Jump to content

JBF

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by JBF

  1. JBF
    I'm good for the close out, Never had any this problem before. It Was my fault,...( I did change all my passwords too) Stay in touch if you have time Mate; Thanks again Kevin PS: My other Cajun Style Meatloaf recipe vids taste better, They don't use a mix from a fan. (from scratch is always better) I get lots of items from them to try, Some are good! Some aint, This one was, simply OK... JB
  2. JBF
    Downloaded & ran MRST in Full scan mode, It found Nothing! If MB did remove the infection(s), they or it (virus) corrupted the OP system before MB was ran. It happened quickly, within an hour. This happened before me asking for help on this thread. Tomorrow I'm gonna clear & reset the bios. Yes I know how, unplug power, remove the battery, & move the MB bios jumper, then reverse the procedure. After that I'm gonna low level the drive, & do a clean OP sys. install. I want to thank you for all you help also. In my next YT Video I'll give you & this site a Thanks Shout Out! Kevin, If you ever come across The Big Pond, Send a PM to my YT channel. We'll down a few liters of aleI & I'll do the cooking. JB
  3. JBF
    Understood & Thanks Kevin. Only If you have time check out my YouTube channel. It has over 5 million views. www.youtube.com/user/007bondjb This video is my favorite. I had more fun making this one than any other... Hahahaha, Enjoy & thanks again
  4. JBF
    I left this out, I will not be back to my office untill Monday morning. I've down loaded MSRT & renamed it as you recommened to This PC's (my home PC) desktop. I'll burn a CD & try to run it on my infected office PC Monday. morning
  5. JBF
    Sorry, My Office Desktop PC (NOT this laptop) is the infected machine & is running XP Pro. I tricked the infected PC into sending an email to my ISP with the log files posted above. I used remote logon to copy/ paste& post these logs It will boot in Both modes. But locks up in each & will not get online anymore. I can burn files from this or any other PC to a CD/DVD or Flash drive, install, & run them. This is what I've been doing. Understand about the video adapter, I have two monitors connected to it. Sorry about delayed responces I type very slow
  6. JBF
    Let me add, last time it booted up from a fake looking safe mode (with huge icons) I used Super Anti Spywares Safe boot, It booted to the Real Window safe mode. The screen resolution was back to normal, it didn't ask for sign in as admin or user, the HD did not stop seeking. I could hear it running like it was doing a defrag, The drive LED was going crazy. (The net cable was unplugged too) I rebooted again in safe with networking (cat5 pluged in) It will not get back online. I shut it down. Important Question, Is the data safe on my secondary HD? Or is it infected too? This is my office PC & yes its old, but untill it got infected it did what I needed. BTW My son's new PC got the same virus, it came from a disc that was used on both PC's. His PC is running Win 7, Mine is running XP Pro. MB found the virus on his PC & removed it. Here's how it happened: I got a letter in the postal mail from our local Better Business Bureau (The BBB) asking for a company profile update. About a week later I got an Email from the BBB asking for the same thing. It had a form attached as a Zip file. I stupidly opened it. This is how my PC got infected. MB listed the file name after finding it on my sons PC before it was removed, I wrote it down but cant find it on my PC. Outlook is set to remove deleted mail when closed on my PC, I should have known something was wrong when the Email BBB form that I filled out was returned as a mail failure Thanks for all your help Kevin. I'm thing Low level the drive? Whats your thoughts?
  7. JBF
    I installed Defender on a flash drive & booted the PC from it, did not see any files being loaded but did see a windows splash screen. After about 5 mins I get this text: Your PC needs to restart. Please hold down the power button. Error code: 0x0000005d Parameters: 0x03060a00 0x68747541 0x69746E65 0x444D4163 I restarted it 3 times, the same happend on each reboot It Never did run a "Quick Scan" or give me any other options? Guess my bios is too old? I just noticed when the PC starts normally a blank CMD box pops up after the Windows splash screen & the monitor goes blank. I never tried Windows Malicious software removel tool. Would that do anything?
