An "NTLDR is missing" error message

Darol Wester · Jan 3, 2014

While I was running system restore, the NTLRD message appeared in the upper left corner of a black screen. I couldn't do anything on the pc, including calling Nick. I left his # in the email account.

I took the pc to someone who was recommended for the job and from what I can recall, he said there were so many problems that he removed the drive, saving my photos and a few documents, but wasn't able to rescue the rest. He reinstalled what he saved back to the drive after starting clean and then reinstalled Windows XP Operating system, Service Pack 2 with the CD. He did try several other approaches before he got down to what he did.

I lost my Incredimail email program and all that was in it. That was the sheets!! The unit is up and running, but had to do a lot of updating and reinstall a ton of programs that vanished. What I'll miss the most is all the great tricks I've gathered over the years from Nick.

When I try Windows update, it just runs and keeps looking, but never stops. He said that he couldn't get it to do any more updates?????? I know.....why haven't you backed your system up??? Can't fix stupid I guess.

I'll hand the mic to Nick now and go stand in the corner.

Nick · Jan 3, 2014

Follow the Instructions In the Sticky in the tech forum Darol.

Missing NTLRD can be caused by a lot of things .
That's what i don't like about guys that just do a backup and reinstall Windows . We will get it fixed for you .

Nick · Jan 3, 2014

Try this Darol . Let me know if it fixes the issue for you .

http://support.microsoft.com/kb/971058

Darol Wester · Jan 3, 2014

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wester :: HOMESYSTEM [administrator]

Protection: Disabled

1/3/2014 4:44:01 PM
mbam-log-2014-01-03 (16-44-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205904
Time elapsed: 17 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3...=SPF8380E91-6CDB-40B1-8FE9-4BDF88FE065C&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Documents and Settings\Wester\My Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\CT3319613 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Application Data\VisualBeeExe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\VisualBee (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.

Files Detected: 23
C:\Documents and Settings\Wester\My Documents\Downloads\InstallConverter_brff(1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\My Documents\Downloads\InstallConverter_brff.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\My Documents\Downloads\Setup(1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\My Documents\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\My Documents\Downloads\SoftonicDownloader_for_mwsnap.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\GetCC.dll (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\vbmz2.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\sp-downloader.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\nsa108.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\nsf113.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\nsiC6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\nsn110.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\nsy105.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\My Documents\iLividSetup-r495-n-bi.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temporary Internet Files\Content.IE5\5ZK9J0B8\vbmz2[1].exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temporary Internet Files\Content.IE5\MLXPFBYG\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temporary Internet Files\Content.IE5\TWIRDXRZ\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temporary Internet Files\Content.IE5\VBSI8CJT\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\VisualBeeSilent.exe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\My Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wester\Local Settings\Temp\CT3319613\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\VisualBee\VisualBeeDB.exe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\VisualBee\VisualBeeSoftware.exe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.

(end)GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-01-03 16:42:34
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04 74.51GB
Running: shck0ju3.exe; Driver: C:\DOCUME~1\Wester\LOCALS~1\Temp\kxloipow.sys

---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA8877AD0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA88785AE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xA88BC7D0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xA88845E0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA888462C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA88847C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xA88BC184]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xA888454E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xA8884670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA8884596]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xA8878AE4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xA8884780]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA887939C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA8877B36]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xA88BCE96]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA88BD14C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA887CB32]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA88BCD01]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA88BCB6C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xA887771E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA8AED466]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA8877B9C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA887CF28]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA8879E2C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xA888460A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA888464E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA88847EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xA88BC4E0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xA8884574]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xA887C42C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xA88846FE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA88845BE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xA887C814]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xA88847A4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA8AED20A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xA88BC9E7]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xA8879CF8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA88BC839]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA887984E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xA8AFB1EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xA88BB7CA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA8877C02]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA8877C68]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xA8879216]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA88777B8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA887798E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xA88BCF9D]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA887791C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA8879566]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xA88796C8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA8877A16]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA8879054]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xA88791F6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xA8877CCE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA887860A]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D15 805045FD 7 Bytes [45, 88, A8, 2C, 46, 88, A8] {INC EBP; MOV [EAX-0x5777b9d4], CH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2E5C 80504744 4 Bytes [EA, 47, 88, A8]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F88 80504870 4 Bytes [EA, B1, AF, A8]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [02, 7C, 87, A8, 68, 7C, 87, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [66, 95, 87, A8, C8, 96, 87, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A887A4FD \??\C:\WINDOWS\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\svchost.exe[132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[132] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1868] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\DOCUME~1\Wester\LOCALS~1\Temp\dlm1A6.tmp\shck0ju3.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\DOCUME~1\Wester\LOCALS~1\Temp\dlm1A6.tmp\shck0ju3.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2100] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2156] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2228] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2300] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2496] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2540] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2948] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3356] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[3768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\ImApp.exe[3768] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\MWSnap\MWSnap.exe[8120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\MWSnap\MWSnap.exe[8120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[9528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[9528] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[12024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[12024] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[12132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[12132] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys

