madmanjp

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.05.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Jame-DID :: USER-PC [administrator] 7/1/2014 21:23:38mbam-log-2014-01-07 (21-23-38).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 275694Time elapsed: 12 minute(s), 57 second(s) Memory Processes Detected: 2C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> 4748 -> Delete on reboot.C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> 7444 -> Delete on reboot. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|crsscmgr (Trojan.FakeMS) -> Data: C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> Delete on reboot.C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> Delete on reboot.C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. (end)

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Jame-DID :: USER-PC [administrator] 7/1/2014 21:23:38 mbam-log-2014-01-07 (21-23-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 275694 Time elapsed: 12 minute(s), 57 second(s) Memory Processes Detected: 2 C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> 4748 -> Delete on reboot. C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> 7444 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|crsscmgr (Trojan.FakeMS) -> Data: C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp4B99.exe (Trojan.FakeMS) -> Delete on reboot. C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\service.exe (PUP.Optional.Bitminer) -> Delete on reboot. C:\Users\Jame-DID\AppData\Roaming\.mono\crsscmgr\crssc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. (end)

Category: SONAR Activity Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename 6/1/2014 06:32:30,High,tmp438e.exe (SONAR.Heuristic.112) detected by SONAR,Restart Required,You must restart your computer.,c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe 16/12/2013 20:23:40,High,tmp64d6.exe (SONAR.Heuristic.112) detected by SONAR,Quarantined,Resolved - No Action Required,c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp64d6.exe 12/12/2013 23:23:11,High,tmp35f3.exe (SONAR.Heuristic.112) detected by SONAR,Quarantined,Resolved - No Action Required,c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp35f3.exe i have a feeling this 'thing' on Bing is the source of repeated malware infection on my system. can someone help, please?

Filename: tmp438e.exe Threat name: SONAR.Heuristic.112 Full Path: Not Available ____________________________ Details Very Few Users, Very New, Risk High Origin Downloaded from Unknown Activity Actions performed: 5 ____________________________ On computers as of 6/1/2014 at 06:31:31 Last Used 6/1/2014 at 06:31:31 Startup Item No Launched Yes ____________________________ Very Few Users Fewer than 5 users in the Norton Community have used this file. Very New This file was released less than 1 week ago. High This file risk is high. SONAR Protection monitors for suspicious program activity on your computer. ____________________________ Source: External Media Source File: explorer.exe File Created: tmp438e.exe ____________________________ File Actions File: c:\programdata\microsoft\bingdesktop\bingcore\temp\ tmp438e.exe Restart Required File: c:\users\jame-did\appdata\roaming\ verison.dll No Action Required ____________________________ System Settings Actions Event: Process start (Performed by c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe, PID:6224) No action taken Event: PE file creation: c:\users\jame-did\appdata\roaming\ verison.dll (Performed by c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe, PID:6224) No action taken Event: Process start: c:\programdata\microsoft\bingdesktop\bingcore\temp\ tmp438e.exe, PID:6224 (Performed by c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe, PID:6224) No action taken ____________________________ File Thumbprint - SHA: Not available File Thumbprint - MD5: Not available

Filename: tmp438e.exe Threat name: SONAR.Heuristic.112 Full Path: Not Available ____________________________ Details Very Few Users, Very New, Risk High Origin Downloaded from Unknown Activity Actions performed: 5 ____________________________ On computers as of 6/1/2014 at 06:31:31 Last Used 6/1/2014 at 06:31:31 Startup Item No Launched Yes ____________________________ Very Few Users Fewer than 5 users in the Norton Community have used this file. Very New This file was released less than 1 week ago. High This file risk is high. SONAR Protection monitors for suspicious program activity on your computer. ____________________________ Source: External Media ____________________________ File Actions File: c:\programdata\microsoft\bingdesktop\bingcore\temp\ tmp438e.exe Restart Required File: c:\users\jame-did\appdata\roaming\ verison.dll No Action Required ____________________________ System Settings Actions Event: Process start (Performed by c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe, PID:6224) No action taken Event: PE file creation: c:\users\jame-did\appdata\roaming\ verison.dll (Performed by c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe, PID:6224) No action taken Event: Process start: c:\programdata\microsoft\bingdesktop\bingcore\temp\ tmp438e.exe, PID:6224 (Performed by c:\programdata\microsoft\bingdesktop\bingcore\temp\tmp438e.exe, PID:6224) No action taken ____________________________ File Thumbprint - SHA: Not available File Thumbprint - MD5: Not available ---- got this on my norton.. restarting system now.

