Inactive Stubborn infection

M

Michael King

Posts: 48   +0
I had the "S.M.A.R.T. Data Recovery" virus. I removed most of it with RogueKiller, and recovered my files with Unhide.exe. However, I still have something lingering that plays commericals in the background by launching an explorer process to connect to a remote website. If more is going on behind the scenes (probably is), I don't know what. Malwarebytes can't find anything more, Avira says it detects hidden objects and a hidden process, and recommends using a rescue disk. The rescue disk doesn't find anything when run. GMER doesn't find anything. However, Malwarebytes does detect the virus trying to connect to a remote computer and blocks it (usually, sometimes the commercials still play). Also, the virus attempts to hijack google searches, but NoScript blocks that. Anyway, my logs are in the following posts.
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: MICHAEL-PC [administrator]

Protection: Enabled

7/23/2012 1:01:28 PM
mbam-log-2012-07-23 (13-01-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 223413
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 14:17:05 on 2012-07-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5980 [GMT -5:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Rosewill\Common\RaUI.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROSEWI~1.LNK - C:\Program Files (x86)\Rosewill\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30166C5C-CC98-4470-8810-3E4284410249} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{5341C763-EEC9-4D71-B634-12E87573BAC2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE1634B9-0F93-4E97-A3F8-6D15AEACFF8E} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\00rwosbz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3057722&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 73aa2067-e537-40cf-8eeb-22985e224958
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\system32\DRIVERS\amdide64.sys --> C:\Windows\system32\DRIVERS\amdide64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-27 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-27 110032]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2012-3-18 22528]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-11-27 68136]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe [2012-1-16 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe [2012-1-16 212256]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 gcdbus;Driver for gBurner SCSI Host Controller;C:\Windows\system32\DRIVERS\gcdbus.sys --> C:\Windows\system32\DRIVERS\gcdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-12-1 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-23 17:50:39 98816 ----a-w- C:\Windows\sed.exe
2012-07-23 17:50:39 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-23 17:50:39 256000 ----a-w- C:\Windows\PEV.exe
2012-07-23 17:50:39 208896 ----a-w- C:\Windows\MBR.exe
2012-07-23 17:49:40 -------- d-s---w- C:\commy32243c
2012-07-23 17:46:13 -------- d-s---w- C:\commy
2012-07-20 07:03:12 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70065EB6-5CEC-4524-9A70-BE08D1EA82D8}\offreg.dll
2012-07-20 06:57:31 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70065EB6-5CEC-4524-9A70-BE08D1EA82D8}\mpengine.dll
2012-07-15 03:07:54 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-15 03:07:52 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-07-15 03:07:51 53248 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-07-15 03:07:50 126976 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-07-15 03:07:49 217088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-07-15 03:07:46 598016 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-07-15 03:07:44 114688 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-07-15 02:59:51 57344 ----a-w- C:\Windows\uneng.exe
2012-07-15 02:59:50 66000 ----a-w- C:\Windows\SysWow64\drivers\Cdr4vsd.sys
2012-07-15 02:59:50 49152 ----a-w- C:\Windows\SysWow64\cdrtc.dll
2012-07-15 02:59:50 45056 ----a-w- C:\Windows\SysWow64\cdral.dll
2012-07-15 02:59:50 27388 ----a-w- C:\Windows\SysWow64\drivers\cdralwnt.sys
2012-07-15 02:59:50 -------- d-----w- C:\Program Files (x86)\Common Files\Adaptec Shared
2012-07-14 22:17:09 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-14 22:17:09 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-14 14:26:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 14:26:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-14 14:26:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 01:33:00 -------- d-----w- C:\Users\Administrator\AppData\Local\AMD
2012-07-14 01:32:50 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-14 01:31:00 -------- d-----w- C:\ProgramData\AMD
2012-07-14 01:30:53 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-07-14 01:24:29 -------- d-----w- C:\AMD
2012-07-11 23:06:26 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 09:15:15 1558016 ----a-w- C:\RogueKiller.exe
2012-07-11 08:11:59 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 00:15:20 -------- d-----w- C:\Program Files\Ventrilo
2012-07-11 00:13:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-07 13:26:15 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-07 13:26:01 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-07 13:25:46 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
.
==================== Find3M ====================
.
2012-07-23 19:10:44 23080 ----a-w- C:\Windows\gdrv.sys
2012-07-12 00:06:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 00:06:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-04 05:09:22 45056 ----a-w- C:\Windows\System32\atitmp64.dll
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-25 05:31:05 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-25 05:31:05 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-09 01:46:57 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 14:25:49.21 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2011 1:54:12 PM
System Uptime: 7/23/2012 2:10:16 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790X-UD4P
Processor: AMD Phenom(tm) II X3 720 Processor | Socket M2 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 171.097 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4500_Help
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AMD VISION Engine Control Center
Avira Free Antivirus
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Configuration Utility
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Counter-Strike: Condition Zero
Counter-Strike: Condition Zero Deleted Scenes
Counter-Strike: Source
Curse Client - 1
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
EasySaver B8.1224.1
Fax
Foxit Reader 5.0
gBurner Virtual Drive
Gigabyte Raid Configurer
GoldenEye: Source - HalfLife 2 Mod
Google Chrome
Google Update Helper
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Update
HydraVision
IsoBuster 3.0
J4500
Malwarebytes Anti-Malware version 1.62.0.1300
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ProductContext
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Rosewill Wireless N USB Adapter
Roxio CDEngine
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Source SDK Base 2007
Status
Steam
swMSM
Toolbox
TrayApp
UltraISO Premium V8.63
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WebReg
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/23/2012 2:12:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdralwnt
7/23/2012 2:12:50 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/23/2012 2:10:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00026FBF83AB has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/23/2012 2:10:38 PM, Error: EventLog [6008] - The previous system shutdown at 2:06:23 PM on 7/23/2012 was unexpected.
7/23/2012 2:10:32 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Cdralwnt.SYS has been blocked from loading due to incompatibility with this system.

