Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall Settings Problem


  • Please log in to reply
6 replies to this topic

#1 Plutotype

Plutotype

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 23 January 2014 - 08:16 PM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/492975/cant-start-windows-firewall-error-code-0x8007042c/ - Hamluis.

 

Hi Broni,

Im getting the same error code when clicking on firewall settings in Windows. Windows Firewall cant change some of your settings. Error Code 0x8007042c

Could you please check the logs?

 

Here are the logs:

 

SETUP.TXT

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 7 Update 51  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader XI  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
 Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

FSS.TXT

 

Farbar Service Scanner Version: 08-01-2014
Ran by Plutotype (administrator) on 24-01-2014 at 01:20:08
Running from "D:\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

MINITOOLBOX

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Plutotype (administrator) on 24-01-2014 at 01:23:57
Running from "D:\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================


127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Fileserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
   Physical Address. . . . . . . . . : 1C-6F-65-36-1A-54
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7976:d8ed:b56b:2a25%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24. janu ra 2014 1:16:42
   Lease Expires . . . . . . . . . . : 25. janu ra 2014 1:16:41
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 303853413
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-76-81-4A-1C-6F-65-36-1A-64
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 1C-6F-65-36-1A-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5E6A040E-7B1A-45A2-A664-7AD6DC5773BB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BD0729AD-4BD3-4081-B437-0D7BB446A57B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2a00:1450:400d:803::100e
      173.194.39.99
      173.194.39.103
      173.194.39.105
      173.194.39.110
      173.194.39.104
      173.194.39.98
      173.194.39.96
      173.194.39.102
      173.194.39.100
      173.194.39.97
      173.194.39.101


Pinging google.com [173.194.39.110] with 32 bytes of data:
Reply from 173.194.39.110: bytes=32 time=17ms TTL=57
Reply from 173.194.39.110: bytes=32 time=15ms TTL=57

Ping statistics for 173.194.39.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=129ms TTL=49
Reply from 98.139.183.24: bytes=32 time=127ms TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 127ms, Maximum = 129ms, Average = 128ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...1c 6f 65 36 1a 54 ......Realtek PCIe GBE Family Controller #2
 11...1c 6f 65 36 1a 64 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.101     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.101    276
    192.168.0.101  255.255.255.255         On-link     192.168.0.101    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.101    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.101    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    276 fe80::/64                On-link
 13    276 fe80::7976:d8ed:b56b:2a25/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/24/2014 01:16:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 01:16:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 01:16:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 00:42:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 00:42:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 00:42:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 00:22:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 00:22:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2014 00:22:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 00:22:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/24/2014 01:21:34 AM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%5

Error: (01/24/2014 01:21:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (01/24/2014 01:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%5

Error: (01/24/2014 01:21:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (01/24/2014 01:17:58 AM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%5

Error: (01/24/2014 01:17:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (01/24/2014 01:17:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (01/24/2014 01:17:50 AM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%5

Error: (01/24/2014 01:16:54 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/24/2014 01:16:43 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (01/24/2014 01:16:51 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 01:16:51 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 01:16:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 00:42:06 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 00:42:01 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 00:42:01 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 00:22:56 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 00:22:56 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8

Error: (01/24/2014 00:22:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 00:22:49 AM) (Source: SideBySide)(User: )
Description: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0"C:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\wlc.exeC:\Program Files\Steinberg\Cubase 6\VSTPlugins\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST8