---- EOF - GMER 2.1 ----

Nick · Jan 3, 2014

Try Post 3 first Darol.

Darol Wester · Jan 3, 2014

I saved MBR to desktop but they won't allow me to open it now. I'll try again later. This is what happening. "Windows cannot open this file" window.
http://www.open-my-files.com/files.php?t=DAT&ad=file_DAT&campaign=file3

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2013 3:40:11 PM
System Uptime: 1/3/2014 5:33:14 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | | 1596/mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 46.774 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02381028&REV_02\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02381028&REV_02\3&2411E6FE&0&FB
Service:
.
==== System Restore Points ===================
.
RP1: 12/31/2013 3:58:05 PM - System Checkpoint
RP2: 12/31/2013 4:07:48 PM - Installed Intel(R) PRO Network Connections
RP3: 12/31/2013 4:08:42 PM - Installed Realtek High Definition Audio Driver
RP4: 12/31/2013 4:08:50 PM - Installed Windows XP KB888111WXPSP2.
RP5: 12/31/2013 4:35:09 PM - Installed Windows XP Service Pack 3.
RP6: 12/31/2013 4:48:32 PM - Installed Java 7 Update 45
RP7: 12/31/2013 4:51:05 PM - Installed %1 %2.
RP8: 12/31/2013 4:51:09 PM - Printer Driver Microsoft XPS Document Writer Installed
RP9: 12/31/2013 4:55:28 PM - Installed Windows Internet Explorer 8.
RP10: 12/31/2013 5:03:11 PM - Installed Windows XP Service Pack 3.
RP11: 12/31/2013 5:09:08 PM - Installed %1 %2.
RP12: 12/31/2013 5:11:14 PM - Installed Windows XP WgaNotify.
RP13: 12/31/2013 5:22:13 PM - Installed Microsoft Office Professional Plus 2007
RP14: 12/31/2013 5:26:57 PM - avast! antivirus system restore point
RP15: 1/1/2014 1:48:29 PM - Installed "ViewNX 2"
RP16: 1/1/2014 2:11:59 PM - Installed Windows Media Format 9 Series Runtime Setup
RP17: 1/1/2014 2:25:48 PM - Installed HP Photo and Imaging 2.0 - All-in-One
RP18: 1/1/2014 2:26:45 PM - Installed HP Photo and Imaging 2.0 - All-in-One Drivers
RP19: 1/1/2014 2:30:39 PM - Installed hp psc 2170 series
RP20: 1/1/2014 2:31:57 PM - Software Distribution Service 3.0
RP21: 1/1/2014 5:31:33 PM - Software Distribution Service 3.0
RP22: 1/1/2014 7:54:20 PM - Software Distribution Service 3.0
RP23: 1/1/2014 8:07:19 PM - Printer Driver Microsoft XPS Document Writer Installed
RP24: 1/2/2014 3:00:16 AM - Software Distribution Service 3.0
RP25: 1/2/2014 7:06:16 AM - Removed IncrediMail.
RP26: 1/2/2014 7:21:14 AM - Installed Microsoft Office Enterprise 2007
RP27: 1/2/2014 7:27:30 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP28: 1/2/2014 7:37:40 AM - Installed Microsoft Office Visio Professional 2007
RP29: 1/2/2014 8:10:13 AM - Installed IncrediMail.
RP30: 1/2/2014 9:08:12 AM - Software Distribution Service 3.0
RP31: 1/3/2014 9:55:02 AM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
avast! Free Antivirus
Free Download Manager 3.8
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
IncrediMail
IncrediMail 2.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Java 7 Update 45
Java Auto Updater
Logitech QuickCam
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft NetShow Tools 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MWSnap 3
Nikon Message Center 2
Nikon Movie Editor
OLYMPUS Master 2
OLYMPUS muvee theaterPack
Photo Notifier and Animation Creator
Picture Control Utility
QuickTime
RealPlayer G2
Realtek High Definition Audio Driver
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 6.11
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
ViewNX 2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/3/2014 5:38:39 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa2d6.
1/3/2014 4:07:34 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/3/2014 4:02:33 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/1/2014 8:03:01 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Wester at 18:15:06 on 2014-01-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1055 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: RealGuide: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [SA] c:\program files\logitech\quickcam\SA3.EXE
mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{089E5930-75DB-40F4-A38E-BDA4BDE2B74E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer = 208.19.107.240,216.163.120.19
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wester\application data\mozilla\firefox\profiles\5sycexvd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sisqtel.net/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-31 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-31 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-12-31 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-12-31 410528]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-31 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-31 50344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-1 701512]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-1 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-01-03 23:40:37 -------- d-----w- c:\documents and settings\wester\application data\Free Download Manager
2014-01-03 23:40:31 -------- d-----w- c:\program files\Free Download Manager
2014-01-02 16:10:17 -------- d-----w- c:\program files\IncrediMail
2014-01-02 15:27:31 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-01-02 15:27:31 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-01-02 04:10:48 -------- d-----w- c:\documents and settings\wester\local settings\application data\PCHealth
2014-01-02 03:58:51 -------- d-----w- c:\program files\MWSnap
2014-01-02 03:55:27 -------- d-----w- C:\2e97f7cff0396059f78143c1cf99ea
2014-01-02 01:44:51 -------- d-----w- c:\windows\system32\MRT
2014-01-02 01:38:54 -------- d-----w- c:\windows\ie8updates
