PDA

View Full Version : MBR with PhysicalDrive0



vinholanda
2013-07-10, 11:53
Hi tashi!
I'm having the same problem that My3Angelz. I did a quick rootkit scan too and SD detected MBR: PhysicalDrive0. I've tried to fix this by myself only reading the posts. But I'm not a specialist and I didn't do a backup of my files, so, I'm afraid to do something wrong. Please could you assist me? Thanks a lot!
These are my S&D logs of rootkit scan:

Rootkit Quick Scan log:

RootAlyzer Quick Scan Results

Files in Windows folder
----------------------------------------
114 files were tested.
No hidden files detected.
========================================

Files in System folder
----------------------------------------
2424 files were tested.
No hidden files detected.
========================================

Global run entries
----------------------------------------

No hidden entries detected.
========================================

Winlogon entries
----------------------------------------

No hidden entries detected.
========================================

Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 120 processes.
No hidden processes detected.
========================================

Invisible processes (from threads)
----------------------------------------
120 processes tested.
No hidden processes detected.
========================================

Master Boot Records
----------------------------------------
1 MBRs checked.
Unkown MBRs: PhysicalDrive0
PhysicalDrive0
========================================

..............................................................................................................





The Root Alyzer log:



// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","D:\Backups\Imagens\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Imagens\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Backups\Documentos\Minhas imagens\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"No admin in ACL","C:\Windows\SysWOW64\58D2E81569.sys"
File:"No admin in ACL","C:\Windows\SysWOW64\KGyGaAvL.sys"
File:"No admin in ACL","C:\Windows\System32\58D2E81569.sys"
File:"No admin in ACL","C:\Windows\System32\KGyGaAvL.sys"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Xurras e otras\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04597.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04674.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04675.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04689.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04706.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Cam Leilane\MOV04707.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\Acampamento\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05754.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05893.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05901.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\31-3-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008(1)\MOV06370.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008(1)\MOV06372.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV05892.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV05902.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06090.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06223.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06307.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06309.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06314.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06315.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\21-10-2008\MOV06316.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06522.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06523.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06526.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06537.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06538.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06544.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06545.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06546.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Pictures\15-02-2009\MOV06586.MPG:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Vinícius\Favorites\Downloads\SkypeSetupFull.exe:ZONE.IDENTIFIER:$DATA"
File:"No admin in ACL","C:\Users\Todos os Usuários\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\Todos os Usuários\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\Users\Todos os Usuários\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
File:"No admin in ACL","C:\Users\All Users\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\All Users\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\LG Software\LG Smart Share\subtitles"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\4c92873192871f18.dat:c5272721-b041-4f0e-9e56-f5041ed6a83a:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\8884366784365840.dat:17d90527-9dc9-4b5b-8812-404eac8d5010:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\8884366784365840.dat:7d939d40-d366-4046-9020-d11e1b36db63:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\acd88ad0d88a986a.dat:1e6db47c-5599-4448-8647-8a352de6e507:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6648c82e-a3ee-402f-bc68-3066551bae17:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:6daf8e38-71e0-474c-b988-462a61232874:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\ea0c9fac0c9f71f5.dat:f51f0a77-20a7-4c33-99f8-592f8ef56277:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"





I've ran aswMBR and it found a unknown mbr code! Here's the log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 03:41:43
-----------------------------
03:41:43.600 OS Version: Windows x64 6.1.7601 Service Pack 1
03:41:43.600 Number of processors: 4 586 0x3A09
03:41:43.601 ComputerName: VINÍCIUS-PC UserName: Vinícius
03:41:43.744 Initialze error 1
03:41:56.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:41:56.182 Disk 0 Vendor: TOSHIBA_ AX00 Size: 476940MB BusType: 3
03:41:56.217 Disk 0 MBR read successfully
03:41:56.220 Disk 0 MBR scan
03:41:56.224 Disk 0 unknown MBR code
03:41:56.238 Disk 0 Partition 1 00 EE GPT 476940 MB offset 1
03:41:56.243 Disk 0 scanning C:\Windows\system32\drivers
03:41:56.247 Service scanning
03:41:56.811 Modules scanning
03:41:56.816 Disk 0 trace - called modules:
03:41:56.822 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:41:56.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b3790]
03:41:56.833 3 CLASSPNP.SYS[fffff88001cec43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065b2050]
03:41:56.838 Scan finished successfully
03:54:57.524 Disk 0 MBR has been saved successfully to "C:\Users\Vinícius\Desktop\MBR.dat"
03:54:57.531 The log file has been saved successfully to "C:\Users\Vinícius\Desktop\aswMBR.txt"

vinholanda
2013-07-10, 12:24
My trouble is that the start up is very slow, taking about two minutes to get into windows, and more time to load desktop. AVG and Avira didn't found anything, just Microsoft Security Essentials found Adware:Win32/OpenCandy that now is fixed, but the S&D keeps finding MBR: PhysicalDrive0