=========================== Installed Programs ============================

 Drums Overkill
@BIOS (Version: 2.20)
Acronis True Image Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (Version: 10.3.183.75)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206)
AMD Catalyst Control Center (Version: 2013.1206.1603.28764)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.81206.1620)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
ARP2600 V2 2.5.1 (Version: 2.5.1)
ArtsAcoustic BigRock v1.0.7
ASAP Utilities (Version: 4.8.6)
BiFilter v2.3
BitTorrent (Version: 7.6.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764)
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764)
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764)
CCC Help Czech (Version: 2013.1206.1602.28764)
CCC Help Danish (Version: 2013.1206.1602.28764)
CCC Help Dutch (Version: 2013.1206.1602.28764)
CCC Help English (Version: 2013.1206.1602.28764)
CCC Help Finnish (Version: 2013.1206.1602.28764)
CCC Help French (Version: 2013.1206.1602.28764)
CCC Help German (Version: 2013.1206.1602.28764)
CCC Help Greek (Version: 2013.1206.1602.28764)
CCC Help Hungarian (Version: 2013.1206.1602.28764)
CCC Help Chinese Standard (Version: 2013.1206.1602.28764)
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764)
CCC Help Italian (Version: 2013.1206.1602.28764)
CCC Help Japanese (Version: 2013.1206.1602.28764)
CCC Help Korean (Version: 2013.1206.1602.28764)
CCC Help Norwegian (Version: 2013.1206.1602.28764)
CCC Help Polish (Version: 2013.1206.1602.28764)
CCC Help Portuguese (Version: 2013.1206.1602.28764)
CCC Help Russian (Version: 2013.1206.1602.28764)
CCC Help Spanish (Version: 2013.1206.1602.28764)
CCC Help Swedish (Version: 2013.1206.1602.28764)
CCC Help Thai (Version: 2013.1206.1602.28764)
CCC Help Turkish (Version: 2013.1206.1602.28764)
ccc-utility64 (Version: 2013.1206.1603.28764)
CCleaner (Version: 4.09)
CS-80V2 2.5.1 (Version: 2.5.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (Version: 3.0.0.0)
discoDSP Discovery Pro (Version: 5.4)
Driver Sweeper version 3.2.0 (Version: 3.2.0)
DVDFab 8.1.7.8 (17/04/2012) Qt
eac3to µGUI version 0.7.2 (Version: 0.7.2)
ElectraX full
eLicenser Control
FileZilla Client 3.7.3 (Version: 3.7.3)
FilterBank v3.3 X64
FireBird plus v1.11.2
flirc
Focusrite Midnignt Suite VST RTAS v1.1
GetDataBack for NTFS (Version: 4.30.000)
Gladiator  full
HxD Hex Editor verze 1.7.7.0 (Version: 1.7.7.0)
iLok Client Helper (Version: 5.9.1)
Intel® C++ Redistributables for Windows* on IA-64 (Version: 11.1.048)
Intel® C++ Redistributables for Windows* on Intel® 64 (Version: 11.1.051)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
JDownloader 2 (Version: 2.0)
JMicron JMB36X Driver (Version: 1.17.63.1)
Lexicon PSP 42 1.6.1 64bit (Version: 1.6.1 64bit)
License Support (Version: 1.1.1.1524)
Magical Jelly Bean KeyFinder (Version: 2.0.9.8)
MediaInfo 0.7.67 (Version: 0.7.67)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Access MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Czech) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Hungarian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (Slovak) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
minimoog-v 2.5.1 (Version: 2.5.1)
MKVToolNix 5.9.0 (Version: 5.9.0)
Monkey's Audio
Moog Modular V 2 2.6.1 (Version: 2.6.1)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MPC-HC 1.7.1.366 (00e1a52) Nightly (Version: 1.7.1.366)
MSVCRT Redists (Version: 1.0)
Native Instruments FM8 (Version: 1.2.0.1016)
Native Instruments Kontakt 5 (Version: 5.0.2.5641)
Native Instruments Kontakt Player 2
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Service Center (Version: 2.3.2.926)
Noise Reduction Plug-in 2.0i (Version: 2.0.455)
Play Complete Composers Collection (Version: 2.1.2)
Play Update 3.0.32 (Version: 3.0.32)
PowerISO (Version: 4.9)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Prophet-V2 2.5.1 (Version: 2.5.1)
PSD Viewer
PSP 85 64bit (Version: 1.1.0 64bit)
PSP NobleQ 64bit (Version: 1.7.0 64bit)
PSP oldTimer 1.2.0 64bit (Version: 1.2.0 64bit)
PSP StereoPack 1.9.8 64bit (Version: 1.9.8 64bit)
PSP VintageWarmer2 2.5.2 64bit (Version: 2.5.2 64bit)
PSPad editor
QT Lite 4.1.0 (Version: 4.1.0)
Realtek Ethernet Controller Driver (Version: 7.46.531.2011)
ReClock
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
RME Fireface USB (Version: 1.0.38.0)
Rob Papen BLUE Version 1.8.5d 64 Bits + Multi-Core
Rob Papen Predator V1.5.8 64 bits Multi-core
Rob Papen RP-Verb 1.0.3 64 Bits Multi-Core
Saurus v1.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sony Noise Reduction Plug-In 2.0h (Version: 2.0.451)
Sound Forge Pro 10.0 (Version: 10.0.491)
Spybot - Search & Destroy (Version: 2.2.25)
Steinberg Cubase 6 64bit (Version: 6.0.5)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
TechPowerUp GPU-Z
Tone2 AkustiX Enhancer v1.0 X64
Tone2 Warmverb multi-FX full
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Virus TI Software Suite 64-bit (Version: 4.5.3.00)
Visual C++ 64-bit Redistributables (Version: 1.1.1.1524)
Visual C++ Redistributables (Version: 1.1.1.1524)
Waves Complete V9r1 (Version: 9.0.1)
Windows Driver Package - libusb 1.0 (WinUSB) libusb (WinUSB) devices  (04/25/2010 ) (Version: 04/25/2010 )
Windows Driver Package - libusb 1.0 (WinUSB) libusb (WinUSB) devices  (05/10/2010 ) (Version: 05/10/2010 )
Windows Driver Package - RME Fireface USB (11/23/2013 1.0.38.0) (Version: 11/23/2013 1.0.38.0)
WinRAR 5.01 (64-bit) (Version: 5.01.0)
XBMC

