE    : 96.0 Ko
DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 384.0 Ko
DRIVER  : C:\Windows\System32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x01260000
SIZE    : 32.0 Ko
DRIVER  : C:\Windows\System32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01268000
SIZE    : 60.0 Ko
DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x013E2000
SIZE    : 104.0 Ko
DRIVER  : C:\Windows\System32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x01277000
SIZE    : 40.0 Ko
DRIVER  : C:\Windows\System32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x00C7F000
SIZE    : 208.0 Ko
DRIVER  : C:\Windows\System32\drivers\EhStorClass.sys => Invisible on the disk
ADDRESS : 0x0103D000
SIZE    : 104.0 Ko
DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01418000
SIZE    : 384.0 Ko
DRIVER  : C:\Windows\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01478000
SIZE    : 80.0 Ko
DRIVER  : C:\Windows\system32\drivers\WdFilter.sys => Invisible on the disk
ADDRESS : 0x0148C000
SIZE    : 264.0 Ko
DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01628000
SIZE    : 1.89 Mo
DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x0180B000
SIZE    : 108.0 Ko
DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01826000
SIZE    : 68.0 Ko
DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01837000
SIZE    : 40.0 Ko
DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01841000
SIZE    : 1004.0 Ko
DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0193C000
SIZE    : 448.0 Ko
DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x019AC000
SIZE    : 188.0 Ko
DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01A63000
SIZE    : 2.21 Mo
DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01C99000
SIZE    : 416.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\wfplwfs.sys => Invisible on the disk
ADDRESS : 0x01D01000
SIZE    : 108.0 Ko
DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01D1C000
SIZE    : 472.0 Ko
DRIVER  : C:\Windows\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01D92000
SIZE    : 340.0 Ko
DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 236.0 Ko
DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01A3B000
SIZE    : 92.0 Ko
DRIVER  : C:\Windows\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x019DB000
SIZE    : 112.0 Ko
DRIVER  : C:\Windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x014CE000
SIZE    : 344.0 Ko
DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x01DE7000
SIZE    : 80.0 Ko
DRIVER  : C:\Windows\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x01524000
SIZE    : 196.0 Ko
DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0161E000
SIZE    : 36.0 Ko
DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x019F7000
SIZE    : 32.0 Ko
DRIVER  : C:\Windows\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0x01555000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x07E83000
SIZE    : 1.40 Mo
DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x07FEA000
SIZE    : 68.0 Ko
DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x07E00000
SIZE    : 312.0 Ko
DRIVER  : C:\Windows\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0x07E4E000
SIZE    : 68.0 Ko
DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x07E5F000
SIZE    : 72.0 Ko
DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x07E71000
SIZE    : 48.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01562000
SIZE    : 136.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01584000
SIZE    : 56.0 Ko
DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01592000
SIZE    : 352.0 Ko
DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x07CC6000
SIZE    : 584.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x07D58000
SIZE    : 168.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x07D82000
SIZE    : 88.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x07D98000
SIZE    : 64.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x07C00000
SIZE    : 456.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x07C72000
SIZE    : 104.0 Ko
DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x07C8C000
SIZE    : 56.0 Ko
DRIVER  : C:\Windows\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0x07C9A000
SIZE    : 48.0 Ko
DRIVER  : C:\Windows\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x07CA6000
SIZE    : 48.0 Ko
DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x07CB2000
SIZE    : 68.0 Ko
DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x07DA8000
SIZE    : 132.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x07DD9000
SIZE    : 48.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x0804F000
SIZE    : 188.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x0807E000
SIZE    : 120.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x0809C000
SIZE    : 96.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x080B4000
SIZE    : 176.0 Ko
DRIVER  : C:\Windows\System32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x080E0000
SIZE    : 60.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\kdnic.sys => Invisible on the disk
ADDRESS : 0x080EF000
SIZE    : 44.0 Ko
DRIVER  : C:\Windows\System32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x080FA000
SIZE    : 72.0 Ko
DRIVER  : C:\Windows\System32\drivers\amdppm.sys => Invisible on the disk
ADDRESS : 0x0810C000
SIZE    : 112.0 Ko
DRIVER  : C:\Windows\System32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x08128000
SIZE    : 40.0 Ko
DRIVER  : C:\Windows\System32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x08132000
SIZE    : 88.0 Ko
DRIVER  : C:\Windows\System32\drivers\USBXHCI.SYS => Invisible on the disk
ADDRESS : 0x08148000
SIZE    : 348.0 Ko
DRIVER  : C:\Windows\System32\drivers\ucx01000.sys => Invisible on the disk
ADDRESS : 0x0819F000
SIZE    : 224.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\Rt630x64.sys => Invisible on the disk
