[jutkasuzana]

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-26 13:59:15
-----------------------------
13:59:15.951 OS Version: Windows x64 6.1.7601 Service Pack 1
13:59:15.951 Number of processors: 4 586 0x2505
13:59:15.951 ComputerName: JASONS-PC UserName: Judit
13:59:18.551 Initialize success
13:59:40.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:59:40.441 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
13:59:40.451 Disk 0 MBR read successfully
13:59:40.451 Disk 0 MBR scan
13:59:40.461 Disk 0 Windows VISTA default MBR code
13:59:40.471 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:59:40.481 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596977 MB offset 3074048
13:59:40.501 Disk 0 scanning C:\windows\system32\drivers
13:59:50.051 Service scanning
14:00:33.471 Modules scanning
14:00:33.481 Disk 0 trace - called modules:
14:00:33.501 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:00:33.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c82060]
14:00:33.521 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d5050]
14:00:33.531 Scan finished successfully
14:00:55.051 Disk 0 MBR has been saved successfully to "C:\Users\Judit\Desktop\MBR.dat"
14:00:55.061 The log file has been saved successfully to "C:\Users\Judit\Desktop\aswMBR2.txt"

[Advertisements]

Thank you so much for helping me with all this! At least one of my worries is over. Unfortunately my computer is still running slow :-( , and I was hoping it’s because of that malware but apparently it is something else that causes it.

[jutkasuzana]

Thank you so much for helping me with all this! At least one of my worries is over. Unfortunately my computer is still running slow :-( , and I was hoping it’s because of that malware but apparently it is something else that causes it.

[WhiteHat]

The malicious partition was successfully deleted, so, our main problem was solved.

Let's check the rest of the computer.

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

Please post: The RKreport.txt text file located on your desktop.

[jutkasuzana]

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judit [Admin rights]
Mode : Scan -- Date : 11/27/2012 16:20:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++
--- User ---
[MBR] c114361277b1ba744b957f3fd8ebe452
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596977 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11272012_02d1620.txt >>
RKreport[1]_S_11272012_02d1620.txt

[WhiteHat]

• Run RogueKiller.exe again.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

NEXT:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[WhiteHat]

Hi,

Are you still there?

[WhiteHat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[WhiteHat]

• Run RogueKiller.exe again.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

NEXT:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[jutkasuzana]

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judit [Admin rights]
Mode : Scan -- Date : 12/05/2012 12:03:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++
--- User ---
[MBR] c114361277b1ba744b957f3fd8ebe452
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596977 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_12052012_02d1203.txt >>
RKreport[1]_S_11272012_02d1620.txt ; RKreport[2]_S_12052012_02d1203.txt

[jutkasuzana]

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judit [Admin rights]
Mode : Remove -- Date : 12/05/2012 12:04:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++
--- User ---
[MBR] c114361277b1ba744b957f3fd8ebe452
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596977 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_12052012_02d1204.txt >>
RKreport[1]_S_11272012_02d1620.txt ; RKreport[2]_S_12052012_02d1203.txt ; RKreport[3]_D_12052012_02d1204.txt

[jutkasuzana]

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judit [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/05/2012 12:05:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 275 / Fail 0
My documents: Success 7 / Fail 7
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 152 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 142 / Fail 10
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[4]_SC_12052012_02d1205.txt >>
RKreport[1]_S_11272012_02d1620.txt ; RKreport[2]_S_12052012_02d1203.txt ; RKreport[3]_D_12052012_02d1204.txt ; RKreport[4]_SC_12052012_02d1205.txt

[jutkasuzana]

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Judit :: JASONS-PC [administrator]

Protection: Enabled

12/5/2012 12:22:33 PM
mbam-log-2012-12-05 (12-22-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 447727
Time elapsed: 2 hour(s), 2 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[WhiteHat]

Hi,

How is your computer?

[jutkasuzana]

It seems like it's working faster but still freezes. When I start up it freezes all the time and I disabled a lot of start-up programs already. I don't know what's the deal. Maybe a need a new laptop Thank you for your help. I have an exam tomorrow so I don't have a lot of time right now to mess around with it but I will try to stop some programs from running and see how it works. If you have any suggestions you can let me know, but If not I understand, you helped me a lot already. Thank you again Whitehat.

[WhiteHat]

Hi,

It seems like's working faster but still freezes. When I start up it freezes all the time and I disabled a lot of start-up programs already.

Disable all programs that start with windows and enable one by one to check which one is causing the freezing problem.

To disable, go to Start > Type msconfig and select the MSConfig tool on the list.
Now, click on the startup tab.

Click on the button Disable all and restart your computer.

See if the computer still freezes. If not, the problem is caused by some program that was starting together with windows.
Open the msconfig again and enable your programs one by one to see which one is causing the problem.