Thanks

tashi
2013-07-10, 21:37
Hello vinholanda,


but the S&D keeps finding MBR: PhysicalDrive0


Hello the "unknown" MBR above is not necessarily malicious. In fact it is most likely not malicious. An unknown MBR just means that RootAlyzer does not know this pattern, this can have various reasons, for instance usage of a bootloader.
In general all items found by the RootAlyzer are not necessarily malicious. The RootAlyzer shows items which it believes to be out of the ordinary and may give a hint for an infection.
The RootAlyzer is an analyst tool, it is not a scan and fix tool like the System or File Scan.

From: http://forums.spybot.info/showthread.php?68807-MBR-PhysicalDrive0&p=442397&viewfull=1#post442397 :)


My trouble is that the start up is very slow, taking about two minutes to get into windows, and more time to load desktop. AVG and Avira didn't found anything, just Microsoft Security Essentials found Adware:Win32/OpenCandy that now is fixed,

You mention three anti virus programs, do you have all three installed on the computer?

Best regards.

vinholanda
2013-07-11, 07:07
Hi tashi!

No more now.. just AVG and Microsoft Security Essentials.

tashi
2013-07-11, 07:42
Hi vinholanda,


No more now.. just AVG and Microsoft Security Essentials.

Usually anti virus software will either warn a user when they try to install a second AV or prevent the installation.

Rule of thumb is one anti virus program resident to avoid conflicts, loss of program efficiency and system lock up due to both software products attempting to access the same file at the same time.

Having more than one resident can cause system performance problems and a serious system slowdown.


My trouble is that the start up is very slow, taking about two minutes to get into windows, and more time to load desktop.
;)

Hope that helps.

vinholanda
2013-07-11, 08:18
Hi vinholanda,


Usually anti virus software will either warn a user when they try to install a second AV or prevent the installation.

Rule of thumb is one anti virus program resident to avoid conflicts, loss of program efficiency and system lock up due to both software products attempting to access the same file at the same time.

Having more than one resident can cause system performance problems and a serious system slowdown.

;)

Hope that helps.

Hi atashi,

that's not may case, cause I've just installed Microsoft Security Essentials after my troubles! I usually use just AVG, and suddenly my laptop began to take a long time to starting up, and after this, the desktop freezes for a while and just then my icons appears. My laptop is new, with Windowns 7 Home Premium, and anyone of many antivírus that I've used have fixed this problem that didn't exists one day before! Please help me with this!

tashi
2013-07-11, 09:14
Hello vinholanda,


that's not may case, cause I've just installed Microsoft Security Essentials after my troubles! I usually use just AVG, and suddenly my laptop began to take a long time to starting up, and after this, the desktop freezes for a while and just then my icons appears. My laptop is new, with Windowns 7 Home Premium, and anyone of many antivírus that I've used have fixed this problem that didn't exists one day before!

My trouble is that the start up is very slow, taking about two minutes to get into windows, and more time to load desktop. AVG and Avira didn't found anything, just Microsoft Security Essentials




No more now.. just AVG and Microsoft Security Essentials.
How many anti virus programs are installed? :)

Best regards.

vinholanda
2013-07-11, 09:30
Hello vinholanda,



that's not may case, cause I've just installed Microsoft Security Essentials after my troubles! I usually use just AVG, and suddenly my laptop began to take a long time to starting up, and after this, the desktop freezes for a while and just then my icons appears. My laptop is new, with Windowns 7 Home Premium, and anyone of many antivírus that I've used have fixed this problem that didn't exists one day before!

My trouble is that the start up is very slow, taking about two minutes to get into windows, and more time to load desktop. AVG and Avira didn't found anything, just Microsoft Security Essentials




No more now.. just AVG and Microsoft Security Essentials.


How many anti virus programs are installed? :)

Best regards.

Only AVG!

vinholanda
2013-07-13, 09:13
Only AVG!

Please tashi, help me to fix this problem? :(

It's getting worse, and an eternity to start my laptop.. I don't know what to do..

Thank you

tashi
2013-07-13, 16:11
Hello vinholanda,

For someone to take a look at the system please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise when available.

First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288

Also provide a link to this topic.

Best regards.