thanks for your time and effort mr C

currently my mbam has expired its trial... so i have next to no way to identify if there is any illegal access attempt by explorer.exe... is there a way to get mbam to work again or do i have to pay? just asking.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014 Ran by Jame-DID at 2014-01-05 22:36:04 Run:1 Running from C:\Users\Jame-DID\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** FF Extension: Torntv - C:\Users\Jame-DID\AppData\Roaming\Mozilla\Firefox\Profiles\da2uayzw.default\Extensions\torntv@torntv.com.xpi CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ***************** C:\Users\Jame-DID\AppData\Roaming\Mozilla\Firefox\Profiles\da2uayzw.default\Extensions\torntv@torntv.com.xpi => Moved successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. ==== End of Fixlog ====

Addition.txt.. FRST.txt

ComboFix 14-01-04.03 - Jame-DID 05/01/2014 0:34.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8048.5218 [GMT 8:00] Running from: c:\users\Jame-DID\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-12-04 to 2014-01-04 ))))))))))))))))))))))))))))))) . . 2014-01-04 16:41 . 2014-01-04 16:41 -------- d-----w- c:\users\User\AppData\Local\temp 2014-01-04 16:41 . 2014-01-04 16:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-01-04 16:41 . 2014-01-04 16:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-01-04 16:41 . 2014-01-04 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-04 14:46 . 2014-01-04 16:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-01-04 03:31 . 2014-01-04 03:47 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2014-01-04 01:40 . 2014-01-04 14:46 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-01-04 01:38 . 2014-01-04 14:42 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-01-04 01:29 . 2014-01-04 01:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-01-04 01:29 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-01-04 01:22 . 2014-01-04 01:22 -------- d-----w- c:\users\Jame-DID\AppData\Local\SlimWare Utilities Inc 2014-01-04 01:22 . 2014-01-04 01:23 -------- d-----w- c:\program files (x86)\SlimCleaner 2014-01-03 07:55 . 2014-01-03 07:55 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\64be4de674fa430dcdf07a906dc83390\Baron Wittard Nemesis of Ragnarok.exe 2014-01-03 07:55 . 2014-01-03 07:55 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs 2014-01-01 07:39 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll 2013-12-30 18:10 . 2013-12-30 18:10 -------- d-----w- c:\users\Jame-DID\AppData\Local\Secunia PSI 2013-12-30 18:10 . 2013-12-30 18:10 -------- d-----w- c:\program files (x86)\Secunia 2013-12-26 15:08 . 2013-12-27 00:29 -------- d-----w- c:\program files\HitmanPro 2013-12-25 21:53 . 2013-12-25 21:54 -------- d-----w- C:\EEK 2013-12-25 17:19 . 2013-12-25 17:19 -------- d-----w- c:\program files (x86)\ESET 2013-12-25 15:17 . 2014-01-03 12:28 -------- d-----w- C:\AdwCleaner 2013-12-25 15:17 . 2013-12-27 07:36 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-12-25 14:47 . 2013-12-25 14:47 -------- d-----w- c:\windows\ERUNT 2013-12-25 05:05 . 2013-10-14 10:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-12-23 07:55 . 2014-01-02 08:06 80464 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak 2013-12-22 12:52 . 2013-12-22 14:09 -------- d-----w- c:\users\Jame-DID\AppData\Local\NPE 2013-12-22 10:29 . 2014-01-02 08:06 539240 ----a-w- c:\windows\system32\drivers\Rt64win7.sys.bak 2013-12-22 10:29 . 2014-01-02 08:06 76800 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak 2013-12-22 10:29 . 2014-01-02 08:06 11264 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak 2013-12-22 10:29 . 2014-01-02 08:06 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys.bak 2013-12-22 10:27 . 2014-01-02 08:06 6144 ----a-w- c:\windows\system32\drivers\null.sys.bak 2013-12-22 10:26 . 2014-01-02 08:05 73280 ----a-w- c:\windows\system32\drivers\disk.sys.bak 2013-12-21 07:22 . 2013-12-21 07:22 54525952 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\925fa06d74f0c54deced7c6b02c54b17\PlayOn.exe 2013-12-18 19:20 . 2013-12-18 19:20 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\81a174549aa2d3facf61c094cfb3556f\WMP x264 Codec Pack.exe 2013-12-18 12:03 . 2013-12-18 12:03 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f449b19bc205002970d1b8106fc3da95\Nancy Drew® Warnings at Waverly Academy.exe 2013-12-18 12:03 . 2013-12-18 12:03 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\d675cef9b589353937f9cbfbec8324a3\Plants vs. Zombies Garden Warfare.exe 2013-12-18 12:03 . 2013-12-18 12:03 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\c3b69b46fefc7953c21605640b724c5e\Supreme Commander 2.exe 2013-12-18 12:03 . 2013-12-18 12:03 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\509bac75a95a725a7a9e3c658e02ce87\Orcs Must Die! Game of Year.exe 2013-12-18 12:03 . 2013-12-18 12:03 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\49f6decc5801789d88d389c8477ad6e0\Landstalker Treasures of King Nole.exe 2013-12-17 15:04 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-12-17 15:04 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-12-17 15:01 . 2013-12-17 15:01 -------- d-----w- c:\users\Jame-DID\AppData\Local\NVIDIA Corporation 2013-12-17 12:22 . 2013-12-17 15:02 -------- d-----w- c:\users\Jame-DID\AppData\Local\NVIDIA 2013-12-17 12:20 . 2013-12-10 02:13 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll 2013-12-17 12:20 . 2013-12-10 02:13 1100248 ----a-w- c:\windows\system32\nvspcap64.dll 2013-12-17 12:17 . 2013-12-17 12:17 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-12-17 12:01 . 2013-12-17 12:01 -------- d-----w- C:\NVIDIA 2013-12-17 11:33 . 2013-12-17 11:33 -------- d-----w- c:\windows\Migration 2013-12-17 10:49 . 