  8. JBF
    Mbar never completed its update/gave me the success: database successfully updated, log files: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.01.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 6.0.2900.5512 JB :: JB-05AA7CF32685 [administrator] 7/13/2013 7:20:51 AM mbar-log-2013-07-13 (07-20-51).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 219753 Time elapsed: 14 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) System log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 6.0.2900.5512 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.464000 GHz Memory total: 1073201152, free: 646168576 Connection refused Initializing... Done! Scanning drivers directory: E:\WINDOWS\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6A7C6A7C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 78140097 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 40020664320 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)... Done! Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6D806D80 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 156280257 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80026361856 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 6.0.2900.5512 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.464000 GHz Memory total: 1073201152, free: 681156608 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 6.0.2900.5512 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.464000 GHz Memory total: 1073201152, free: 854634496 Connection refused Connection refused Initializing... ------------ Kernel report ------------ 07/13/2013 07:20:31 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys SI3112r.sys \WINDOWS\system32\DRIVERS\SCSIPORT.SYS disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys SiWinAcc.sys KSecDD.sys Ntfs.sys NDIS.sys nv_agp.sys Mup.sys avgrkx86.sys avglogx.sys avgmfx86.sys avgidshx.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\NVENET.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\avgtdix.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\vsdatant.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Udfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\system32\DRIVERS\srv.sys \??\E:\WINDOWS\system32\drivers\mbamchameleon.sys \??\E:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff86f26ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-f\ Lower Device Object: 0xffffffff86f00d98 Lower Device Driver Name: \Driver\atapi\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86effab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff86f00940 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86effab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86f28b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86effab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86f67910, DeviceName: \Device\00000068\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff86f00940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: E: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: E: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: E:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: E: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "e:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\jedih2rx.bin" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\jedih2rx.bin" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\jedireg.pat" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\jedireg.pat" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mbamcatchme.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mbamcatchme.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ramsed.bin" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ramsed.bin" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\avgntflt.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\avgntflt.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "e:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1) Read File: File "E:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6A7C6A7C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 78140097 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 40020664320 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff86f26ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86f3eb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86f26ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86f68f18, DeviceName: \Device\00000069\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff86f00d98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-f\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6D806D80 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 156280257 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80026361856 bytes Sector size: 512 bytes Done! Read File: File "e:\Documents and Settings\JB\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "e:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam... Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished I'm going to use the thumb drive to boot, & send that log next