2014-01-02 01:11:09 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2014-01-02 01:11:01 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-01-02 01:10:34 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-01-02 01:10:28 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2014-01-02 01:10:28 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2014-01-02 01:10:25 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2014-01-02 01:09:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-01-02 01:09:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-01-02 01:09:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-01-02 01:09:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-01-02 01:09:20 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-01-02 01:09:18 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-01-02 01:09:18 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2014-01-02 01:09:17 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-01-02 01:06:34 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2014-01-02 01:06:25 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2014-01-02 01:06:16 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2014-01-02 01:05:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2014-01-02 01:05:15 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2014-01-02 01:05:01 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2014-01-02 01:04:52 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2014-01-02 01:03:57 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2014-01-02 01:03:43 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2014-01-02 01:03:35 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2014-01-02 01:02:46 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2014-01-02 01:02:45 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2014-01-02 01:02:45 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2014-01-02 01:02:45 110592 -c----w- c:\windows\system32\dllcache\services.exe
2014-01-02 01:02:44 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2014-01-02 01:02:44 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2014-01-02 01:02:43 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2014-01-02 00:57:23 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2014-01-02 00:56:12 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2014-01-02 00:56:09 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2014-01-02 00:55:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-01-02 00:55:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2014-01-02 00:55:55 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-01-02 00:55:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-01-02 00:54:24 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2014-01-02 00:54:23 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2014-01-02 00:54:23 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2014-01-02 00:54:22 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2014-01-02 00:54:22 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2014-01-02 00:54:10 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2014-01-02 00:54:08 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2014-01-02 00:54:08 3072 ------w- c:\windows\system32\iacenc.dll
2014-01-02 00:50:14 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2014-01-01 23:16:26 -------- d-----w- c:\documents and settings\wester\local settings\application data\OLYMPUS
2014-01-01 22:57:43 -------- d-----w- c:\documents and settings\wester\application data\Malwarebytes
2014-01-01 22:57:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-01-01 22:57:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-01 22:57:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-01 22:48:05 -------- d-----r- c:\program files\Skype
2014-01-01 22:32:35 -------- d-----w- c:\windows\system32\PreInstall
2014-01-01 22:30:23 35840 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2014-01-01 22:28:19 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2014-01-01 22:28:19 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2014-01-01 22:28:19 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2014-01-01 22:28:19 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2014-01-01 22:28:19 233528 ----a-r- c:\windows\system32\HPZidr12.dll
2014-01-01 22:28:19 167936 ----a-r- c:\windows\system32\HPZipr12.dll
2014-01-01 22:28:19 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2014-01-01 22:28:10 51024 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2014-01-01 22:27:43 21456 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2014-01-01 22:27:35 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2014-01-01 22:27:35 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-01-01 22:26:52 -------- d-----w- c:\program files\common files\Hewlett-Packard
2014-01-01 22:22:39 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2014-01-01 22:22:39 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2014-01-01 22:17:48 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2014-01-01 22:17:47 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2014-01-01 22:14:12 -------- d-----w- c:\program files\common files\muvee Technologies
2014-01-01 22:13:34 95744 ----a-r- c:\windows\system32\atl80.dll
2014-01-01 22:13:34 626688 ----a-r- c:\windows\system32\msvcr80.dll
2014-01-01 22:13:33 548864 ----a-r- c:\windows\system32\msvcp80.dll
2014-01-01 22:13:33 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-01-01 22:12:52 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-01-01 22:11:39 -------- d-----w- c:\program files\OLYMPUS
2014-01-01 22:11:06 -------- d-----w- c:\program files\MSXML 4.0