Please contact your software vendor for a compatible version of the driver.
7/23/2012 12:44:14 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
7/23/2012 12:44:14 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
7/20/2012 6:12:39 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00026FBF83AB has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/20/2012 6:12:32 PM, Error: EventLog [6008] - The previous system shutdown at 1:12:22 PM on 7/20/2012 was unexpected.
7/19/2012 8:44:53 AM, Error: EventLog [6008] - The previous system shutdown at 3:48:38 AM on 7/19/2012 was unexpected.
7/19/2012 4:33:32 PM, Error: EventLog [6008] - The previous system shutdown at 4:27:41 PM on 7/19/2012 was unexpected.
7/17/2012 3:04:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00026FBF83AB has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/16/2012 6:26:51 PM, Error: EventLog [6008] - The previous system shutdown at 12:32:01 PM on 7/16/2012 was unexpected.
7/16/2012 3:04:03 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
 
Oh, here is an additional log which may be of help.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 152):
0x0260D000 \SystemRoot\system32\ntoskrnl.exe
0x02B25000 \SystemRoot\system32\hal.dll
0x00603000 \SystemRoot\system32\kdcom.dll
0x00606000 \SystemRoot\system32\PSHED.dll
0x0061A000 \SystemRoot\system32\CLFS.SYS
0x00677000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F1000 \SystemRoot\system32\drivers\acpi.sys
0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095A000 \SystemRoot\system32\drivers\pci.sys
0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
0x00729000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B3000 \SystemRoot\system32\drivers\pciide.sys
0x009BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CA000 \SystemRoot\system32\DRIVERS\amdide64.sys
0x009D1000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E4000 \SystemRoot\system32\drivers\atapi.sys
0x0078F000 \SystemRoot\system32\drivers\ataport.SYS
0x007B3000 \SystemRoot\system32\DRIVERS\jraid.sys
0x007CE000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00A05000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A60000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0F000 \SystemRoot\system32\drivers\ndis.sys
0x00AE7000 \SystemRoot\system32\drivers\msrpc.sys
0x00B37000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E01000 \SystemRoot\System32\drivers\tcpip.sys
0x00F75000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01005000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01185000 \SystemRoot\system32\drivers\volsnap.sys
0x011C9000 \SystemRoot\System32\Drivers\spldr.sys
0x011D1000 \SystemRoot\System32\Drivers\mup.sys
0x00FA1000 \SystemRoot\System32\drivers\ecache.sys
0x011E3000 \SystemRoot\system32\drivers\disk.sys
0x00FCD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011F7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x00DD2000 \SystemRoot\system32\drivers\crcdisk.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00B90000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00B99000 \SystemRoot\system32\DRIVERS\processr.sys
0x00BAC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x06407000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0660F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x06466000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x071C2000 \SystemRoot\System32\drivers\watchdog.sys
0x07207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x072F4000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x07325000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x07341000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0734C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x07392000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x073A3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x073B5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x073C5000 \SystemRoot\system32\DRIVERS\serial.sys
0x073E2000 \SystemRoot\system32\DRIVERS\serenum.sys
0x06549000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x06582000 \SystemRoot\system32\DRIVERS\storport.sys
0x073EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x071D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x065DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x07402000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x07420000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x07438000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0744B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x07459000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x07465000 \SystemRoot\system32\DRIVERS\gcdbus.sys
0x07498000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0749A000 \SystemRoot\system32\DRIVERS\ks.sys
0x074CE000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x074E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x074ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x074FD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07545000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07559000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x07586000 \SystemRoot\system32\drivers\portcls.sys
0x075C1000 \SystemRoot\system32\drivers\drmk.sys
0x075E4000 \SystemRoot\system32\drivers\ksthunk.sys
0x08208000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0838B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x08395000 \SystemRoot\System32\Drivers\Null.SYS
0x083A9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x083B1000 \SystemRoot\System32\drivers\vga.sys
0x083BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x083E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x083ED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0839E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x075EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x083F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x08403000 \SystemRoot\system32\DRIVERS\tdx.sys
0x08420000 \SystemRoot\system32\DRIVERS\smb.sys
0x0843B000 \SystemRoot\system32\drivers\afd.sys