2013-12-17 10:49 -------- d-----w- C:\perflogs 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\e95e00b9db515764accfc53851080de4\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\e2b11ec650bfec66c607deb6234fcfb6\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\da07a60252b19406a4171aae6d7ce82c\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\b65008753be4a13dac39f086ff6fe9ac\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\a747c1c55e829b83a7376ead198c6170\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\91f43ac9b1d551eecbcfab32fe9a6f19\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\68c6a1d7ca186bc56adbbfe666b3e59d\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\4fae623556738383497582f9ec8c5183\WMP x264 Codec Pack.exe 2013-12-16 19:15 . 2013-12-16 19:15 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\43dc2737314b7a254e3b529390d909cf\WMP x264 Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f4a2919af8e71510269715fac287b456\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\c59122cb5cca9a340f0559551db10b14\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\7e478b35fd8ab88b9b6557dad942fcec\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\566a2f9537a48a0559f1eaad4d04805d\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\53c9457e22d3d998184f250db2165636\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\151a0a4b47228f5bbc12ea322eb66c88\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0cec43207b5cf9306973bf10981060e6\WMP xMPG Codec Pack.exe 2013-12-16 17:11 . 2013-12-16 17:11 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\0b045d42cc11f5bc3ee881b7c037e58c\WMP xMPG Codec Pack.exe 2013-12-16 14:27 . 2013-12-16 14:27 -------- d-----w- c:\users\Jame-DID\AppData\Roaming\TuneUp Software 2013-12-16 14:24 . 2013-12-16 14:33 -------- d-----w- c:\programdata\TuneUp Software 2013-12-16 14:23 . 2013-12-16 14:47 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-12-16 14:23 . 2013-12-16 14:23 -------- d--h--w- c:\programdata\Common Files 2013-12-15 16:21 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-12-15 16:21 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2013-12-15 16:21 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-15 16:21 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2013-12-15 16:21 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2013-12-15 16:00 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-12-15 16:00 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-12-15 16:00 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-12-15 16:00 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-12-15 16:00 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys 2013-12-15 16:00 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-12-15 16:00 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-12-15 16:00 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-12-15 16:00 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-12-15 16:00 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll 2013-12-15 16:00 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll 2013-12-15 16:00 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-12-15 15:56 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx 2013-12-15 15:56 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx 2013-12-15 15:56 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll 2013-12-15 15:56 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll 2013-12-15 15:56 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe 2013-12-15 15:56 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe 2013-12-15 15:56 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe 2013-12-15 15:56 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe 2013-12-15 15:55 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-12-15 15:55 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-12-15 15:55 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-12-15 15:55 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-12-15 15:55 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\cd9a9968c9e933a31acb6f7d36b433c7\Imperator FLA.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\69aefed44b70b86f0c27bfa323cadc9d\WebZIP.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\511df8a9bfbb91998d67fb0342941a12\OziExplorer.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\3478dbb296edb426667e08ca4567ad62\TransMac.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\2c95475391952a2771f0e4a0d3c0d199\Project64.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\2821b094fbb5558d31254ddb66d68a16\HDD Recovery Pro.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\2300f8baf0a986e2ab0fca3036eb32b1\Resolume Avenue.exe 2013-12-13 11:38 . 2013-12-13 11:38 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\000b7d6b94a8cc590bda28d596fe5ad5\SoftDisc.exe 2013-12-13 07:01 . 2013-12-13 07:01 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\f79a706cab3153bc10c3f2671e698d5c\WMP x264 Codec Pack.exe 2013-12-13 06:01 . 2013-12-13 06:01 12582912 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data\ff7e56f6c9af9feb44c1c665bcff5eb7\CD DVD Data Recovery.exe 2013-12-12 14:44 . 2013-12-12 14:44 2179072 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll 2013-12-11 00:43 . 2013-12-11 00:43 8699272 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-12-06 14:47 . 2013-12-06 14:47 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys 2013-12-06 11:36 . 2013-12-06 11:36 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-12-06 11:12 . 2013-12-06 11:12 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-12-06 11:12 . 2013-12-06 11:12 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-12-06 11:11 . 2013-09-27 03:18 1147480 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\SymEFA64.sys 2013-12-06 11:11 . 