  9. JBF
    Should I install/run Mbar in safe mode? (The system seems to be in its death bed in normal start up), keeps freezing up & It gets pissed off when the internet cable is unplugged. The PC is at my office, I'll return in the moring & follow your instructions exactly as posted... Thanks Kevin
  10. JBF
    I ran raebar in safe mode: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2013 02 Ran by JB (administrator) on 12-07-2013 07:51:16 Running from E:\Documents and Settings\JB\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 6 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) =================== (Check Point Software Technologies LTD) E:\WINDOWS\system32\ZoneLabs\vsmon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NeroFilterCheck] - "E:\WINDOWS\system32\NeroCheck.exe" [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x] HKLM\...\Run: [ZoneAlarm Client] - "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [1043968 2011-02-18] (Check Point Software Technologies LTD) HKLM\...\Run: [AVG_UI] - "E:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [A0] - cmd /c "E:\Documents and Settings\JB\Desktop\mbar\mbar.exe" /r /s [769096 2013-07-11] (Malwarebytes Corporation) HKLM\...\RunOnce: [1] - E:\Documents and Settings\JB\Desktop\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p [218184 2012-08-15] () Winlogon\Notify\!SASWinLogon: E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X] BootExecute: autocheck autochk * E:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm StartMenuInternet: IEXPLORE.EXE - "%programfiles%\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope value is missing. BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - E:\Program Files\Failsafe\GuardIE\PnIE.dll (Failsafe Technologies) Toolbar: HKLM - Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - E:\Program Files\Failsafe\GuardIE\PnIE.dll (Failsafe Technologies) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373554598812 Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com) FireFox: ======== FF ProfilePath: E:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\nwoulpdb.default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer - E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @real.com/nppl3260;version=6.0.11.1879 - E:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.1939 - E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.872 - E:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - E:\Documents and Settings\JB\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Ghostery - E:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\nwoulpdb.default\Extensions\firefox@ghostery.com FF Extension: Default - E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Default - E:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; E:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) S2 avgwd; E:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) S3 getPlusHelper; E:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-11-06] (NOS Microsystems Ltd.) S2 MBAMScheduler; E:\Program Files\Malwarebytes' Anti-Malware1\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; E:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 vsmon; E:\WINDOWS\system32\ZoneLabs\vsmon.exe [2435592 2011-02-18] (Check Point Software Technologies LTD) S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] ==================== Drivers (Whitelisted) ==================== S2 Aspi32; E:\Windows\System32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec) S1 AVGIDSDriver; E:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; E:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 AVGIDSShim; E:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) S1 Avgldx86; E:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avglogx; E:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; E:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; E:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; E:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 Dot4Scan; E:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation) S3 