0x084A6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x084EA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x08508000 \SystemRoot\system32\DRIVERS\netbios.sys
0x08517000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x08532000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0857F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0858B000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
0x085A7000 \SystemRoot\System32\Drivers\dfsc.sys
0x085C4000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x085CE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x00DDC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x085F5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x085F7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00BE6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x071F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x065EF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x009EC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08200000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x08802000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0882C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08844000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x08948000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x08953000 \SystemRoot\System32\drivers\Dxapi.sys
0x0895F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x08972000 \SystemRoot\system32\drivers\luafv.sys
0x08994000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0A60D000 \SystemRoot\system32\drivers\spsys.sys
0x0A6A7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0A6BB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0A6EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0A6FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0A712000 \SystemRoot\system32\drivers\HTTP.sys
0x0A7B5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A7C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x089B4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x089D2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0B602000 \SystemRoot\system32\drivers\mrxdav.sys
0x0B629000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0B652000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0B69B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0B6BA000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0B6EC000 \SystemRoot\System32\DRIVERS\srv.sys
0x0B77F000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x0C808000 \SystemRoot\system32\drivers\peauth.sys
0x0C8BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0C8C9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0C8D9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0C8F9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0C90F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0C92B000 \??\C:\Windows\gdrv.sys
0x0C934000 \??\C:\Windows\system32\drivers\mbam.sys
0x0C93E000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x771C0000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
532 csrss.exe
596 C:\Windows\System32\wininit.exe
620 csrss.exe
652 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\atiesrxx.exe
460 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\audiodg.exe
876 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\SLsvc.exe
1096 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\atieclxx.exe
1444 C:\Windows\System32\wlanext.exe
1548 C:\Windows\System32\spoolsv.exe
1572 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1744 C:\Windows\System32\svchost.exe
1952 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2040 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1208 C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
1048 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
712 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2236 C:\Windows\System32\taskeng.exe
2260 C:\Windows\System32\dwm.exe
2344 C:\Windows\System32\taskeng.exe
2364 C:\Windows\explorer.exe
2580 C:\Windows\System32\svchost.exe
2660 C:\Windows\System32\svchost.exe
2672 C:\Windows\System32\svchost.exe
2696 C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
2708 C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
2732 C:\Windows\System32\svchost.exe
2788 C:\Windows\System32\svchost.exe
2836 C:\Windows\System32\SearchIndexer.exe
2924 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2964 WUDFHost.exe
3068 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1132 C:\Program Files\Windows Defender\MSASCui.exe
3088 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3116 C:\Program Files\Windows Sidebar\sidebar.exe
3200 C:\Windows\ehome\ehtray.exe
3300 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3364 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3456 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3492 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3516 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3560 C:\Windows\ehome\ehmsas.exe
3608 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3616 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
3876 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4016 C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
3284 WmiPrvSE.exe
3572 C:\Windows\System32\svchost.exe
4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
4456 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4884 C:\Program Files\Windows Media Player\wmpnetwk.exe
4704 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
1356 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5992 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
5356 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5908 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5104 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
5688 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
3628 C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
5020 C:\Windows\System32\prevhost.exe
824 C:\commy32243c\CF21714.3XE
1612 C:\Users\Administrator\Desktop\MBRCheck.exe
3140 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
Re-Run MBRCheck.exe