2013-09-26 03:28 590936 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\symnets.sys 2013-12-06 11:11 . 2013-09-10 02:47 23568 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\SymELAM.sys 2013-12-06 11:11 . 2013-09-10 02:47 493656 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\SymDS64.sys 2013-12-06 11:11 . 2013-09-10 01:49 36952 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\srtspx64.sys 2013-12-06 11:11 . 2013-09-27 02:45 264280 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.sys 2013-12-06 11:11 . 2013-09-27 02:26 858200 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\srtsp64.sys 2013-12-06 11:11 . 2013-09-26 02:50 162392 ----a-r- c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys 2013-12-06 11:11 . 2013-12-06 11:11 -------- d-----w- c:\program files (x86)\Norton Internet Security . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-11 00:43 . 2012-05-18 17:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-11 00:43 . 2012-01-17 14:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-01 06:42 . 2011-12-31 21:17 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-11-14 11:58 . 2013-09-04 18:37 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-11-14 11:58 . 2011-12-28 02:07 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-11-14 11:58 . 2013-09-04 18:35 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-11-11 15:02 . 2010-09-14 05:51 6674208 ----a-w- c:\windows\system32\nvcpl.dll 2013-11-11 15:02 . 2010-09-14 05:51 3490080 ----a-w- c:\windows\system32\nvsvc64.dll 2013-11-11 15:01 . 2010-09-14 05:51 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-11-11 15:01 . 2010-09-14 05:51 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-11-11 15:01 . 2010-09-14 05:51 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2013-11-11 15:01 . 2010-09-14 05:51 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-11-11 00:59 . 2013-11-11 00:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-10-15 17:20 . 2013-10-23 18:46 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{469F9ECA-B1C5-4BBB-9167-BEF14362C93A}\mpengine.dll 2013-10-07 23:50 . 2013-10-25 06:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MarbleStation"="c:\netmarbleglobal\MarbleStation\glbMSLauncher.exe" [2013-04-18 1009272] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656] "Facebook Update"="c:\users\Jame-DID\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-11 138096] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296] "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-10-11 336304] "WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392] . c:\users\Jame-DID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Canon IJ Status Monitor Canon MP620 series Printer.lnk - c:\windows\system32\rundll32.exe c:\users\Jame-DID\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP620 series Printer;cnmss Canon MP620 series Printer (Local).dll;Canon IJ Status Monitor Canon MP620 series Printer.lnk [2009-7-14 45568] Dropbox.lnk - c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\netmarbleglobal\GV Online Eg\GameGuard\dump_wmimmc.sys;c:\netmarbleglobal\GV Online Eg\GameGuard\dump_wmimmc.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x] S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMNETS.SYS [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [x] S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x] S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x] S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x] S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:43] . 2014-01-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3913088924-3103713586-431046286-1003Core.job - c:\users\Jame-DID\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-11 16:03] . 2014-01-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3913088924-3103713586-431046286-1003UA.job - c:\users\Jame-DID\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-11 16:03] . 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3913088924-3103713586-431046286-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 15:28] . 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3913088924-3103713586-431046286-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 15:28] . 2014-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3913088924-3103713586-431046286-1003Core.job - c:\users\Jame-DID\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 04:24] . 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3913088924-3103713586-431046286-1003UA.job - c:\users\Jame-DID\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 04:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays] @="{B82655E9-B81D-4A97-8154-0D84A4C048E4}" [HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}] 2013-12-12 14:44 2492416 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 164016 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 164016 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 164016 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 164016 ----a-w- c:\users\Jame-DID\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Jame-DID\AppData\Roaming\Mozilla\Firefox\Profiles\da2uayzw.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" "ImagePath"="\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3913088924-3103713586-431046286-1003\Software\SecuROM\License information*] "datasecu"=hex:b0,6d,bd,ae,a5,38,50,2b,d0,15,07,b8,55,36,7b,7e,6d,51,d6,e5,c5, b3,f7,84,95,17,4d,ae,a4,29,e2,28,bc,be,b4,68,d7,ce,bc,1e,b8,19,eb,d9,e2,c7,\ "rkeysecu"=hex:4a,8e,33,a3,2b,40,67,6f,d0,6f,bc,0b,68,a4,66,6e . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-05 00:43:56 ComboFix-quarantined-files.txt 2014-01-04 16:43 ComboFix2.txt 2014-01-04 16:23 . Pre-Run: 76,692,983,808 bytes free Post-Run: 76,614,430,720 bytes free . - - End Of File - - 2481C6704DF7DA9BA4426E0A23899A75

