Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Similar to "numerous infections"


  • Please log in to reply
7 replies to this topic

#1 Johnluca

Johnluca

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 17 September 2013 - 11:10 PM

Hi Broni

 

I am not sure if this complies with the site's/forum's etiquette but I would like to join this thread and start to provide you with the same information as above. My situation is similar, our family computer is fairly new (purchased less than 3 months ago) but already slow.

 

We got somewhere infected with dealply, "zip" something...now we keep on getting browser pop-ups like "longfintuna.net" and I am also left with a suspicious program which I can'install: Zip Opener Packages 59..I don't know whether this is a coincidence or not but as I tried to uninstall it an unverified uninstall manager opened, which I decided not to start, and shortly after Norton detected a trojan.

 

Thank you!

 

JL

 

Here the first results:

 

 n Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
Windows Defender             
Norton 360 Premier Edition   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player     11.8.800.168  
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 



BC AdBot (Login to Remove)

 


#2 Johnluca

Johnluca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 17 September 2013 - 11:15 PM

Farbar Service Scanner Version: 13-09-2013
Ran by pomodoro (administrator) on 18-09-2013 at 06:13:38
Running from "C:\Users\pomodoro\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-09-13 05:58] - [2013-06-10 21:15] - 0723968 ____A (Microsoft Corporation) 73133A0C0CA63817BFF2CB9DE65B64E7

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-09-13 06:03] - [2013-08-16 07:21] - 3275776 ____A (Microsoft Corporation) 9DEC60D4783377097014DFCCA31E69F8

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#3 Johnluca

Johnluca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 17 September 2013 - 11:18 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by pomodoro (administrator) on 18-09-2013 at 06:17:15
Running from "C:\Users\pomodoro\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™-Gigabit-Ethernet = Ethernet (Connected)
Qualcomm Atheros AR5B125 Wireless Network Adapter = WiFi (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="LAN-Verbindung* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : DoroGianluca
   Prim„res DNS-Suffix . . . . . . . :
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : fritz.box

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Virtueller Microsoft-Adapter fr direktes WiFi
   Physische Adresse . . . . . . . . : 1E-3E-84-B3-BD-CB
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter WiFi:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: fritz.box
   Beschreibung. . . . . . . . . . . : Qualcomm Atheros AR5B125 Wireless Network Adapter #2
   Physische Adresse . . . . . . . . : 1C-3E-84-B3-BD-CB
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Ethernet:

   Verbindungsspezifisches DNS-Suffix: fritz.box
   Beschreibung. . . . . . . . . . . : Broadcom NetLink ™-Gigabit-Ethernet
   Physische Adresse . . . . . . . . : 20-89-84-72-33-DE
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::6991:ec4c:84be:622c%12(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 192.168.178.20(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : 18 September 2013 05:55:09
   Lease l„uft ab. . . . . . . . . . : 28 September 2013 05:55:08
   Standardgateway . . . . . . . . . : 192.168.178.1
   DHCP-Server . . . . . . . . . . . : 192.168.178.1
   DHCPv6-IAID . . . . . . . . . . . : 203458948
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-19-0A-F4-CF-20-89-84-72-33-DE
   DNS-Server  . . . . . . . . . . . : 192.168.178.1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Tunneladapter isatap.fritz.box:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: fritz.box
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter Teredo Tunneling Pseudo-Interface:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:14c1:1077:3f57:4deb(Bevorzugt)
   Verbindungslokale IPv6-Adresse  . : fe80::14c1:1077:3f57:4deb%18(Bevorzugt)
   Standardgateway . . . . . . . . . : ::
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Server:  fritz.box
Address:  192.168.178.1

Name:    google.com
Addresses:  2a00:1450:4001:c02::65
      173.194.112.165
      173.194.112.168
      173.194.112.169
      173.194.112.164
      173.194.112.160
      173.194.112.167
      173.194.112.174
      173.194.112.166
      173.194.112.161
      173.194.112.163
      173.194.112.162