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 11%
Total physical RAM: 24574.41 MB
Available physical RAM: 21795.92 MB
Total Pagefile: 49147.01 MB
Available Pagefile: 46356.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:46.59 GB) (Free:3.6 GB) NTFS
2 Drive d: (RAID10) (Fixed) (Total:3724.87 GB) (Free:141.6 GB) NTFS
3 Drive e: (KINGSTONSSD1) (Fixed) (Total:446.62 GB) (Free:2.36 GB) NTFS
4 Drive f: (KINGSTONSSD2) (Fixed) (Total:446.62 GB) (Free:19.3 GB) NTFS
5 Drive g: (20110924_1815) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
6 Drive h: (Samsung F4) (Fixed) (Total:3725.9 GB) (Free:1025.24 GB) NTFS
7 Drive i: (WD 3TB) (Fixed) (Total:2794.39 GB) (Free:62.41 GB) NTFS
8 Drive j: (WD 3TB) (Fixed) (Total:2794.39 GB) (Free:23.11 GB) NTFS
9 Drive k: (Samsung F4) (Fixed) (Total:1862.92 GB) (Free:31.06 GB) NTFS
11 Drive m: (Samsung F4) (Fixed) (Total:1863.01 GB) (Free:55.61 GB) NTFS
12 Drive n: (WD 3TB) (Fixed) (Total:2794.39 GB) (Free:86.7 GB) NTFS
13 Drive o: (WD 3TB) (Fixed) (Total:2794.39 GB) (Free:128.81 GB) NTFS
14 Drive p: (External Seagate) (Fixed) (Total:1397.26 GB) (Free:1397.14 GB) NTFS
15 Drive r: (Koncerty) (Fixed) (Total:2794.39 GB) (Free:35.91 GB) NTFS
16 Drive s: (External Silicon 500GB) (Fixed) (Total:465.76 GB) (Free:292.98 GB) NTFS

========================= Users: ========================================

User accounts for \\FILESERVER

Administrator            Guest                    Plutotype                


**** End of log ****
 

 

 

 

MBAM log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Plutotype :: FILESERVER [administrator]

24. 1. 2014 1:34:41
mbam-log-2014-01-24 (01-34-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215358
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1G1M1G1I1O2Wzr1C1M -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