2014-01-01 22:04:01 24576 ----a-w- c:\windows\system32\prefscpl.cpl
2014-01-01 22:04:00 -------- d-----w- c:\program files\common files\Real
2014-01-01 22:02:59 88464 ----a-r- c:\windows\system32\DECVW_32.DLL
2014-01-01 22:01:18 306688 ----a-w- c:\windows\IsUninst.exe
2014-01-01 21:52:29 -------- d-----w- c:\documents and settings\wester\local settings\application data\Nikon
2014-01-01 21:49:58 57344 ----a-r- c:\documents and settings\wester\application data\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2014-01-01 21:48:55 -------- d-----w- c:\program files\common files\Nikon
2014-01-01 21:48:53 -------- d-----w- c:\program files\Nikon
2014-01-01 21:48:51 106496 ----a-w- c:\windows\system32\ATL71.DLL
2014-01-01 21:48:34 -------- d-----w- c:\documents and settings\wester\local settings\application data\Downloaded Installations
2014-01-01 21:47:57 -------- d-----w- c:\program files\MSXML 6.0
2014-01-01 20:52:58 -------- d-----w- c:\program files\Photo Notifier and Animation Creator
2014-01-01 20:52:58 -------- d-----w- c:\documents and settings\all users\application data\Photo Notifier and Animation Creator
2014-01-01 20:52:18 -------- d-----w- c:\documents and settings\wester\local settings\application data\IM
2014-01-01 20:51:59 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail
2014-01-01 20:51:59 -------- d-----w- c:\documents and settings\all users\application data\IM
2014-01-01 19:58:39 60160 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2014-01-01 19:58:39 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2014-01-01 19:58:32 -------- d-----w- c:\windows\system32\SoftwareDistribution
2014-01-01 19:58:26 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2014-01-01 19:58:24 61952 ----a-w- c:\windows\system32\kstvtune.ax
2014-01-01 19:58:23 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2014-01-01 19:58:23 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2014-01-01 19:58:22 43008 ----a-w- c:\windows\system32\ksxbar.ax
2014-01-01 19:58:22 20992 ----a-w- c:\windows\system32\dshowext.ax
2014-01-01 01:41:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-01 01:41:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-01 01:39:07 -------- d-----w- c:\documents and settings\wester\local settings\application data\Adobe
2014-01-01 01:32:24 -------- d-----w- c:\documents and settings\wester\application data\AVAST Software
2014-01-01 01:28:14 -------- d-----w- c:\documents and settings\wester\local settings\application data\Google
2014-01-01 01:27:40 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-01 01:27:39 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-01 01:27:37 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-01 01:27:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-01 01:27:26 43152 ----a-w- c:\windows\avastSS.scr
2014-01-01 01:26:57 -------- d-----w- c:\program files\AVAST Software
2014-01-01 01:26:29 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2014-01-01 01:23:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-01-01 01:23:11 -------- d-----w- c:\windows\SHELLNEW
2014-01-01 01:22:47 -------- d-----w- c:\documents and settings\wester\local settings\application data\Microsoft Help
2014-01-01 01:09:54 -------- d-----w- c:\documents and settings\wester\application data\ElevatedDiagnostics
2014-01-01 01:07:10 -------- d-sh--w- c:\documents and settings\wester\IECompatCache
2014-01-01 01:07:00 -------- d-sh--w- c:\documents and settings\wester\PrivacIE
2014-01-01 01:06:36 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-01-01 01:03:57 81920 ------w- c:\windows\system32\ieencode.dll
2014-01-01 01:03:48 -------- d-----w- c:\documents and settings\wester\local settings\application data\Sun
2014-01-01 01:03:04 19569 ----a-w- c:\windows\000001_.tmp
2014-01-01 00:58:24 -------- d-sh--w- c:\documents and settings\wester\IETldCache
2014-01-01 00:54:40 -------- dc-h--w- c:\windows\ie8
2014-01-01 00:51:25 -------- d-----w- c:\windows\system32\XPSViewer
2014-01-01 00:51:11 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-01-01 00:51:05 14048 ------w- c:\windows\system32\spmsg2.dll
2014-01-01 00:48:57 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-01 00:48:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-01 00:38:59 73832 ------w- c:\windows\system32\slcoinst.dll
2014-01-01 00:37:49 -------- d-----w- c:\windows\ServicePackFiles
2014-01-01 00:37:39 294912 ------w- c:\program files\windows media player\dlimport.exe
2014-01-01 00:37:35 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2014-01-01 00:35:07 19569 ----a-w- c:\windows\002606_.tmp
2014-01-01 00:35:03 -------- d-----w- c:\windows\system32\ReinstallBackups
2014-01-01 00:33:28 -------- d-----w- c:\windows\EHome
2014-01-01 00:18:33 -------- d-sh--w- c:\documents and settings\wester\UserData
2014-01-01 00:10:20 172032 ----a-w- c:\windows\system32\igfxres.dll
2014-01-01 00:08:48 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2014-01-01 00:07:24 66424 ----a-w- c:\windows\system32\NicEtCoE.dll
2014-01-01 00:07:24 62840 ----a-w- c:\windows\system32\NicInstE.dll
2014-01-01 00:07:24 28536 ----a-w- c:\windows\system32\NicCo.dll
2014-01-01 00:07:24 254872 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2014-01-01 00:07:24 179048 ----a-w- c:\windows\system32\e1000msg.dll
2014-01-01 00:07:24 154496 ----a-w- c:\windows\system32\Prounstl.exe
2014-01-01 00:07:03 -------- d-----w- C:\Drivers
.
==================== Find3M ====================
.
2014-01-01 22:03:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2014-01-01 22:03:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2014-01-01 00:08:39 315392 ----a-w- c:\windows\HideWin.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 18:16:20.82 ===============