Ping wird ausgefhrt fr google.com [173.194.112.165] mit 32 Bytes Daten:
Antwort von 173.194.112.165: Bytes=32 Zeit=12ms TTL=55
Antwort von 173.194.112.165: Bytes=32 Zeit=18ms TTL=55

Ping-Statistik fr 173.194.112.165:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 12ms, Maximum = 18ms, Mittelwert = 15ms
Server:  fritz.box
Address:  192.168.178.1

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Ping wird ausgefhrt fr yahoo.com [98.138.253.109] mit 32 Bytes Daten:
Antwort von 98.138.253.109: Bytes=32 Zeit=141ms TTL=47
Antwort von 98.138.253.109: Bytes=32 Zeit=140ms TTL=47

Ping-Statistik fr 98.138.253.109:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 140ms, Maximum = 141ms, Mittelwert = 140ms

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik fr 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 16...1e 3e 84 b3 bd cb ......Virtueller Microsoft-Adapter fr direktes WiFi
 15...1c 3e 84 b3 bd cb ......Qualcomm Atheros AR5B125 Wireless Network Adapter #2
 12...20 89 84 72 33 de ......Broadcom NetLink ™-Gigabit-Ethernet
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0    192.168.178.1   192.168.178.20     10
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
    192.168.178.0    255.255.255.0   Auf Verbindung    192.168.178.20    266
   192.168.178.20  255.255.255.255   Auf Verbindung    192.168.178.20    266
  192.168.178.255  255.255.255.255   Auf Verbindung    192.168.178.20    266
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung    192.168.178.20    266
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung    192.168.178.20    266
===========================================================================
St„ndige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
 18    306 ::/0                     Auf Verbindung
  1    306 ::1/128                  Auf Verbindung
 18    306 2001::/32                Auf Verbindung
 18    306 2001:0:5ef5:79fd:14c1:1077:3f57:4deb/128
                                    Auf Verbindung
 12    266 fe80::/64                Auf Verbindung
 18    306 fe80::/64                Auf Verbindung
 18    306 fe80::14c1:1077:3f57:4deb/128
                                    Auf Verbindung
 12    266 fe80::6991:ec4c:84be:622c/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
 18    306 ff00::/8                 Auf Verbindung
 12    266 ff00::/8                 Auf Verbindung
===========================================================================
St„ndige Routen:
  Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/18/2013 06:01:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: EgisTSR.exe, Version: 1.4.1.7, Zeitstempel: 0x51247bf6
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871, Zeitstempel: 0x4fee5fd5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001e4f0
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xEgisTSR.exe0
Pfad der fehlerhaften Anwendung: EgisTSR.exe1
Pfad des fehlerhaften Moduls: EgisTSR.exe2
Berichtskennung: EgisTSR.exe3
Vollständiger Name des fehlerhaften Pakets: EgisTSR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EgisTSR.exe5

Error: (09/18/2013 05:56:32 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871, Zeitstempel: 0x4fee5fd5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001e350
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (09/18/2013 05:45:50 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871, Zeitstempel: 0x4fee5fd5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001e37b
ID des fehlerhaften Prozesses: 0xca0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (09/18/2013 04:56:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: EgisTSR.exe, Version: 1.4.1.7, Zeitstempel: 0x51247bf6
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6871, Zeitstempel: 0x4fee5fd5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001e509
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xEgisTSR.exe0
Pfad der fehlerhaften Anwendung: EgisTSR.exe1
Pfad des fehlerhaften Moduls: EgisTSR.exe2
Berichtskennung: EgisTSR.exe3
Vollständiger Name des fehlerhaften Pakets: EgisTSR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EgisTSR.exe5

Error: (09/17/2013 10:18:53 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (09/15/2013 10:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6360

Error: (09/15/2013 10:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6360

Error: (09/15/2013 10:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 07:40:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2907

Error: (09/15/2013 07:40:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2907


System errors:
=============
Error: (09/18/2013 05:55:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037

Error: (09/18/2013 05:55:05 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?18/?09/?2013 um 05:36:58 unerwartet heruntergefahren.

