Kephas
2013-04-11, 00:25
Someone please help me on how to remove these ads. They keep popping up in both left and right bottom corners. What I tried so far:
-Windows security essentials
-cleaning cookies, temporary internet files
-allbrowser plugins are up to date
-Malwerbytes
-spybot S&D
It is driving me insane! :crazy: Everytime I think I got rid of it, there it is popping up again!! Please help!
aswMBR.txt and DDS.txt attached
Here it is.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 10.17.2
Run by Petyusha at 21:56:17 on 2013-04-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3835.940 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Petyusha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {C194379D-6612-4BBF-9D1A-9B8C33F47814} - hxxp://www.aimsperform.co.uk/clem/clemsafe.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\244584572633D273634543 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\244584572633D284255393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\449616E616 : DHCPNameServer = 85.253.0.2 85.253.0.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Petyusha\AppData\Roaming\Mozilla\Firefox\Profiles\a5gs0klg.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Petyusha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Petyusha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: -
FF - user.js: security.enable_tls - false
FF - user.js: network.http.accept-encoding -
FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-2-4 328232]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-6 39464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-25 24176]
.
=============== Created Last 30 ================
.
2013-04-10 18:41:30 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C1335E4-162F-43D5-BBB6-3379CAEBECAB}\mpengine.dll
2013-04-09 14:37:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-09 14:36:57 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-09 14:36:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-04-09 14:08:07 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-09 14:06:10 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-09 14:06:10 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-04-09 14:05:37 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-09 10:16:34 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-04 22:22:27 -------- d-----w- C:\Users\Petyusha\AppData\Roaming\CANON INC
2013-03-28 12:28:32 -------- d-----w- C:\Users\Petyusha\AppData\Local\{662B1CF6-40AA-4C39-84EE-BBB516E13C5B}
2013-03-25 23:11:52 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-24 14:37:15 -------- d-----w- C:\Users\Petyusha\AppData\Local\{5297ACDA-6AFB-4041-894C-3743C15F30E2}
2013-03-23 23:25:02 -------- d-----w- C:\Users\Petyusha\AppData\Local\{33523513-4801-40B2-A6F3-BA0E4F487D6F}
2013-03-22 23:40:26 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16F1E90E-8574-4606-8E7A-6971D4E89672}\gapaengine.dll
2013-03-21 00:08:07 -------- d-----w- C:\Users\Petyusha\AppData\Local\{191D804A-1AA7-4D46-A776-C76263D9C48A}
2013-03-20 20:59:12 -------- d-----w- C:\Windows\System32\SPReview
2013-03-19 23:12:02 -------- d-----w- C:\Users\Petyusha\AppData\Local\{C1C90009-DCE4-401A-BD40-895AECE00CBA}
2013-03-18 16:25:26 -------- d-----w- C:\Users\Petyusha\AppData\Local\{2F53761C-F33A-4503-B678-5C3601DE3381}
2013-03-13 23:39:28 -------- d-----w- C:\Users\Petyusha\AppData\Local\CANON_INC
2013-03-13 23:25:26 -------- d-----w- C:\Users\Petyusha\AppData\Roaming\Canon_Inc_IC
2013-03-13 23:22:37 -------- d-----w- C:\Program Files (x86)\Canon
2013-03-13 23:22:35 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2013-03-13 23:21:23 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-03-13 10:25:42 -------- d-----w- C:\Users\Petyusha\AppData\Local\{D2689EEB-5947-47E5-BFDD-21B7CE34C6B8}
.
==================== Find3M ====================
.
2013-04-09 14:07:50 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-09 14:02:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-09 14:02:47 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 21:59:20.99 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-10 22:01:44
-----------------------------
22:01:44.848 OS Version: Windows x64 6.1.7600
22:01:44.848 Number of processors: 2 586 0x603
22:01:44.849 ComputerName: PETYUSHA-PC UserName: Petyusha
22:01:52.319 Initialize success
22:02:04.508 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:02:04.511 Disk 0 Vendor: TOSHIBA_MK3256GSY LH013C Size: 305245MB BusType: 11
22:02:04.555 Disk 0 MBR read successfully
22:02:04.558 Disk 0 MBR scan
22:02:04.561 Disk 0 unknown MBR code
22:02:04.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:02:04.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 283593 MB offset 409600
22:02:04.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21348 MB offset 581208064
22:02:04.628 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
22:02:04.666 Disk 0 scanning C:\Windows\system32\drivers
22:02:11.253 Service scanning
22:02:33.709 Modules scanning
22:02:33.721 Disk 0 trace - called modules:
22:02:33.758 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80036a02c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:02:34.102 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046ae790]
22:02:34.108 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80046ad550]
22:02:34.115 5 hpdskflt.sys[fffff88001699289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800463d060]
22:02:34.122 \Driver\atapi[0xfffffa80040a2760] -> IRP_MJ_CREATE -> 0xfffffa80036a02c0
22:02:34.133 Scan finished successfully
22:14:20.264 Disk 0 MBR has been saved successfully to "C:\Users\Petyusha\Forum\MBR.dat"
22:14:20.269 The log file has been saved successfully to "C:\Users\Petyusha\Forum\aswMBR.txt"
-Windows security essentials
-cleaning cookies, temporary internet files
-allbrowser plugins are up to date
-Malwerbytes
-spybot S&D
It is driving me insane! :crazy: Everytime I think I got rid of it, there it is popping up again!! Please help!