MBAR - SYSTEM.TXT

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, M:\ DRIVE_FIXED, N:\ DRIVE_FIXED, O:\ DRIVE_FIXED, P:\ DRIVE_FIXED, R:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 3.330000 GHz
Memory total: 25768140800, free: 23211003904

Downloaded database version: v2014.01.23.08
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/24/2014 01:43:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\Si3124r5.sys
\SystemRoot\system32\DRIVERS\percsas2.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\SiWinAcc.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\drivers\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\iLokDrvr.sys
\SystemRoot\system32\drivers\fireface_usb_64.sys
\SystemRoot\system32\DRIVERS\synusb64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk13\DR13
Upper Device Object: 0xfffffa8014230790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa801407ab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk12\DR12
Upper Device Object: 0xfffffa8013404060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa8012af6910
Lower Device Driver Name: \Driver\percsas2\
<<<1>>>
Upper Device Name: \Device\Harddisk11\DR11
Upper Device Object: 0xfffffa8013403060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa8012af6060
Lower Device Driver Name: \Driver\percsas2\
<<<1>>>
Upper Device Name: \Device\Harddisk10\DR10
Upper Device Object: 0xfffffa80133ff060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xfffffa8012b549c0
Lower Device Driver Name: \Driver\percsas2\
<<<1>>>
Upper Device Name: \Device\Harddisk9\DR9
Upper Device Object: 0xfffffa80133cf790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\Si3124r51Port8Path0Target10Lun0\
Lower Device Object: 0xfffffa8012b28050
Lower Device Driver Name: \Driver\Si3124r5\
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR8
Upper Device Object: 0xfffffa80133c9790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-7\
Lower Device Object: 0xfffffa8012b17680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa80133c3790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xfffffa8012b13060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa80133bd790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8012af7060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa80133b7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa8012b0f060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80133b1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-8\
Lower Device Object: 0xfffffa8012b20060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80133ab790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xfffffa8012b08680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80133a5790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8012afb680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801339f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\JRAID1Port0Path0Target1Lun0\
Lower Device Object: 0xfffffa8012acb050
Lower Device Driver Name: \Driver\JRAID\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8013399790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\JRAID1Port0Path0Target0Lun0\
Lower Device Object: 0xfffffa8012ac7050
Lower Device Driver Name: \Driver\JRAID\
<<<2>>>
Physical Sector Size: 512
Drive: 9, DevicePointer: 0xfffffa80133cf790, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013357d80, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133549c0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8013353940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8013353b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801334d9c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133cf790, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b28050, DeviceName: \Device\Scsi\Si3124r51Port8Path0Target10Lun0\, DriverName: \Driver\Si3124r5\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8013399790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80133991c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132f79c0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132f3900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132f4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8013399560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013399790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80127a5160, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012ac7050, DeviceName: \Device\Scsi\JRAID1Port0Path0Target0Lun0\, DriverName: \Driver\JRAID\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8A7D5A6A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 2930272256

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801339f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80133019c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132fd890, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa801339f100, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132feb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801339f350, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801339f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa801281fe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012acb050, DeviceName: \Device\Scsi\JRAID1Port0Path0Target1Lun0\, DriverName: \Driver\JRAID\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3958402245
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid e208066c-c660-4800-a5f-925ae8c1df89
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3958402245
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid e208066c-c660-4800-a5f-925ae8c1df89
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a7fe0dcb-2373-482d-b6d7-ec702ccf5ec8
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 746e93e6-6a7-4ed7-9cba-44bb8bd27db2
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80133a5790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801330b980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013305850, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8013308900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801330bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133a5560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133a5790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012afb680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 363825351
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 27981830-62ec-4cac-b78b-c093eed8737d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 363825351
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 27981830-62ec-4cac-b78b-c093eed8737d
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7f09098c-eb1c-470a-92d1-4f3eb20e63f
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f20e408f-647a-4926-98a2-1aedc73f9bf7
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa80133ab790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013318b30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133158c0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8013312940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8013312b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133ab560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133ab790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b07520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b08680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: D7727955