Error: (09/18/2013 05:21:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037

Error: (09/18/2013 05:20:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (09/18/2013 04:52:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037

Error: (09/15/2013 03:01:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037

Error: (09/15/2013 02:58:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037

Error: (09/15/2013 02:58:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?15/?09/?2013 um 13:37:09 unerwartet heruntergefahren.

Error: (09/11/2013 01:09:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BFE erreicht.

Error: (09/10/2013 02:13:39 AM) (Source: DCOM) (User: DoroGianluca)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (09/18/2013 06:01:03 AM) (Source: Application Error)(User: )
Description: EgisTSR.exe1.4.1.751247bf6MSVCR90.dll9.0.30729.68714fee5fd5c0000005000000000001e4f0

Error: (09/18/2013 05:56:32 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1662851a94434MSVCR90.dll9.0.30729.68714fee5fd5c0000005000000000001e350ca401ceb422f2e2a375C:\Windows\Explorer.EXEC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll4dc429de-2016-11e3-be94-2089847233de

Error: (09/18/2013 05:45:50 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1662851a94434MSVCR90.dll9.0.30729.68714fee5fd5c0000005000000000001e37bca001ceb41e2e09d57cC:\Windows\Explorer.EXEC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dllcf1adc5c-2014-11e3-be93-2089847233de

Error: (09/18/2013 04:56:59 AM) (Source: Application Error)(User: )
Description: EgisTSR.exe1.4.1.751247bf6MSVCR90.dll9.0.30729.68714fee5fd5c0000005000000000001e509

Error: (09/17/2013 10:18:53 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (09/15/2013 10:41:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6360

Error: (09/15/2013 10:41:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6360

Error: (09/15/2013 10:41:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 07:40:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2907

Error: (09/15/2013 07:40:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2907


=========================== Installed Programs ============================

Acer Device Fast-lane (Version: 1.00.3011)
Acer Power Management (Version: 7.00.3013)
Acer Recovery Management (Version: 6.00.3016)
Acer Registration (Version: 2.00.3006)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AudibleManager (Version: 18414980.4759644.48.2003908424)
AVM FRITZ!Box Dokumentation
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 15.4.7.1)
Canon Easy-WebPrint EX (Version: 1.3.5.0)
Canon MP190 series MP Drivers
Canon Utilities ImageBrowser EX (Version: 1.3.0.5)
Canon Utilities Solution Menu
Corel WinDVD (Version: 10.8.0.141)
Dritek Radio Controller (Version: 2.02.2001.0803)
ETDWare PS/2-X64 11.6.16.003_WHQL (Version: 11.6.16.003)
Google Chrome (Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Identity Card (Version: 2.00.3004)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2867)
Intel® Rapid Storage Technology (Version: 11.5.4.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.0.4.4)
Launch Manager (Version: 7.0.10)
Live Updater (Version: 2.00.3006)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SiteAdvisor (Version: 3.6.196)
Microsoft Office (Version: 15.0.4454.1510)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Nero BackItUp (Version: 12.5.7000)
Nero BackItUp 12 Essentials OEM.a01 (Version: 12.5.00500)
Nero BackItUp Help (CHM) (Version: 12.0.13000)
Nero ControlCenter (Version: 11.0.15600)
Nero ControlCenter Help (CHM) (Version: 12.0.12000)
Nero Core Components (Version: 11.0.21800)
Nero Launcher (Version: 12.2.7000)
Nero RescueAgent (Version: 12.0.11000)
Nero RescueAgent Help (CHM) (Version: 12.0.7000)
Nero Update (Version: 11.0.11800.31.0)
Norton 360 Premier Edition (Version: 20.4.0.40)
Norton Online Backup (Version: 2.2.3.51r)
Norton Online Backup ARA (Version: 4.1.0.14)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF Architect (Version: 1.1.83.9982)
PDFCreator (Version: 1.7.1)
Prerequisite installer (Version: 12.0.0003)
ProShield (Version: 1.4.1.7)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (Version: 11.41)
Realtek High Definition Audio Driver (Version: 6.0.1.6657)
Shared C Run-time for x64 (Version: 10.0.0)
Unity Web Player (Version: )
Zip Opener Packages 59