aswMBR.txt and DDS.txt attached
Here it is.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 10.17.2
Run by Petyusha at 21:56:17 on 2013-04-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3835.940 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Petyusha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Petyusha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {C194379D-6612-4BBF-9D1A-9B8C33F47814} - hxxp://www.aimsperform.co.uk/clem/clemsafe.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\244584572633D273634543 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\244584572633D284255393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{59C85F96-FF9C-4C63-970F-8B74160607A4}\449616E616 : DHCPNameServer = 85.253.0.2 85.253.0.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Petyusha\AppData\Roaming\Mozilla\Firefox\Profiles\a5gs0klg.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Petyusha\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Petyusha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: -
FF - user.js: security.enable_tls - false
FF - user.js: network.http.accept-encoding -
FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-2-4 328232]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-6 39464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-25 24176]
.
=============== Created Last 30 ================
.
2013-04-10 18:41:30 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C1335E4-162F-43D5-BBB6-3379CAEBECAB}\mpengine.dll
2013-04-09 14:37:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-09 14:36:57 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-04-09 14:36:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-04-09 14:23:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-04-09 14:08:07 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-09 14:06:10 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-09 14:06:10 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-04-09 14:05:37 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-09 10:16:34 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-04 22:22:27 -------- d-----w- C:\Users\Petyusha\AppData\Roaming\CANON INC
2013-03-28 12:28:32 -------- d-----w- C:\Users\Petyusha\AppData\Local\{662B1CF6-40AA-4C39-84EE-BBB516E13C5B}
2013-03-25 23:11:52 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-24 14:37:15 -------- d-----w- C:\Users\Petyusha\AppData\Local\{5297ACDA-6AFB-4041-894C-3743C15F30E2}
2013-03-23 23:25:02 -------- d-----w- C:\Users\Petyusha\AppData\Local\{33523513-4801-40B2-A6F3-BA0E4F487D6F}
2013-03-22 23:40:26 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16F1E90E-8574-4606-8E7A-6971D4E89672}\gapaengine.dll
2013-03-21 00:08:07 -------- d-----w- C:\Users\Petyusha\AppData\Local\{191D804A-1AA7-4D46-A776-C76263D9C48A}
2013-03-20 20:59:12 -------- d-----w- C:\Windows\System32\SPReview
2013-03-19 23:12:02 -------- d-----w- C:\Users\Petyusha\AppData\Local\{C1C90009-DCE4-401A-BD40-895AECE00CBA}
2013-03-18 16:25:26 -------- d-----w- C:\Users\Petyusha\AppData\Local\{2F53761C-F33A-4503-B678-5C3601DE3381}
2013-03-13 23:39:28 -------- d-----w- C:\Users\Petyusha\AppData\Local\CANON_INC
2013-03-13 23:25:26 -------- d-----w- C:\Users\Petyusha\AppData\Roaming\Canon_Inc_IC
2013-03-13 23:22:37 -------- d-----w- C:\Program Files (x86)\Canon
2013-03-13 23:22:35 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2013-03-13 23:21:23 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-03-13 10:25:42 -------- d-----w- C:\Users\Petyusha\AppData\Local\{D2689EEB-5947-47E5-BFDD-21B7CE34C6B8}
.
==================== Find3M ====================
.
2013-04-09 14:07:50 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-09 14:02:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-09 14:02:47 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 21:59:20.99 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-10 22:01:44
-----------------------------
22:01:44.848 OS Version: Windows x64 6.1.7600
22:01:44.848 Number of processors: 2 586 0x603
22:01:44.849 ComputerName: PETYUSHA-PC UserName: Petyusha
22:01:52.319 Initialize success
22:02:04.508 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:02:04.511 Disk 0 Vendor: TOSHIBA_MK3256GSY LH013C Size: 305245MB BusType: 11
22:02:04.555 Disk 0 MBR read successfully
22:02:04.558 Disk 0 MBR scan
22:02:04.561 Disk 0 unknown MBR code
22:02:04.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:02:04.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 283593 MB offset 409600
22:02:04.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21348 MB offset 581208064
22:02:04.628 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
22:02:04.666 Disk 0 scanning C:\Windows\system32\drivers
22:02:11.253 Service scanning
22:02:33.709 Modules scanning
22:02:33.721 Disk 0 trace - called modules:
22:02:33.758 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80036a02c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:02:34.102 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046ae790]
22:02:34.108 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80046ad550]
22:02:34.115 5 hpdskflt.sys[fffff88001699289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800463d060]
22:02:34.122 \Driver\atapi[0xfffffa80040a2760] -> IRP_MJ_CREATE -> 0xfffffa80036a02c0
22:02:34.133 Scan finished successfully
22:14:20.264 Disk 0 MBR has been saved successfully to "C:\Users\Petyusha\Forum\MBR.dat"
22:14:20.269 The log file has been saved successfully to "C:\Users\Petyusha\Forum\aswMBR.txt"