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1159543720
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 21d3a157-a1fe-4851-9465-902416d0d7c5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1159543720
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 21d3a157-a1fe-4851-9465-902416d0d7c5
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 686688c2-206d-4cf8-b8e4-d893c9e224b8
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 53aa4a4c-e210-4286-903b-863649d961b5
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa80133b1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80133209c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801331c940, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa801331b900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801331fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133b1350, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133b1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012ae5e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b20060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 807735769
    GPT Header CurrentLba = 1 BackupLba 7814037167
    GPT Header FirstUsableLba 34  LastUsableLba 7814037134
    GPT Header Guid 5cfb29f6-485f-43f2-87c9-63243508966
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 807735769
    Backup GPT header CurrentLba = 7814037167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 7814037134
    Backup GPT header Guid 5cfb29f6-485f-43f2-87c9-63243508966
    Backup GPT header Contains 128 partition entries starting at LBA 7814037135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 86296fad-e257-41c9-85f-e4c97168caf5
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8aed6c75-d5ec-4b08-84ff-8577f1306160
    FirstLBA 264192  Last LBA 7814035455
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 4000787030016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa80133b7790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801332b910, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133b71a0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8013329900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801332ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133b7560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133b7790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b264e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b0f060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 195FDA1B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3906820096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa80133bd790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013338e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133359c0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8013334940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8013334b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133bd560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133bd790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012af7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6ABA4A43

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 271612510
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 5350d4d-5293-406a-b798-e8f602c34a9
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 271612510
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 5350d4d-5293-406a-b798-e8f602c34a9
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7fe70497-f804-47d6-8669-9d5642587177
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 45049c11-1ca6-4ec2-a6fa-405fd9c09158
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 7, DevicePointer: 0xfffffa80133c3790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013342e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801333e980, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa801333d900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801333eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133388c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133c3790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa801281d670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b13060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 7
Scanning MBR on drive 7...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B487706

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1313202061
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 9defb6fd-8e98-4fc2-ada9-4bacffb602d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1313202061
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 9defb6fd-8e98-4fc2-ada9-4bacffb602d
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID e9ab7da4-5bf9-434e-b9a-c22827365cb
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3c4a6ebe-1b85-4bd9-af92-5cebe4a6f1c1
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 8, DevicePointer: 0xfffffa80133c9790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801334de30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013349860, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8013348900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8013349b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133c9300, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80133c9790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012a847f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b17680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 8
Scanning MBR on drive 8...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 46A4E3BA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907022848

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 9
Scanning MBR on drive 9...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5601B84E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 97708032

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 50029264896 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-5-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-6-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-6-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-7-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-7-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-8-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-8-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-9-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-9-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, M:\ DRIVE_FIXED, N:\ DRIVE_FIXED, O:\ DRIVE_FIXED, P:\ DRIVE_FIXED, R:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 6.275000 GHz
Memory total: 25768140800, free: 24028999680