  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file. and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 3 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply
 
I re-ran MBRCheck.exe, and followed your instructions. The program reported it was out of memory when attempting to generate a dump of PhysicalDrive3. However, I was able to generate a dump of PhysicalDrive0.

I may have a different version than you, as it did not present me with a menu of operating system after asking for a dump file.

Regardless, attached is the dump file generated.

It would not let me upload a file with a .dat extension, so I zipped it.
 

Attachments

  • dump.zip
    599 bytes · Views: 2
Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 3 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
    Click to expand...
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 152):
0x02600000 \SystemRoot\system32\ntoskrnl.exe
0x02B18000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x00607000 \SystemRoot\system32\PSHED.dll
0x0061B000 \SystemRoot\system32\CLFS.SYS
0x00678000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\System32\drivers\partmgr.sys
0x0099E000 \SystemRoot\system32\drivers\volmgr.sys
0x0072A000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B2000 \SystemRoot\system32\drivers\pciide.sys
0x009B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C9000 \SystemRoot\system32\DRIVERS\amdide64.sys
0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E3000 \SystemRoot\system32\drivers\atapi.sys
0x00790000 \SystemRoot\system32\drivers\ataport.SYS
0x007B4000 \SystemRoot\system32\DRIVERS\jraid.sys
0x007CF000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00A09000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A50000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A64000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C04000 \SystemRoot\system32\drivers\ndis.sys
0x00AEB000 \SystemRoot\system32\drivers\msrpc.sys
0x00B3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys
0x00F82000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\volsnap.sys
0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
0x011D4000 \SystemRoot\System32\Drivers\mup.sys
0x00FAE000 \SystemRoot\System32\drivers\ecache.sys
0x011E6000 \SystemRoot\system32\drivers\disk.sys
0x00DC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x00FDA000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00B94000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00B9D000 \SystemRoot\system32\DRIVERS\processr.sys
0x00BB0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x06200000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x06404000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0625F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06FB7000 \SystemRoot\System32\drivers\watchdog.sys
0x0700A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x070F7000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x07128000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x07144000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0714F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x07195000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x071A6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x071B8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x071C8000 \SystemRoot\system32\DRIVERS\serial.sys
0x071E5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x06FC7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x06342000 \SystemRoot\system32\DRIVERS\storport.sys
0x071F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0639F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x063C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x063CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00BB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00BC9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00BE7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x009EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x07209000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x07217000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x07223000 \SystemRoot\system32\DRIVERS\gcdbus.sys
0x07256000 \SystemRoot\system32\DRIVERS\swenum.sys
0x07258000 \SystemRoot\system32\DRIVERS\ks.sys
0x0728C000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x072A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x072AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x072BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07303000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07317000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x07344000 \SystemRoot\system32\drivers\portcls.sys
0x0737F000 \SystemRoot\system32\drivers\drmk.sys
0x073A2000 \SystemRoot\system32\drivers\ksthunk.sys
0x0820C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0838F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x08399000 \SystemRoot\System32\Drivers\Null.SYS
0x083AD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x083B5000 \SystemRoot\System32\drivers\vga.sys
0x083C3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x083E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x083F1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x08200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x073A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x083A2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x073B9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x073D6000 \SystemRoot\system32\DRIVERS\smb.sys
0x08404000 \SystemRoot\system32\drivers\afd.sys
0x0846F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x084B3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x084BE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x084DC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x084EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x08506000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x08553000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0855F000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