Nick · Jan 3, 2014

I see them Darol , Do post 3 for now to see if we can get the updates .

Darol Wester · Jan 3, 2014

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-03 17:43:24
-----------------------------
17:43:24.718 OS Version: Windows 5.1.2600 Service Pack 3
17:43:24.718 Number of processors: 2 586 0xF02
17:43:24.718 ComputerName: HOMESYSTEM UserName: Wester
17:43:26.265 Initialize success
17:43:29.984 AVAST engine defs: 14010300
17:43:31.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:43:31.406 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
17:43:31.593 Disk 0 MBR read successfully
17:43:31.593 Disk 0 MBR scan
17:43:31.609 Disk 0 Windows XP default MBR code
17:43:31.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
17:43:31.625 Disk 0 scanning sectors +156232125
17:43:31.796 Disk 0 scanning C:\WINDOWS\system32\drivers
17:43:50.296 Service scanning
17:44:19.046 Modules scanning
17:44:33.906 Disk 0 trace - called modules:
17:44:33.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
17:44:33.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc9ab8]
17:44:33.937 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x89df9f18]
17:44:33.937 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89dd4d98]
17:44:34.984 AVAST engine scan C:\WINDOWS
17:44:56.234 AVAST engine scan C:\WINDOWS\system32
17:49:59.187 AVAST engine scan C:\WINDOWS\system32\drivers
17:50:24.250 AVAST engine scan C:\Documents and Settings\Wester
18:03:17.234 AVAST engine scan C:\Documents and Settings\All Users
18:04:25.375 Scan finished successfully
18:13:48.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wester\Desktop\MBR.dat"
18:13:48.593 The log file has been saved successfully to "C:\Documents and Settings\Wester\Desktop\aswMBR.txt"

Darol Wester · Jan 4, 2014

Sorry. I missed post three Nick. Here's the results.

Nick · Jan 4, 2014

Try this Darol. http://support.microsoft.com/kb/968003

You may also needed this:

http://windowsxp.mvps.org/admins.htm . Let me know how you make out .

