Unknown MBR Code? Normal?

[johnnykid2321]

Why is my MBR Code "Unknown"? Shouldn't it say Vista? Is there a rookit...whats going on.

RogueKiller V10.10.2.0 (x64) [Aug 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com



Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Safe mode with network support
User : Parent [Administrator]
Started from : C:\Users\Parent\Documents\AV\RogueKillerX64.exe
Mode : Scan -- Date : 08/24/2015 11:51:51

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
--- User ---
[MBR] cd077db3adb3d2c6c8799ce0f1f8d622
[BSP] 001f21890a1e793c91827d583e4eebdc : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 593576 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1216053248 | Size: 16600 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK


Here's my aswMBR scan
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-24 12:51:07
-----------------------------
12:51:07.798    OS Version: Windows x64 6.1.7600
12:51:07.798    Number of processors: 4 586 0x2505
12:51:07.798    ComputerName: PARENT-HP  UserName: Parent
12:51:08.937    Initialize success
12:51:11.670    AVAST engine defs: 15082400
12:52:34.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:52:34.140    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
12:52:34.297    Disk 0 MBR read successfully
12:52:34.297    Disk 0 MBR scan
12:52:34.832    Disk 0 unknown MBR code
12:52:34.848    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
12:52:34.848    Disk 0 default boot code
12:52:35.032    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       593576 MB offset 409600
12:52:35.079    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16600 MB offset 1216053248
12:52:35.145    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 1250050048
12:52:35.473    Disk 0 scanning C:\Windows\system32\drivers
12:52:45.996    Service scanning
12:53:23.914    Modules scanning
12:53:23.915    Disk 0 trace - called modules:
12:53:23.967    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:53:23.967    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ba0060]
12:53:23.967    3 CLASSPNP.SYS[fffff88001bb043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004905050]
12:53:23.967    Disk 0 statistics 104659/0/0 @ 7.95 MB/s
12:53:23.967    Scan finished successfully
12:53:55.673    Disk 0 MBR has been saved successfully to "C:\Users\Parent\Documents\MBR.dat"
12:53:55.678    The log file has been saved successfully to "C:\Users\Parent\Documents\aswMBR.t

[Curson]

Hi johnnykid2321,

Welcome to Adlice.com Forum.
The MBR is not linked to the operating system installed but usually to the PC manufacturer.

When the MBR is unknown, RogueKiller dumps it in the %programdata%/RogueKiller/debug/ folder.
Could you please attach it with your next reply ?

Regards.

[johnnykid2321]

I couldn't upload RogueKiller.mtx do you need it as well?

Judging from my logs, there's nothing suspicious going on right?

I'm literally on OCD Paranoia right now w/ my computer

[Curson]

Hi johnnykid2321,

Your computer is not infected.
Thanks to your upload, we will be able to add this MBR to the list of legit ones.

Regards.

[johnnykid2321]

Thanks.

I also did an emisoft scan and I found these registries keys

How dangerous are any of them? could they have stolen confidential information?

Ive ran TDSS killer, avast, avira, rkiller, hitman pro, zoek.exe, aswMBR microsoft malicious software tool, adwcleaner, and junkware

could any of those programs triggered those registries keys


Emsisoft Emergency Kit v. 10.0.0.5488
(C) 2003-2015 Emsisoft - www.emsisoft.com

ID   Object
0    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 detected: Application.Win32.InstallExt (A)
1    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS detected: Application.Win32.InstallExt (A)
2    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32 detected: Application.Win32.InstallExt (A)
3    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS detected: Application.Win32.InstallExt (A)
4    Value: HKEY_USERS\S-1-5-21-249595754-1824982653-1794911265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
5    Value: HKEY_USERS\S-1-5-21-249595754-1824982653-1794911265-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)

[Curson]

Hi,

These entries are inactive remnants of adware InstallExt so you can move them to quarantine
They pose no thread to your confidentiality.

Regards.

[johnnykid2321]

Thanks for the help, you are a fucking god

def will try to support you guys in the future when i get some $

owe ya a big one
-----

also for the people who may stumble upon this thread in the future

if you had ran junkware removal tools, it will affect the registrytools and taskbar manager registries.

[Curson]

Hi johnnykid2321,

You are very welcome.
Thanks for the kind words.

Regards.