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3909.27 MB
Available physical RAM: 2649.27 MB
Total Pagefile: 8773.27 MB
Available Pagefile: 7302.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.62 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:451.19 GB) (Free:312.07 GB) NTFS
2 Drive d: (ER_SEASON_14_DISC_1A) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF

========================= Users: ========================================

Benutzerkonten fr \\DOROGIANLUCA

Administrator            Gast                     pomodoro                 
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****
 



#4 Johnluca

Johnluca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 17 September 2013 - 11:28 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.18.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
pomodoro :: DOROGIANLUCA [Administrator]

18/09/2013 06:21:37
mbam-log-2013-09-18 (06-21-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196233
Laufzeit: 5 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
 



#5 Johnluca

Johnluca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 19 September 2013 - 01:52 PM

I am now getting a Microsoft C++ run time error while using Firefox and a failed plug-in with this site opening up:

 

http://www1.mpnrs.com/tracker/tracker2?adl=3436&adc=8785&adm=15116&adr=34&ada=2&rid=1379616055228&turl=http://im.banner.t-online.de/adlink/784/2487388/0/16/AdId=9248027;BnId=9;itime=616053174;key=FLO3;nodecode=yes;link=



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 19 September 2013 - 10:53 PM

 
 

Please run these for me...::

Revo Uninstaller to uninstall ZIP OPENER PACKAGES 59.

 

Revo Uninstaller is quite thorough in deleting programs on your computer .  Since it is a powerful tool, please be sure to follow the instructions carefully.

Please note If this program is not listed in Revo.....simply stop and let me know.

    Please download and install  Revo Uninstaller Free
    Double click Revo Uninstaller to run it.
    From the list of programs double click on the program you want to remove
    When prompted if you want to uninstall click Yes.
    Be sure the Moderate option is selected then click Next.
    The program will run, If prompted again click Yes
    When the built-in uninstaller is finished click on Next
    Once the program has searched for leftovers click Next.
    Check the items in bold only on the list then click Delete.  You may have to expand some folders by clicking the "+" mark.
    When prompted click on Yes and then on Next.
    Put a check on any folders that are found and select Delete
    When prompted select Yes then Next
    Once done click Finish.

 

                            ======================================================

 

Then ::

 

Download Malwarebytes Anti-Rootkit from Malwarebytes Anti-Rootkit to your Desktop.

    Unzip downloaded file.
    Open the folder where the contents were unzipped and run mbar.exe
    Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    DO NOT click on the Cleanup button. Simply exit the program.
    When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

              ===============================

 

Followed by :

 

Please download Rkill (courtesy of BleepingComputer.com) from  RKill to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Double-click on the Rkill desktop icon to run the tool.
    If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    If not, delete the file, then download and use the one provided in Link 2.
    Do not reboot until instructed.
    If the tool does not run from any of the links provided, please advise me of this..

If normal mode still doesn't work, you can run the tool in safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

 

 

 

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#7 Johnluca

Johnluca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 22 September 2013 - 01:53 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.22.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
pomodoro :: DOROGIANLUCA [administrator]

22/09/2013 11:11:28
mbar-log-2013-09-22 (11-11-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 218930
Time elapsed: 56 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4099170304, free: 548339712

Downloaded database version: v2013.09.18.02
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/18/2013 06:30:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\eLock2BurnerLockDriver.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130917.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\System32\drivers\bScsiSDa.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\bScsiMSa.sys
\SystemRoot\System32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\b57xdmp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eLock2FSCTLDriver.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130917.019\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130917.019\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80060b1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000036\
Lower Device Object: 0xfffffa8004c3d060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80060b1b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004c3d060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F41B7C1

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3530091328
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3530091328
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9002678-b7df-4ac0-9f45-c027733d1d21
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a7059ceb-6aae-4c79-ba29-7812dac5f2ce
    FirstLBA 821248  Last LBA 1435647
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c4a6978f-5b2d-43dc-9e28-bb46b1a221c
    FirstLBA 1435648  Last LBA 1697791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f006caad-a016-4b04-afd8-e975ad82eef
    FirstLBA 1697792  Last LBA 947914751
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eaafb066-9989-4c4a-9264-7791b641d627
    FirstLBA 947914752  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4099170304, free: 2034618368