apologies, i mainly use chrome... don't really use IE and only sometimes use firefox.. mbam only says explorer.exe - its windows' operating 'desktop' thingy as a whole cos when i ctrl-alt-del to stop explorer.exe from running, i lose my desktop and can only see it if i do a "run" explorer.exe again/

so i don't have to run the mbar's fixdamage.exe as yet? its still reporting the stopping of explorer.exe from accessing malicious sites though :/ and the reboot after initial removal of the nvlm something .sys.bak file hung halfway a few times, prompting me to cold-reboot the system before it worked... am running an additional mbar scan now

Mbar scan logs: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16428 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 5110190080 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16428 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 4870885376 Downloaded database version: v2013.12.28.05Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 12/29/2013 00:45:09------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ.SYS\SystemRoot\system32\DRIVERS\tos_sps64.sys\SystemRoot\system32\DRIVERS\Thpevm.SYS\SystemRoot\system32\DRIVERS\thpdrv.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\NISx64\1501000.012\ccSetx64.sys\SystemRoot\system32\drivers\NISx64\1501000.012\Ironx64.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys\??\C:\EEK\RUN\a2ddax64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\risdpe64.sys\SystemRoot\system32\DRIVERS\rimspe64.sys\SystemRoot\system32\DRIVERS\rixdpe64.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\tosrfec.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\drivers\nvvad64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\system32\DRIVERS\rzdaendpt.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\rzudd.sys\SystemRoot\system32\DRIVERS\rzvkeyboard.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\??\C:\windows\system32\drivers\regi.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSP64.SYS\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131227.009\EX64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131227.009\ENG64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131227.001\IDSvia64.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\usp10.dll\Windows\System32\difxapi.dll\Windows\System32\lpk.dll\Windows\System32\msctf.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8009b6c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007afe050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8009b6c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009b6cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009b6c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009b6b060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\DevicePointer: 0xfffffa8007af92b0, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007afe050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesFile C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [Forged file]Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bakInfected: C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [unknown.Rootkit.Driver]Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 65B46DD5 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 950984704 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 954058752 Numsec = 22714368 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finishedCleaning up...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16428 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 6796017664 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16428 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 4696387584 Downloaded database version: v2013.12.28.07Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 12/29/2013 10:48:01------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ.SYS\SystemRoot\system32\DRIVERS\tos_sps64.sys\SystemRoot\system32\DRIVERS\Thpevm.SYS\SystemRoot\system32\DRIVERS\thpdrv.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\NISx64\1501000.012\ccSetx64.sys\SystemRoot\system32\drivers\NISx64\1501000.012\Ironx64.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131227.001\IDSvia64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys\??\C:\EEK\RUN\a2ddax64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\risdpe64.sys\SystemRoot\system32\DRIVERS\rimspe64.sys\SystemRoot\system32\DRIVERS\rixdpe64.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\tosrfec.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\drivers\nvvad64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\system32\DRIVERS\rzdaendpt.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\rzudd.sys\SystemRoot\system32\DRIVERS\rzvkeyboard.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\??\C:\windows\system32\drivers\regi.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\Drivers\usbaapl64.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WinUsb.