HPZid412; E:\Windows\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (HP) S3 HPZipr12; E:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (HP) S3 HPZius12; E:\Windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (HP) R3 mbamchameleon; E:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-07-11] () S3 MBAMProtector; E:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 nvax; E:\Windows\System32\drivers\nvax.sys [13056 2002-12-04] (NVIDIA Corporation) R3 NVENET; E:\Windows\System32\DRIVERS\NVENET.sys [80896 2002-09-22] (NVIDIA Corporation) S3 nvnforce; E:\Windows\System32\drivers\nvapu.sys [241664 2002-12-04] (NVIDIA Corporation) R0 nv_agp; E:\Windows\System32\DRIVERS\nv_agp.sys [13568 2002-09-05] (NVIDIA Corporation) S1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [8944 2008-12-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SASENUM; E:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2008-12-04] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2008-12-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 SI3112r; E:\Windows\System32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc) R0 SiFilter; E:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-02-01] (Silicon Image, Inc.) R1 vsdatant; E:\Windows\System32\vsdatant.sys [532224 2010-05-13] (Check Point Software Technologies LTD) S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x] S4 IntelIde; No ImagePath S3 NTACCESS; \??\D:\NTACCESS.sys [x] S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-12 07:50 - 2013-07-12 07:50 - 00000000 ____D E:\FRST 2013-07-12 07:49 - 2013-07-11 22:10 - 01218524 ____A (Farbar) E:\Documents and Settings\JB\Desktop\FRST.exe 2013-07-11 09:56 - 2013-07-11 09:57 - 00000000 ____D E:\WINDOWS\LastGood 2013-07-11 09:07 - 2013-07-11 09:21 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-11 09:05 - 2013-07-11 09:21 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbar 2013-07-11 08:35 - 2013-07-11 11:28 - 00002409 ____A E:\Documents and Settings\JB\Desktop\avgrep.txt 2013-07-11 07:20 - 2013-07-10 10:05 - 01816704 ____A (Bleeping Computer, LLC) E:\Documents and Settings\JB\Desktop\rkill.com 2013-07-11 07:04 - 2013-07-11 07:04 - 00035144 ____A E:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-07-10 10:43 - 2013-07-10 10:43 - 00000791 ____A E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-10 10:42 - 2013-07-10 10:43 - 00000000 ____D E:\Program Files\Malwarebytes' Anti-Malware1 2013-07-10 10:26 - 2013-07-11 07:21 - 00002874 ____A E:\Documents and Settings\JB\Desktop\Rkill.txt 2013-07-10 07:41 - 2013-07-10 07:41 - 00000000 ____D E:\Documents and Settings\JB\Application Data\AVG2013 2013-07-10 07:34 - 2013-07-10 07:34 - 00000702 ____A E:\Documents and Settings\All Users\Desktop\AVG 2013.lnk 2013-07-10 07:34 - 2013-07-10 07:34 - 00000000 ____D E:\Documents and Settings\JB\Application Data\TuneUp Software 2013-07-10 07:33 - 2013-07-10 07:35 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AVG2013 2013-07-10 07:09 - 2013-07-10 07:08 - 00098304 ____A E:\WINDOWS\Minidump\Mini071013-01.dmp 2013-07-10 07:04 - 2013-07-10 07:33 - 00000000 ___HD E:\$AVG 2013-07-10 06:59 - 2013-07-11 08:36 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\Avg2013 2013-07-10 06:59 - 2013-07-10 08:36 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\MFAData 2013-07-10 06:59 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\MFAData 2013-07-09 11:24 - 2013-07-09 11:24 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbam-chameleon-1.62.1.1000 2013-07-09 11:22 - 2013-07-10 07:19 - 00000000 __SHD E:\WINDOWS\CSC 2013-07-09 11:11 - 2013-07-09 11:11 - 00000738 ____A E:\Documents and Settings\JB\Start Menu\Programs\Outlook Express.lnk 2013-07-09 11:08 - 2013-07-09 11:08 - 00005041 ____A E:\Documents and Settings\JB\My Documents\contacts.csv 2013-07-08 08:33 - 2013-07-10 07:03 - 00000000 ____D E:\Program Files\Mozilla Firefox 2013-06-28 09:44 - 2013-06-28 09:44 - 00000242 ____A E:\Documents and Settings\JB\Desktop\BBQ rub & cheese.txt 2013-06-12 07:18 - 2013-06-12 09:52 - 00000000 ____D E:\Documents and Settings\JB\My Documents\ct110 parts ==================== One Month Modified Files and Folders ======= 2013-07-12 07:50 - 2013-07-12 07:50 - 00000000 ____D E:\FRST 2013-07-11 22:10 - 2013-07-12 07:49 - 01218524 ____A (Farbar) E:\Documents and Settings\JB\Desktop\FRST.exe 2013-07-11 11:28 - 2013-07-11 08:35 - 00002409 ____A E:\Documents and Settings\JB\Desktop\avgrep.txt 2013-07-11 09:58 - 2009-07-17 08:12 - 01620060 ____A E:\WINDOWS\WindowsUpdate.log 2013-07-11 09:57 - 2013-07-11 09:56 - 00000000 ____D E:\WINDOWS\LastGood 