4. aswMBR report
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-25 21:36:32
21:36:32.964 OS Version: Windows 6.1.7600
21:36:32.964 Number of processors: 2 586 0x603
21:36:32.966 ComputerName: CLINXR UserName: Paolo
21:36:34.371 Initialize success
00:20:14.289 AVAST engine error: 2
00:20:27.104 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
00:20:27.106 Disk 0 Vendor: ST3160215A 3.AAD Size: 152627MB BusType: 3
00:20:27.194 Disk 0 MBR read successfully
00:20:27.196 Disk 0 MBR scan
00:20:27.199 Disk 0 Windows 7 default MBR code
00:20:27.201 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 53432 MB offset 63
00:20:27.204 Disk 0 Partition - 00 05 Extended 80191 MB offset 148344210
00:20:27.220 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80190 MB offset 148344273
00:20:27.244 Disk 0 scanning sectors +312576705
00:20:27.386 Disk 0 scanning C:\Windows\system32\drivers
00:20:35.284 Service scanning
00:21:18.690 Modules scanning
00:21:36.567 Disk 0 trace - called modules:
00:21:36.582 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:21:36.586 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x871842a8]
00:21:36.591 3 CLASSPNP.SYS[8c6fc59e] → nt!IofCallDriver → [0x86a55880]
00:21:36.595 5 ACPI.sys[8c5a43b2] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0x86181610]
00:21:36.599 Scan finished successfully
00:22:19.454 Disk 0 MBR has been saved successfully to “C:\Users\Paolo\Documents\Avast\MBR.dat”
00:22:19.460 The log file has been saved successfully to “C:\Users\Paolo\Documents\Avast\aswMBR Report.txt”
5. Rogue killer “RKreport[0]_D_06262013_002649” Report
RogueKiller V8.6.1 [Jun 24 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Paolo [Admin rights]
Mode : Remove – Date : 06/26/2013 00:26:49
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKLM[…]\System : ConsentPromptBehaviorAdmin (0) → REPLACED (2)
[HJ POL] HKLM[…]\System : EnableLUA (0) → REPLACED (1)
[APPINIT][SUSP PATH] HKLM[…]\Windows : AppInit_DLLs (C:\PROGRA~2\Wincert\WIN32C~1.DLL [-]) → REPLACED ()
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
→ %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3160215A ATA Device +++++
— User —
[MBR] 790551a524bfab33e0c8c11f1e122e56
[BSP] 5af41aaa8d4597c67e76d02091550d24 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 53432 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 148344210 | Size: 80191 Mo
User = LL1 … OK!
User = LL2 … OK!
Finished : << RKreport[0]_D_06262013_002649.txt >>
RKreport[0]_S_06262013_002553.txt
6. Roguekiller “RKreport[0]_S_06262013_002553” Report:
RogueKiller V8.6.1 [Jun 24 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Paolo [Admin rights]
Mode : Scan – Date : 06/26/2013 00:25:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKLM[…]\System : ConsentPromptBehaviorAdmin (0) → FOUND
[HJ POL] HKLM[…]\System : EnableLUA (0) → FOUND
[APPINIT][SUSP PATH] HKLM[…]\Windows : AppInit_DLLs (C:\PROGRA~2\Wincert\WIN32C~1.DLL [-]) → FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
→ %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3160215A ATA Device +++++
— User —
[MBR] 790551a524bfab33e0c8c11f1e122e56
[BSP] 5af41aaa8d4597c67e76d02091550d24 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 53432 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 148344210 | Size: 80191 Mo
User = LL1 … OK!
User = LL2 … OK!
Finished : << RKreport[0]_S_06262013_002553.txt >>
7. OTL report is attached on my 2nd post
did i miss something?