=======================================
Initializing...
------------ Kernel report ------------
     01/24/2014 01:58:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\Si3124r5.sys
\SystemRoot\system32\DRIVERS\percsas2.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\SiWinAcc.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\drivers\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk13\DR13
Upper Device Object: 0xfffffa80136b9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa80136e5b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk12\DR12
Upper Device Object: 0xfffffa80133b0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa8012b4e840
Lower Device Driver Name: \Driver\percsas2\
<<<1>>>
Upper Device Name: \Device\Harddisk11\DR11
Upper Device Object: 0xfffffa80133af060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xfffffa8012b4e060
Lower Device Driver Name: \Driver\percsas2\
<<<1>>>
Upper Device Name: \Device\Harddisk10\DR10
Upper Device Object: 0xfffffa80133ab060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xfffffa8012b1d7e0
Lower Device Driver Name: \Driver\percsas2\
<<<1>>>
Upper Device Name: \Device\Harddisk9\DR9
Upper Device Object: 0xfffffa801337b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\Si3124r51Port8Path0Target10Lun0\
Lower Device Object: 0xfffffa8012b3d050
Lower Device Driver Name: \Driver\Si3124r5\
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR8
Upper Device Object: 0xfffffa8013375790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-a\
Lower Device Object: 0xfffffa8012b1b680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa801336f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-8\
Lower Device Object: 0xfffffa8012b14060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8013369790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-6\
Lower Device Object: 0xfffffa8012b0c060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8013363790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-5\
Lower Device Object: 0xfffffa8012b07680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa801335d790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xfffffa8012b04060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8013357790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-2\
Lower Device Object: 0xfffffa8012afb060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8013351790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8012af7060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801334b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\JRAID1Port0Path0Target1Lun0\
Lower Device Object: 0xfffffa8012ad2050
Lower Device Driver Name: \Driver\JRAID\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8013345790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\JRAID1Port0Path0Target0Lun0\
Lower Device Object: 0xfffffa8012ad0050
Lower Device Driver Name: \Driver\JRAID\
<<<2>>>
Physical Sector Size: 512
Drive: 9, DevicePointer: 0xfffffa801337b790, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132febe0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132f99c0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132f8940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132f8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801337b300, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801337b790, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b3d050, DeviceName: \Device\Scsi\Si3124r51Port8Path0Target10Lun0\, DriverName: \Driver\Si3124r5\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8013345790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801329b980, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013299850, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa801329a900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801329bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80133454b0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013345790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012859dc0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012ad0050, DeviceName: \Device\Scsi\JRAID1Port0Path0Target0Lun0\, DriverName: \Driver\JRAID\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8A7D5A6A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 2930272256

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801334b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132a9e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132a5880, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132a4900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132a5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801334b350, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801334b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80128558c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012ad2050, DeviceName: \Device\Scsi\JRAID1Port0Path0Target1Lun0\, DriverName: \Driver\JRAID\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3958402245
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid e208066c-c660-4800-a5f-925ae8c1df89
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3958402245
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid e208066c-c660-4800-a5f-925ae8c1df89
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a7fe0dcb-2373-482d-b6d7-ec702ccf5ec8
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 746e93e6-6a7-4ed7-9cba-44bb8bd27db2
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8013351790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132b08c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132af980, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132a98a0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132afb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801329f940, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013351790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012af7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6ABA4A43

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 271612510
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 5350d4d-5293-406a-b798-e8f602c34a9
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 271612510
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 5350d4d-5293-406a-b798-e8f602c34a9
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7fe70497-f804-47d6-8669-9d5642587177
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 45049c11-1ca6-4ec2-a6fa-405fd9c09158
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8013357790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132bb8c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132ba980, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132b9900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132bab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8013357560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013357790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012afb060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 363825351
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 27981830-62ec-4cac-b78b-c093eed8737d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 363825351
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 27981830-62ec-4cac-b78b-c093eed8737d
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7f09098c-eb1c-470a-92d1-4f3eb20e63f
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f20e408f-647a-4926-98a2-1aedc73f9bf7
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa801335d790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801335d1c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132c59c0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132c3900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132c4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801335d560, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801335d790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b0a520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b04060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: D7727955

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1159543720
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 21d3a157-a1fe-4851-9465-902416d0d7c5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1159543720
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 21d3a157-a1fe-4851-9465-902416d0d7c5
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 686688c2-206d-4cf8-b8e4-d893c9e224b8
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 53aa4a4c-e210-4286-903b-863649d961b5
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8013363790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132cf940, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013363070, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132cd900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132ceb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80132cca70, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013363790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012afe580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b07680, DeviceName: \Device\Ide\IdeDeviceP2T1L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 807735769
    GPT Header CurrentLba = 1 BackupLba 7814037167
    GPT Header FirstUsableLba 34  LastUsableLba 7814037134
    GPT Header Guid 5cfb29f6-485f-43f2-87c9-63243508966
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 807735769
    Backup GPT header CurrentLba = 7814037167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 7814037134
    Backup GPT header Guid 5cfb29f6-485f-43f2-87c9-63243508966
    Backup GPT header Contains 128 partition entries starting at LBA 7814037135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 86296fad-e257-41c9-85f-e4c97168caf5
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8aed6c75-d5ec-4b08-84ff-8577f1306160
    FirstLBA 264192  Last LBA 7814035455
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 4000787030016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xfffffa8013369790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132dfe30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132d9930, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132d8900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132d9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8013369430, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013369790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b12520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b0c060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 195FDA1B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3906820096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 7, DevicePointer: 0xfffffa801336f790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132e9e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132e3930, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132e2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132e3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80132df890, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa801336f790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b13580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b14060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 7
Scanning MBR on drive 7...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B487706