0x0857B000 \SystemRoot\System32\Drivers\dfsc.sys
0x08598000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x085A2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x085C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x085E5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x085E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00FE4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x085F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0880E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x08838000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08846000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08852000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0885A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08872000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x08976000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x08981000 \SystemRoot\System32\drivers\Dxapi.sys
0x0898D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x089A0000 \SystemRoot\system32\drivers\luafv.sys
0x089C2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0A400000 \SystemRoot\system32\drivers\spsys.sys
0x0A49A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0A4AE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0A4E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0A4ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0A505000 \SystemRoot\system32\drivers\HTTP.sys
0x0A5A8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A5B3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A5DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x089E2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0B601000 \SystemRoot\system32\drivers\mrxdav.sys
0x0B628000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0B651000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0B69A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0B6B9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0B6EB000 \SystemRoot\System32\DRIVERS\srv.sys
0x0B77E000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x0C60B000 \SystemRoot\system32\drivers\peauth.sys
0x0C6C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0C6CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0C6DC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0C6FC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0C712000 \??\C:\Windows\gdrv.sys
0x0C71B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0C737000 \??\C:\Windows\system32\drivers\mbam.sys
0x77740000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
528 csrss.exe
592 C:\Windows\System32\wininit.exe
616 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\atiesrxx.exe
1016 C:\Windows\System32\svchost.exe
256 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\svchost.exe
636 C:\Windows\System32\audiodg.exe
512 C:\Windows\System32\svchost.exe
664 C:\Windows\System32\SLsvc.exe
828 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\wlanext.exe
1408 C:\Windows\System32\spoolsv.exe
1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1504 C:\Windows\System32\atieclxx.exe
1520 C:\Windows\System32\svchost.exe
1916 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1960 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1976 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1104 C:\Windows\System32\taskeng.exe
1532 C:\Windows\System32\taskeng.exe
2084 C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2132 C:\Windows\System32\dwm.exe
2172 C:\Windows\explorer.exe
2224 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
2244 C:\Windows\SysWOW64\svchost.exe
2396 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2524 C:\Windows\System32\svchost.exe
2572 C:\Windows\System32\svchost.exe
2604 C:\Windows\System32\svchost.exe
2628 C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
2668 C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
2740 C:\Windows\System32\svchost.exe
2772 C:\Windows\System32\svchost.exe
2800 C:\Windows\System32\SearchIndexer.exe
2904 WUDFHost.exe
2128 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
1648 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2448 C:\Program Files\Windows Sidebar\sidebar.exe
1600 C:\Program Files (x86)\Steam\Steam.exe
2000 C:\Windows\ehome\ehtray.exe
2564 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2644 C:\Program Files (x86)\Rosewill\Common\RaUI.exe
1896 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
2004 C:\Windows\ehome\ehmsas.exe
1092 C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
3648 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3664 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3680 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3720 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3744 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3956 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1548 WmiPrvSE.exe
4072 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
3404 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
3556 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
3592 C:\Windows\System32\svchost.exe
3540 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
4312 C:\Program Files\Windows Media Player\wmpnetwk.exe
4764 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4820 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3452 C:\Windows\System32\mobsync.exe
1576 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5044 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3884 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
4500 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
5112 C:\Windows\System32\taskmgr.exe
812 C:\Users\Administrator\Documents\CKS\CKS.exe
6028 C:\Windows\System32\svchost.exe
4448 C:\Users\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 3Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Out of memory!Could not read disk!


Done!
 
I may have jumped the gun here, but I assumed you wanted me to run this on the disk I actually use (Physical disk 0), so I did. Here is the log file from that.