2013-07-11 09:57 - 2009-07-17 03:01 - 00686832 ____A E:\WINDOWS\setupapi.log 2013-07-11 09:57 - 2009-07-17 02:54 - 00000000 ____D E:\WINDOWS\Help 2013-07-11 09:52 - 2009-07-22 06:55 - 00000116 ____A E:\WINDOWS\NeroDigital.ini 2013-07-11 09:24 - 2009-07-17 09:50 - 00000000 ____D E:\Documents and Settings\JB\Application Data\MailWasher 2013-07-11 09:21 - 2013-07-11 09:07 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-11 09:21 - 2013-07-11 09:05 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbar 2013-07-11 08:36 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\Avg2013 2013-07-11 07:21 - 2013-07-10 10:26 - 00002874 ____A E:\Documents and Settings\JB\Desktop\Rkill.txt 2013-07-11 07:04 - 2013-07-11 07:04 - 00035144 ____A E:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-07-11 07:02 - 2009-07-17 08:19 - 00000062 __ASH E:\Documents and Settings\JB\Local Settings\desktop.ini 2013-07-11 07:01 - 2009-07-17 08:17 - 00000062 __ASH E:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-07-11 06:56 - 2009-07-17 08:17 - 00000006 ___AH E:\WINDOWS\Tasks\SA.DAT 2013-07-11 06:54 - 2009-07-17 08:19 - 00000178 ___SH E:\Documents and Settings\JB\ntuser.ini 2013-07-10 10:43 - 2013-07-10 10:43 - 00000791 ____A E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-10 10:43 - 2013-07-10 10:42 - 00000000 ____D E:\Program Files\Malwarebytes' Anti-Malware1 2013-07-10 10:41 - 2009-07-17 03:04 - 00000157 ____A E:\WINDOWS\wiadebug.log 2013-07-10 10:41 - 2009-07-17 03:04 - 00000049 ____A E:\WINDOWS\wiaservc.log 2013-07-10 10:30 - 2009-07-17 08:17 - 00032472 ____A E:\WINDOWS\SchedLgU.Txt 2013-07-10 10:05 - 2013-07-11 07:20 - 01816704 ____A (Bleeping Computer, LLC) E:\Documents and Settings\JB\Desktop\rkill.com 2013-07-10 09:51 - 2012-11-09 07:32 - 00000830 ____A E:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-07-10 09:32 - 2010-11-16 12:15 - 00000000 ____D E:\Program Files\Malwarebytes' Anti-Malware 2013-07-10 09:32 - 2009-12-02 09:01 - 00014848 _ASHC E:\WINDOWS\Thumbs.db 2013-07-10 08:36 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\MFAData 2013-07-10 08:10 - 2012-05-16 09:36 - 00000000 ____D E:\Documents and Settings\JB\Desktop\new recipes office 2013-07-10 07:41 - 2013-07-10 07:41 - 00000000 ____D E:\Documents and Settings\JB\Application Data\AVG2013 2013-07-10 07:35 - 2013-07-10 07:33 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AVG2013 2013-07-10 07:34 - 2013-07-10 07:34 - 00000702 ____A E:\Documents and Settings\All Users\Desktop\AVG 2013.lnk 2013-07-10 07:34 - 2013-07-10 07:34 - 00000000 ____D E:\Documents and Settings\JB\Application Data\TuneUp Software 2013-07-10 07:33 - 2013-07-10 07:04 - 00000000 ___HD E:\$AVG 2013-07-10 07:19 - 2013-07-09 11:22 - 00000000 __SHD E:\WINDOWS\CSC 2013-07-10 07:09 - 2010-10-06 09:27 - 00000000 ____D E:\WINDOWS\Minidump 2013-07-10 07:08 - 2013-07-10 07:09 - 00098304 ____A E:\WINDOWS\Minidump\Mini071013-01.dmp 2013-07-10 07:04 - 2009-12-04 07:52 - 00000000 ____D E:\Documents and Settings\Administrator 2013-07-10 07:03 - 2013-07-08 08:33 - 00000000 ____D E:\Program Files\Mozilla Firefox 2013-07-10 07:03 - 2009-12-03 09:53 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\avg8 2013-07-10 07:02 - 2009-12-03 09:53 - 00000000 ____D E:\Program Files\AVG 2013-07-10 06:59 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\MFAData 2013-07-09 11:24 - 2013-07-09 11:24 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbam-chameleon-1.62.1.1000 2013-07-09 11:18 - 2009-07-17 08:10 - 00000000 ____D E:\WINDOWS\system32\Restore 2013-07-09 11:12 - 2009-07-17 03:02 - 00203341 ___AC E:\WINDOWS\iis6.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00108376 ___AC E:\WINDOWS\FaxSetup.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00082097 ___AC E:\WINDOWS\ocgen.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00061147 ___AC E:\WINDOWS\tsoc.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00048638 ___AC E:\WINDOWS\comsetup.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00029936 ___AC E:\WINDOWS\ntdtcsetup.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00009857 ___AC E:\WINDOWS\MedCtrOC.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00006705 ___AC E:\WINDOWS\ocmsn.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00006269 ___AC E:\WINDOWS\msgsocm.