ADDRESS : 0x0780A000
SIZE    : 592.0 Ko
DRIVER  : C:\Windows\System32\drivers\usbohci.sys => Invisible on the disk
ADDRESS : 0x0789E000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\System32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x078AB000
SIZE    : 492.0 Ko
DRIVER  : C:\Windows\System32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x07926000
SIZE    : 88.0 Ko
DRIVER  : C:\Windows\System32\drivers\serial.sys => Invisible on the disk
ADDRESS : 0x0793C000
SIZE    : 96.0 Ko
DRIVER  : C:\Windows\System32\drivers\serenum.sys => Invisible on the disk
ADDRESS : 0x07954000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x07961000
SIZE    : 132.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x07982000
SIZE    : 148.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x079A7000
SIZE    : 104.0 Ko
DRIVER  : C:\Windows\System32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x079C1000
SIZE    : 8.0 Ko
DRIVER  : C:\Windows\System32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x08000000
SIZE    : 316.0 Ko
DRIVER  : C:\Windows\System32\drivers\rdpbus.sys => Invisible on the disk
ADDRESS : 0x079C3000
SIZE    : 44.0 Ko
DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x079CE000
SIZE    : 80.0 Ko
DRIVER  : C:\Windows\System32\drivers\usbhub.sys => Invisible on the disk
ADDRESS : 0x08AB0000
SIZE    : 500.0 Ko
DRIVER  : C:\Windows\System32\drivers\USBD.SYS => Invisible on the disk
ADDRESS : 0x08B2D000
SIZE    : 44.0 Ko
DRIVER  : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x08B38000
SIZE    : 352.0 Ko
DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x08B90000
SIZE    : 300.0 Ko
DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x08BDB000
SIZE    : 136.0 Ko
DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x08A00000
SIZE    : 24.0 Ko
DRIVER  : C:\Windows\System32\drivers\UsbHub3.sys => Invisible on the disk
ADDRESS : 0x08A06000
SIZE    : 460.0 Ko
DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x08A79000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x08A86000
SIZE    : 40.0 Ko
DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x08A90000
SIZE    : 80.0 Ko
DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x0004C000
SIZE    : 3.96 Mo
DRIVER  : C:\Windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x08AA4000
SIZE    : 32.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x079E2000
SIZE    : 56.0 Ko
DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x0062C000
SIZE    : 36.0 Ko
DRIVER  : C:\Windows\System32\drivers\hidusb.sys => Invisible on the disk
ADDRESS : 0x079F0000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x081D7000
SIZE    : 108.0 Ko
DRIVER  : C:\Windows\System32\drivers\mouhid.sys => Invisible on the disk
ADDRESS : 0x081F2000
SIZE    : 48.0 Ko
DRIVER  : C:\Windows\System32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x07DE5000
SIZE    : 60.0 Ko
DRIVER  : C:\Windows\System32\drivers\usbccgp.sys => Invisible on the disk
ADDRESS : 0x00CB3000
SIZE    : 140.0 Ko
DRIVER  : C:\Windows\System32\drivers\kbdhid.sys => Invisible on the disk
ADDRESS : 0x07DC9000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\System32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x01A52000
SIZE    : 60.0 Ko
DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x09A94000
SIZE    : 160.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x09ABC000
SIZE    : 80.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x09AD0000
SIZE    : 440.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x09B3E000
SIZE    : 80.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x09B52000
SIZE    : 96.0 Ko
DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x0A0E9000
SIZE    : 880.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x0A1C5000
SIZE    : 128.0 Ko
DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x0A1E5000
SIZE    : 92.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x0A000000
SIZE    : 392.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0A062000
SIZE    : 300.0 Ko
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0A0AD000
SIZE    : 232.0 Ko
DRIVER  : C:\Windows\system32\drivers\Ndu.sys => Invisible on the disk
ADDRESS : 0x09B6A000
SIZE    : 112.0 Ko
DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0A23F000
SIZE    : 812.0 Ko
DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0A30A000
SIZE    : 44.0 Ko
DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x0A315000
SIZE    : 272.0 Ko
DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0A359000
SIZE    : 72.0 Ko
DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0A83A000
SIZE    : 640.0 Ko
DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0A8DA000
SIZE    : 564.0 Ko
DRIVER  : C:\Windows\System32\drivers\condrv.sys => Invisible on the disk
ADDRESS : 0x0A967000
SIZE    : 52.0 Ko
DRIVER  : C:\Windows\System32\drivers\rdpvideominiport.sys => Invisible on the disk
ADDRESS : 0x0A974000
SIZE    : 44.0 Ko
DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x0086B000
SIZE    : 216.0 Ko
DRIVER  : C:\Users\goregasm\AppData\Local\Temp\aswMBR.sys => Invisible on the disk
ADDRESS : 0x0A9AA000
SIZE    : 60.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions :  NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR   \Device\Harddisk0\DR0 
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A C6 BB 9E 7A 00 00 80 20   em...c{.Æ».z...
0x000001C0   21 00 07 BE 12 2C 00 08 00 00 00 F0 0A 00 00 BE   !..¾.,.....ð...¾
0x000001D0   13 2C 07 FE FF FF 00 F8 0A 00 00 C0 DC 0E 00 00   .,.þ...ø...ÀÜ...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
_______MBR   \Device\Harddisk1\DR1 
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 1A 9E 51 87 00 00 00 20   em...c{...Q....
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 78 E0 E8 00 00   !..þ.......xàè..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª


#8 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 16 February 2013 - 01:03 AM

Is aswmbr.exe not supposed to update avast definitions when it starts? the site didn't mention being prompted for updates and whether to decline or allow, so I let it update?  =\ should I have not?  I just realized the file that's downloading to my desktop is 4.51 mg and the site says its supposed to be 1870 :(


Edited by jhp11b, 16 February 2013 - 01:07 AM.


#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:31 PM

Posted 16 February 2013 - 06:19 AM

Hello jhp11b,

 

Please ignore aswMBR for the interim.

 

  • Please re-run MBRScan.
  • Click Dump.
  • Once you have selected your MBR code, please click Dump Selected MBR (if there are multiple codes please do this for each of them).


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 16 February 2013 - 10:01 AM

Whats supposed to happen when I select dump in MbrScan?  It creates an icon for each disk dump on the desktop "Dump_DR0.mbr" "Dump_DR1.mbr" do I then download the unpacker that the windows app store suggests, and extract the files it created?  or its done and repost report log from MbrScan?


Edited by jhp11b, 16 February 2013 - 10:04 AM.


#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:31 PM

Posted 16 February 2013 - 05:53 PM

Hello jhp11b,

 

Please attach them to your post so I can take a look.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 16 February 2013 - 07:04 PM

These are the dump files that were created on the desktop, I'm pretty sure I remember reading to zip stuff like this.  Hope that's what you need, holler if not, thanks for your patience.

Attached Files



#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:31 PM

Posted 16 February 2013 - 07:41 PM

Hey jhp11b,

 

  • Please download ListParts64 to your Desktop.
  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post the contents of the log in your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 jhp11b

jhp11b
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 17 February 2013 - 02:41 AM

ListParts by Farbar Version: 16-01-2013
Ran by goregasm (administrator) on 17-02-2013 at 02:39:13
Windows 8 (X64)
Running From: C:\Users\goregasm\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 4%
Total physical RAM: 16365.24 MB
Available physical RAM: 15680.4 MB
Total Pagefile: 21997.24 MB
Available Pagefile: 21097.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:118.9 GB) (Free:75.5 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1862.78 GB) NTFS


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          119 GB      0 B        
  Disk 1    Online         1863 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 7A9EBBC6

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            350 MB  1024 KB
  Partition 2    Primary            118 GB   351 MB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         System Rese  NTFS   Partition    350 MB  Healthy    System (partition with boot components) 

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    118 GB  Healthy    Boot   

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 87519E1A

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1863 GB  1024 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   New Volume   NTFS   Partition   1863 GB  Healthy           

======================================================================================================

****** End Of Log ******



#15 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:31 PM

Posted 17 February 2013 - 04:53 AM

Hey jhp11b,

 

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that.  The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like  ImgBurn that can burn an .ISO image.  I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.


Follow the directions here, but you will find some differences.  

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever).
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update.
Back to other tab and click Start Object Scan.
When scan has completed save a report:
On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users