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4099170304, free: 1976909824

Downloaded database version: v2013.09.18.11
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/18/2013 23:39:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\eLock2BurnerLockDriver.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\System32\drivers\bScsiSDa.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\bScsiMSa.sys
\SystemRoot\System32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\b57xdmp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eLock2FSCTLDriver.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130917.025\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130917.025\ENG64.SYS
\SystemRoot\System32\cdd.dll
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130918.001\IDSvia64.sys
\SystemRoot\system32\drivers\drmkaud.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80060b1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000036\
Lower Device Object: 0xfffffa8004c3d060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80060b1b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004c3d060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F41B7C1

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3530091328
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3530091328
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9002678-b7df-4ac0-9f45-c027733d1d21
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a7059ceb-6aae-4c79-ba29-7812dac5f2ce
    FirstLBA 821248  Last LBA 1435647
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c4a6978f-5b2d-43dc-9e28-bb46b1a221c
    FirstLBA 1435648  Last LBA 1697791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f006caad-a016-4b04-afd8-e975ad82eef
    FirstLBA 1697792  Last LBA 947914751
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eaafb066-9989-4c4a-9264-7791b641d627
    FirstLBA 947914752  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4099170304, free: 1200254976

Downloaded database version: v2013.09.21.01
Downloaded database version: v2013.09.20.01
=======================================
Initializing...
------------ Kernel report ------------
     09/21/2013 06:21:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\eLock2BurnerLockDriver.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\System32\drivers\bScsiSDa.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\bScsiMSa.sys
\SystemRoot\System32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\b57xdmp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eLock2FSCTLDriver.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130920.009\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130920.009\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130920.001\IDSvia64.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80060b1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000036\
Lower Device Object: 0xfffffa8004c3d060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80060b1b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004c3d060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F41B7C1

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3530091328
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3530091328
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9002678-b7df-4ac0-9f45-c027733d1d21
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a7059ceb-6aae-4c79-ba29-7812dac5f2ce
    FirstLBA 821248  Last LBA 1435647
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c4a6978f-5b2d-43dc-9e28-bb46b1a221c
    FirstLBA 1435648  Last LBA 1697791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f006caad-a016-4b04-afd8-e975ad82eef
    FirstLBA 1697792  Last LBA 947914751
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eaafb066-9989-4c4a-9264-7791b641d627
    FirstLBA 947914752  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4099170304, free: 1470582784

Downloaded database version: v2013.09.22.01
Downloaded database version: v2013.09.20.01
Initializing...
=======================================
------------ Kernel report ------------
     09/22/2013 11:11:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\eLock2BurnerLockDriver.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\System32\drivers\bScsiSDa.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\bScsiMSa.sys
\SystemRoot\System32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\aPs2Kb2Hid.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\b57xdmp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eLock2FSCTLDriver.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSP64.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130921.001\IDSvia64.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130921.005\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130921.005\ENG64.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80060b1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000036\
Lower Device Object: 0xfffffa8004c3d060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80060b1b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80060b1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004c3d060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F41B7C1

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3530091328
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3530091328
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid b80faf96-1f84-4532-b66e-ec5d204a2091
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9002678-b7df-4ac0-9f45-c027733d1d21
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a7059ceb-6aae-4c79-ba29-7812dac5f2ce
    FirstLBA 821248  Last LBA 1435647
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c4a6978f-5b2d-43dc-9e28-bb46b1a221c
    FirstLBA 1435648  Last LBA 1697791
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f006caad-a016-4b04-afd8-e975ad82eef
    FirstLBA 1697792  Last LBA 947914751
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eaafb066-9989-4c4a-9264-7791b641d627
    FirstLBA 947914752  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 



#8 Johnluca

Johnluca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 22 September 2013 - 01:58 PM

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2013 08:54:30 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/22/2013 08:57:28 PM
Execution time: 0 hours(s), 2 minute(s), and 58 seconds(s)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users