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1313202061
    GPT Header CurrentLba = 1 BackupLba 5860533167
    GPT Header FirstUsableLba 34  LastUsableLba 5860533134
    GPT Header Guid 9defb6fd-8e98-4fc2-ada9-4bacffb602d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1313202061
    Backup GPT header CurrentLba = 5860533167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 5860533134
    Backup GPT header Guid 9defb6fd-8e98-4fc2-ada9-4bacffb602d
    Backup GPT header Contains 128 partition entries starting at LBA 5860533135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID e9ab7da4-5bf9-434e-b9a-c22827365cb
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3c4a6ebe-1b85-4bd9-af92-5cebe4a6f1c1
    FirstLBA 264192  Last LBA 5860532223
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 3000592982016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 8, DevicePointer: 0xfffffa8013375790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80132f3940, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa80132eb940, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80132ed8d0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa80132eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8013375250, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa8013375790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012b03520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012b1b680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-a\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 8
Scanning MBR on drive 8...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 46A4E3BA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907022848

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 9
Scanning MBR on drive 9...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5601B84E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 97708032

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 50029264896 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-6-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-6-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-6-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-7-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-7-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-8-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-8-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-9-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-9-r.mbam...
Removal finished
 

 

MBAR

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.23.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16476
Plutotype :: FILESERVER [administrator]

24. 1. 2014 1:58:35
mbar-log-2014-01-24 (01-58-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 236117
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


Edited by hamluis, 23 January 2014 - 09:37 PM.
PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 Plutotype

Plutotype
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 28 January 2014 - 02:01 PM

any chance for a help please?



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:27 PM

Posted 28 January 2014 - 09:07 PM

Welcome aboard p22002758.gif

 

Let's run couple more checks before we get back to your original issue.

 

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 Plutotype

Plutotype
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 03 February 2014 - 02:58 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/29/2014 08:36:56 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * iphlpsvc [Missing ImagePath]
 * WinDefend [Missing ImagePath]
 * WinHttpAutoProxySvc [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 activate.adobe.com

Program finished at: 01/29/2014 08:37:06 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

 

 

 

 

 

 

# AdwCleaner v3.018 - Report created 29/01/2014 at 20:46:24
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Plutotype - FILESERVER
# Running from : C:\Users\Plutotype\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Users\Plutotype\AppData\Local\TempDir
Folder Deleted : C:\Users\Plutotype\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Plutotype\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Plutotype\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Plutotype\AppData\Roaming\Mozilla\Firefox\Profiles\19vebeue.default\prefs.js ]

Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357199477880,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2");

*************************

AdwCleaner[R0].txt - [3102 octets] - [29/01/2014 20:38:13]
AdwCleaner[R1].txt - [3162 octets] - [29/01/2014 20:44:40]
AdwCleaner[S0].txt - [3032 octets] - [29/01/2014 20:46:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3092 octets] ##########
 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Plutotype on po 03. 02. 2014 at 20:51:57,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Plutotype\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Plutotype\AppData\Roaming\mozilla\firefox\profiles\19vebeue.default\minidumps [179 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 03. 02. 2014 at 20:55:33,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:27 PM

Posted 03 February 2014 - 09:34 PM

Eset?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Plutotype

Plutotype
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 04 February 2014 - 12:52 PM

Sorry, Eset no log because of 0 threats.



#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:27 PM

Posted 04 February 2014 - 07:58 PM

OK.

 

We have several registry keys missing.

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

Post new FSS log as well.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users