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 152):
0x02600000 \SystemRoot\system32\ntoskrnl.exe
0x02B18000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x00607000 \SystemRoot\system32\PSHED.dll
0x0061B000 \SystemRoot\system32\CLFS.SYS
0x00678000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\System32\drivers\partmgr.sys
0x0099E000 \SystemRoot\system32\drivers\volmgr.sys
0x0072A000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B2000 \SystemRoot\system32\drivers\pciide.sys
0x009B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C9000 \SystemRoot\system32\DRIVERS\amdide64.sys
0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E3000 \SystemRoot\system32\drivers\atapi.sys
0x00790000 \SystemRoot\system32\drivers\ataport.SYS
0x007B4000 \SystemRoot\system32\DRIVERS\jraid.sys
0x007CF000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00A09000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A50000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A64000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C04000 \SystemRoot\system32\drivers\ndis.sys
0x00AEB000 \SystemRoot\system32\drivers\msrpc.sys
0x00B3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys
0x00F82000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\volsnap.sys
0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
0x011D4000 \SystemRoot\System32\Drivers\mup.sys
0x00FAE000 \SystemRoot\System32\drivers\ecache.sys
0x011E6000 \SystemRoot\system32\drivers\disk.sys
0x00DC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x00FDA000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00B94000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00B9D000 \SystemRoot\system32\DRIVERS\processr.sys
0x00BB0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x06200000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x06404000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0625F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06FB7000 \SystemRoot\System32\drivers\watchdog.sys
0x0700A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x070F7000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x07128000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x07144000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0714F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x07195000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x071A6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x071B8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x071C8000 \SystemRoot\system32\DRIVERS\serial.sys
0x071E5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x06FC7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x06342000 \SystemRoot\system32\DRIVERS\storport.sys
0x071F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0639F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x063C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x063CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00BB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00BC9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00BE7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x009EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x07209000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x07217000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x07223000 \SystemRoot\system32\DRIVERS\gcdbus.sys
0x07256000 \SystemRoot\system32\DRIVERS\swenum.sys
0x07258000 \SystemRoot\system32\DRIVERS\ks.sys
0x0728C000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x072A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x072AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x072BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07303000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07317000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x07344000 \SystemRoot\system32\drivers\portcls.sys
0x0737F000 \SystemRoot\system32\drivers\drmk.sys
0x073A2000 \SystemRoot\system32\drivers\ksthunk.sys
0x0820C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0838F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x08399000 \SystemRoot\System32\Drivers\Null.SYS
0x083AD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x083B5000 \SystemRoot\System32\drivers\vga.sys
0x083C3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x083E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x083F1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x08200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x073A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x083A2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x073B9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x073D6000 \SystemRoot\system32\DRIVERS\smb.sys
0x08404000 \SystemRoot\system32\drivers\afd.sys
0x0846F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x084B3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x084BE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x084DC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x084EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x08506000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x08553000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0855F000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
0x0857B000 \SystemRoot\System32\Drivers\dfsc.sys
0x08598000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x085A2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x085C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x085E5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x085E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00FE4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x085F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0880E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x08838000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08846000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08852000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0885A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08872000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x08976000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x08981000 \SystemRoot\System32\drivers\Dxapi.sys
0x0898D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x089A0000 \SystemRoot\system32\drivers\luafv.sys
0x089C2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0A400000 \SystemRoot\system32\drivers\spsys.sys
0x0A49A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0A4AE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0A4E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0A4ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0A505000 \SystemRoot\system32\drivers\HTTP.sys
0x0A5A8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A5B3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0A5DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x089E2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0B601000 \SystemRoot\system32\drivers\mrxdav.sys
0x0B628000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0B651000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0B69A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0B6B9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0B6EB000 \SystemRoot\System32\DRIVERS\srv.sys
0x0B77E000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x0C60B000 \SystemRoot\system32\drivers\peauth.sys
0x0C6C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0C6CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0C6DC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0C6FC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0C712000 \??\C:\Windows\gdrv.sys
0x0C71B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0C737000 \??\C:\Windows\system32\drivers\mbam.sys
0x77740000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
528 csrss.exe
592 C:\Windows\System32\wininit.exe
616 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\atiesrxx.exe
1016 C:\Windows\System32\svchost.exe
256 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\svchost.exe
636 C:\Windows\System32\audiodg.exe
512 C:\Windows\System32\svchost.exe
664 C:\Windows\System32\SLsvc.exe
828 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\wlanext.exe
1408 C:\Windows\System32\spoolsv.exe
1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1504 C:\Windows\System32\atieclxx.exe
1520 C:\Windows\System32\svchost.exe
1916 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1960 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1976 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1104 C:\Windows\System32\taskeng.exe
1532 C:\Windows\System32\taskeng.exe
2084 C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2132 C:\Windows\System32\dwm.exe
2172 C:\Windows\explorer.exe
2224 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
2244 C:\Windows\SysWOW64\svchost.exe
2396 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2524 C:\Windows\System32\svchost.exe
2572 C:\Windows\System32\svchost.exe
2604 C:\Windows\System32\svchost.exe
2628 C:\Program Files (x86)\Rosewill\Common\RaRegistry.exe
2668 C:\Program Files (x86)\Rosewill\Common\RaRegistry64.exe
2740 C:\Windows\System32\svchost.exe
2772 C:\Windows\System32\svchost.exe
2800 C:\Windows\System32\SearchIndexer.exe
2904 WUDFHost.exe
2128 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
1648 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2448 C:\Program Files\Windows Sidebar\sidebar.exe
1600 C:\Program Files (x86)\Steam\Steam.exe
2000 C:\Windows\ehome\ehtray.exe
2564 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2644 C:\Program Files (x86)\Rosewill\Common\RaUI.exe
1896 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
2004 C:\Windows\ehome\ehmsas.exe
1092 C:\Users\Administrator\AppData\Local\Apps\2.0\ZJWCJJEY.PG9\PO0H0W0Q.02W\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
3648 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3664 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3680 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3720 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3744 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3956 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1548 WmiPrvSE.exe
4072 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
3404 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
3556 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
3592 C:\Windows\System32\svchost.exe
3540 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
4312 C:\Program Files\Windows Media Player\wmpnetwk.exe
4764 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4820 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3452 C:\Windows\System32\mobsync.exe
1576 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5044 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3884 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
4500 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
5112 C:\Windows\System32\taskmgr.exe
812 C:\Users\Administrator\Documents\CKS\CKS.exe
6028 C:\Windows\System32\svchost.exe
5372 C:\Users\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x000007fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 07/26/2012 18:54:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 88a12da6fb76f98356514eb92981f076
[BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 17c1fed4de9b210808445638d47f8e43
[BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976766976 | Size: 1 Mo