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00005804 ___AC E:\WINDOWS\tabletoc.log 2013-07-09 11:12 - 2009-07-17 03:02 - 00004507 ____A E:\WINDOWS\imsins.log 2013-07-09 11:11 - 2013-07-09 11:11 - 00000738 ____A E:\Documents and Settings\JB\Start Menu\Programs\Outlook Express.lnk 2013-07-09 11:11 - 2009-07-17 08:18 - 00000234 __ASH E:\Documents and Settings\JB\Start Menu\Programs\desktop.ini 2013-07-09 11:11 - 2009-07-17 03:02 - 00355086 ___AC E:\WINDOWS\system32\PerfStringBackup.INI 2013-07-09 11:11 - 2009-07-17 03:02 - 00050752 ___AC E:\WINDOWS\msmqinst.log 2013-07-09 11:11 - 2009-07-17 03:02 - 00020291 ___AC E:\WINDOWS\netfxocm.log 2013-07-09 11:10 - 2009-07-17 03:02 - 00004507 ____A E:\WINDOWS\imsins.BAK 2013-07-09 11:10 - 2009-07-17 02:54 - 00000000 ____D E:\WINDOWS\system32\inetsrv 2013-07-09 11:08 - 2013-07-09 11:08 - 00005041 ____A E:\Documents and Settings\JB\My Documents\contacts.csv 2013-07-09 09:55 - 2007-07-27 07:00 - 00000565 ____A E:\WINDOWS\win.ini 2013-07-09 09:55 - 2007-07-27 07:00 - 00000435 ____A E:\WINDOWS\system.ini 2013-07-08 08:58 - 2009-07-17 11:44 - 00000000 ____D E:\Program Files\Common Files\Adobe 2013-07-08 08:57 - 2012-04-25 11:03 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Adobe 2013-07-08 08:57 - 2009-07-17 11:44 - 00000000 ____D E:\Program Files\Adobe 2013-07-08 08:33 - 2012-05-31 08:17 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service 2013-07-08 07:04 - 2007-07-27 07:00 - 00013646 ____A E:\WINDOWS\system32\wpa.dbl 2013-07-02 06:42 - 2009-07-17 09:51 - 00000492 ____A E:\Documents and Settings\JB\Desktop\mail.txt 2013-06-28 09:44 - 2013-06-28 09:44 - 00000242 ____A E:\Documents and Settings\JB\Desktop\BBQ rub & cheese.txt 2013-06-28 09:27 - 2009-07-17 08:18 - 00000000 ____D E:\Documents and Settings\JB 2013-06-12 09:52 - 2013-06-12 07:18 - 00000000 ____D E:\Documents and Settings\JB\My Documents\ct110 parts 2013-06-12 07:05 - 2012-06-07 06:36 - 00692104 ____A (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe 2013-06-12 07:05 - 2011-05-16 07:02 - 00071048 ____A (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= E:\Windows\explorer.exe => MD5 is legit E:\Windows\System32\winlogon.exe => MD5 is legit E:\Windows\System32\svchost.exe => MD5 is legit E:\Windows\System32\services.exe [2007-07-27 07:00] - [2008-04-14 06:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185 E:\Windows\System32\User32.dll => MD5 is legit E:\Windows\System32\userinit.exe => MD5 is legit E:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2013 02 Ran by JB at 2013-07-12 07:52:08 Running from E:\Documents and Settings\JB\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== 4x4 Evo2 Ad-aware 6 Personal (Version: 6.0) Adobe Acrobat 5.0 (Version: 5.0) Adobe Download Manager (Version: 1.6.2.49) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader XI (11.0.03) (Version: 11.0.03) AiO_Scan_CDA (Version: 51.0.230.000) Audacity 2.0.3 (Version: 2.0.3) AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3349) AVG 2013 (Version: 2013.0.3349) CDCheck Digimax Master (Version: 1.0.35) File-Saver Guard-IE V3.3 HijackThis 2.0.2 (Version: 2.0.2) HP PSC & OfficeJet 6.1.A HP USB Disk Storage Format Tool InterVideo WinDVD MailWasher Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Office Word Viewer 2003 (Version: 11.0.6506.0) Microsoft PowerPoint Viewer 97 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0) Nero Suite NVIDIA Windows 2000/XP nForce Drivers OpenOffice.org 3.2 (Version: 3.2.9483) Prism Video Converter QFolder (Version: 1.00.0000) QuickTime Alternative 1.76 (Version: 1.76) RealPlayer Scan (Version: 6.0.0.0) Sound Effects Generator 2.2 Spybot - Search & Destroy (Version: 1.6.2) SUPERAntiSpyware Free Edition (Version: 4.23.0.1006) USB DATA INPUT MESSAGE SYSTEM ¢ñ (V1.1) WebFldrs XP (Version: 9.50.7523) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Windows XP Service Pack 3 (Version: 20080414.031525) Your Uninstaller! 7 (Version: 7.4.2012.5) ZoneAlarm (Version: 9.2.105.000) ==================== Restore Points ========================= 09-07-2013 16:18:40 System Checkpoint 10-07-2013 12:02:34 Installed AVG 2013 10-07-2013 12:03:58 Removed AVG Free 8.5 10-07-2013 12:18:42 Installed AVG 2013 10-07-2013 12:32:57 Installed AVG 2013 ==================== Hosts content: ========================== 2007-07-27 07:00 - 2009-12-04 11:06 - 00000734 ____A E:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2013 07:18:41 AM) (Source: MsiInstaller) (User: JB-05AA7CF32685) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (07/10/2013 07:16:05 AM) (Source: Application Error) (User: ) Description: Fault bucket 223121472. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (07/10/2013 07:16:04 AM) (Source: Application Error) (User: ) Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Processing media-specific event for [drwtsn32.exe!ws!] Error: (07/10/2013 07:15:24 AM) (Source: Application Error) (User: ) Description: Faulting application superantispyware.exe, version 4.23.0.1006, faulting module superantispyware.exe, version 4.23.0.1006, fault address 0x0007a9f2. Processing media-specific event for [superantispyware.exe!ws!] Error: (07/10/2013 07:12:17 AM) (Source: MsiInstaller) (User: JB-05AA7CF32685) Description: The installation of E:\Documents and Settings\All Users\Application Data\MFAData\pack\AVGx86.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error: (07/08/2013 08:52:09 AM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/08/2013 08:52:09 AM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/29/2013 07:22:18 AM) (Source: Application Error) (User: ) Description: Faulting application digimaxmaster.exe, version 1.0.35.0, faulting module mfc71.dll, version 7.10.3077.0, fault address 0x00094e90. Processing media-specific event for [digimaxmaster.exe!ws!] Error: (03/12/2013 06:54:59 AM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/12/2013 06:54:59 AM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System errors: ============= Error: (07/11/2013 10:17:56 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 10:01:00 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:56:37 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (07/11/2013 09:55:22 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:55:13 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:52:47 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:38:40 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:27:34 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:26:37 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/11/2013 09:26:24 AM) (Source: DCOM) (User: JB-05AA7CF32685) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Microsoft Office Sessions: ========================= Error: (07/10/2013 07:18:41 AM) (Source: MsiInstaller)(User: JB-05AA7CF32685) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL) Error: (07/10/2013 07:16:05 AM) (Source: Application Error)(User: ) Description: 223121472 Error: (07/10/2013 07:16:04 AM) (Source: Application Error)(User: ) Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d Error: (07/10/2013 07:15:24 AM) (Source: Application Error)(User: ) Description: superantispyware.exe4.23.0.1006superantispyware.exe4.23.0.10060007a9f2 Error: (07/10/2013 07:12:17 AM) (Source: MsiInstaller)(User: JB-05AA7CF32685) Description: E:\Documents and Settings\All Users\Application Data\MFAData\pack\AVGx86.msi(NULL)(NULL)(NULL) Error: (07/08/2013 08:52:09 AM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/08/2013 08:52:09 AM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/29/2013 07:22:18 AM) (Source: Application Error)(User: ) Description: digimaxmaster.exe1.0.35.0mfc71.dll7.10.3077.000094e90 Error: (03/12/2013 06:54:59 AM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (03/12/2013 06:54:59 AM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 1023.48 MB Available physical RAM: 601.52 MB Total Pagefile: 2463.43 MB Available Pagefile: 2342.53 MB Total Virtual: 2047.88 MB Available Virtual: 1963.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:26.75 GB) NTFS Drive e: () (Fixed) (Total:37.26 GB) (Free:18.76 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 6A7C6A7C) Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 6D806D80) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. JBF
    Malwarebites (MB) found it but since was already installed It wont update. I ran Rkill in safe mode then Chameleon, it failed to update MB. It did find 3 PUM Disabled Security Center Virus files & killed em all in Safe Mode, but its still not letting update Windows, AVG or MB. I get some fake looking error messages. It also removed Zone Alarm. I'm getting this error code: "(0,0, Connection Refused)" when trying to update MB I think the virus is still active. It blocks me from going to MB's & AVG's forums. So I been going there from another PC to study. I never set an Admin password on that PC when XP was installed, but now it asks for one in safe mode. So I have to enter safe mode under my name, "JB" Thats the Only thing I told it when XP was set up. No JB don't work for the admin PW I ran Hijackthis But didn't see no funny stuff (I guess) Not really sure. I left AVG doing another full scan & unplugged the network cable from the PC... I have a backup of all my work stuff including email addys on a 2nd drive, It may also be infected. Thats the only reason I haven't low leveled the main drive. Help if you can,
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.