Darol Wester · Jan 4, 2014

I went into safe mode, then admin and ran malwarebites. It found 10 more which I deleted and saved to desktop. After restart, they weren't there. They were all the same, "restore something for volume"???

Nick · Jan 4, 2014

Are you able to get the updates ? Any reason you are booting into safe mode . Nothing is going to be saved in safe mode .

http://support.microsoft.com/ph/1173

http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5

Darol Wester · Jan 5, 2014

I am getting updates, including the service pack 3. The only ones they wouldn't install were these below. There was 26 of them and they all pertained to Microsoft Office 7. Maybe I should reinstall it?

This thing is running really slow. It takes about 60 seconds to load my home page. Seems to get worse by the day.
As far as safe mode, I was reading the wrong instructions.

But.....I am able to get updates again, and that's great!

Nick · Jan 5, 2014

Install Office again . Delete it first using Revo uninstaller .

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Don't use control panel > add and remove ,It will leave a ton of files still in the registry. Check advance in Revo . Find Office > check delete at top of page .

Delete everything that is in bold . I think it goes through 3 processes . Been awhile since i used it .

Will go through your logs and post new software for you to run .
Nick .

Floorist · Jan 5, 2014

Or you can always use a hammer.

Darol Wester · Jan 5, 2014

Nick said:
Install Office again . Delete it first using Revo uninstaller .

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Don't use control panel > add and remove ,It will leave a ton of files still in the registry. Check advance in Revo . Find Office > check delete at top of page .

Delete everything that is in bold . I think it goes through 3 processes . Been awhile since i used it .

Will go through your logs and post new software for you to run .
Nick .

Will do Nick.

Floorist said:
Or you can always use a hammer.

I've got one that will do it with one swing.

Don't think I haven't thought of it.

Nick · Jan 5, 2014

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....

Download Malwarebytes Anti-Rootkit (MBAR) from HERE http://www.majorgeeks.com/files/details/malwarebytes_anti_rootkit.html

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.
--------------------------------------------------------------------------------

Darol Wester · Jan 5, 2014

Here ya go Nick.

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Wester [Admin rights]
Mode : Scan -- Date : 01/05/2014 17:00:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : DXM6Patch_981116 (C:\WINDOWS\p_981116.exe /Q:A [-]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] At1.job : C:\DOCUME~1\Wester\APPLIC~1\UPDATE~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800JD-75MSA3 +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01052014_170018.txt >>

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Wester [Admin rights]
Mode : Scan -- Date : 01/05/2014 17:02:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800JD-75MSA3 +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01052014_170225.txt >>
RKreport[0]_D_01052014_170041.txt;RKreport[0]_S_01052014_170018.txt

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Wester [Admin rights]
Mode : Scan -- Date : 01/05/2014 17:02:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{66B3372E-40CF-40AE-B82A-987D1CB49717} : NameServer (208.19.107.240,216.163.120.19 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800JD-75MSA3 +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01052014_170225.txt >>
RKreport[0]_D_01052014_170041.txt;RKreport[0]_S_01052014_170018.txt

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Wester [Admin rights]
Mode : Remove -- Date : 01/05/2014 17:02:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800JD-75MSA3 +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01052014_170239.txt >>
RKreport[0]_D_01052014_170041.txt;RKreport[0]_S_01052014_170018.txt;RKreport[0]_S_01052014_170225.txt

Darol Wester · Jan 5, 2014

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2136055808, free: 1336573952

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2136055808, free: 1219567616

Downloaded database version: v2014.01.06.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
01/05/2014 17:12:34
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff89b01ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xffffffff89c1c6b0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89df5ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff89d8b940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89df5ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89df9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89df5ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89e170a8, DeviceName: \Device\00000062\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89d8b940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156232062
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89b01ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89d24d70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89b01ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89c1c6b0, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

Darol Wester · Jan 5, 2014

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/05/2014 07:10:06 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/05/2014 07:11:25 PM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)

An "NTLDR is missing" error message

Help Support Flooring Forum:

Professional

In Remembrance

In Remembrance

Professional

In Remembrance

Professional

In Remembrance

Professional

Professional

In Remembrance

Professional

In Remembrance

Professional

In Remembrance

Administrator

Professional

In Remembrance

Professional

Professional

Professional

Similar threads

Join the conversation!

Join today and get all the highlights of this community direct to your inbox. It's FREE!