+++++ PhysicalDrive1: USB2.0 CardReader CF USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: USB2.0 CardReader SM XD USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: USB2.0 CardReader MS USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: USB2.0 CardReader SD USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date: 07/26/2012 18:55:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 88a12da6fb76f98356514eb92981f076
[BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 17c1fed4de9b210808445638d47f8e43
[BSP] e6b31e66710df68fe5894e0c84d47a84 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976766976 | Size: 1 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/26/2012 19:00:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 47 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 4 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 830 / Fail 0
Backup: [FOUND] Success 17 / Fail 172

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\IsoCdRom0 -- 0x5 --> Skipped
[K:] \Device\CdRom2 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4P
Logical Drives Mask: 0x000007fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
When I pressed F8 to enter advanced boot options, a "Repair your computer" option was not amongst those listed. When I booted with my Windows Vista dvd with the F8 advanced boot options, it also did not have that option. When I booted normally into the dvd, it automatically went to windows installation, but got stuck on when it prompted me for a drive. It said my primary drive was not an available option (possibly due to the faked MBR?). In short, I was not able to complete that step.

Did you want me to boot with the flash drive?

Should I attempt another MBRCheck fix immediately prior to trying this step?
 
You must log in or register to reply here.

Similar threads

A
Stealthy malware that opens a backdoor into Windows web servers discovered
Replies
5
Views
646
Impudicus
I
Cal Jeffrey
Valve insiders say a new Counter-Strike game is coming
Replies
18
Views
853
toooooot
T
N
Millions of Android phones come with pre-installed malware, and there's no easy fix
Replies
19
Views
1K
BobHome
B

Latest posts

Back