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSP64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\EX64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\ENG64.SYS\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8009b4c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007adb050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8009b4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009b4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009b4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009b4b060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\DevicePointer: 0xfffffa8007ad6420, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007adb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesFile user open failed: C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak (0x00000570)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 65B46DD5 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 950984704 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 954058752 Numsec = 22714368 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_954058752_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16428 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 5841543168 Downloaded database version: v2013.12.28.07Downloaded database version: v2013.12.18.01Initializing...=======================================------------ Kernel report ------------ 12/29/2013 12:45:52------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ.SYS\SystemRoot\system32\DRIVERS\tos_sps64.sys\SystemRoot\system32\DRIVERS\Thpevm.SYS\SystemRoot\system32\DRIVERS\thpdrv.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\NISx64\1501000.012\ccSetx64.sys\SystemRoot\system32\drivers\NISx64\1501000.012\Ironx64.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys\??\C:\EEK\RUN\a2ddax64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\risdpe64.sys\SystemRoot\system32\DRIVERS\rimspe64.sys\SystemRoot\system32\DRIVERS\rixdpe64.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\tosrfec.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\drivers\nvvad64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\system32\DRIVERS\rzdaendpt.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\rzudd.sys\SystemRoot\system32\DRIVERS\rzvkeyboard.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\Drivers\usbaapl64.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\??\C:\windows\system32\drivers\regi.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131227.001\IDSvia64.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSP64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\EX64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\ENG64.SYS\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\rpcrt4.dll\Windows\System32\usp10.dll\Windows\System32\gdi32.dll\Windows\System32\imagehlp.dll\Windows\System32\user32.dll\Windows\System32\psapi.dll\Windows\System32\advapi32.dll\Windows\System32\normaliz.dll\Windows\System32\ws2_32.dll\Windows\System32\difxapi.dll\Windows\System32\setupapi.dll\Windows\System32\comdlg32.dll\Windows\System32\shlwapi.dll\Windows\System32\nsi.dll\Windows\System32\msctf.dll\Windows\System32\iertutil.dll\Windows\System32\imm32.dll\Windows\System32\Wldap32.dll\Windows\System32\urlmon.dll\Windows\System32\ole32.dll\Windows\System32\lpk.dll\Windows\System32\shell32.dll\Windows\System32\clbcatq.dll\Windows\System32\msvcrt.dll\Windows\System32\oleaut32.dll\Windows\System32\sechost.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8009b6b060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007afd050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8009b6b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009b6bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009b6b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009b6a060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\DevicePointer: 0xfffffa8006c0e950, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007afd050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 65B46DD5 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 950984704 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 954058752 Numsec = 22714368 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_954058752_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 6009569280 Downloaded database version: v2014.01.01.06Downloaded database version: v2013.12.18.01Initializing...=======================================------------ Kernel report ------------ 01/02/2014 08:59:44------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ.SYS\SystemRoot\system32\DRIVERS\tos_sps64.sys\SystemRoot\system32\DRIVERS\Thpevm.SYS\SystemRoot\system32\DRIVERS\thpdrv.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\risdpe64.sys\SystemRoot\system32\DRIVERS\rimspe64.sys\SystemRoot\system32\DRIVERS\rixdpe64.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\tosrfec.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\rzdaendpt.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\rzudd.sys\SystemRoot\system32\DRIVERS\rzvkeyboard.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\EEK\Run\cleanhlp64.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\wininet.dll\Windows\System32\comdlg32.dll\Windows\System32\msctf.dll\Windows\System32\psapi.dll\Windows\System32\ole32.dll\Windows\System32\user32.dll\Windows\System32\advapi32.dll\Windows\System32\msvcrt.dll\Windows\System32\kernel32.dll\Windows\System32\iertutil.dll\Windows\System32\nsi.dll\Windows\System32\lpk.dll\Windows\System32\shell32.dll\Windows\System32\oleaut32.dll\Windows\System32\difxapi.dll\Windows\System32\shlwapi.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\urlmon.dll\Windows\System32\setupapi.dll\Windows\System32\sechost.dll\Windows\System32\Wldap32.dll\Windows\System32\ws2_32.dll\Windows\System32\imagehlp.dll\Windows\System32\gdi32.dll\Windows\System32\clbcatq.dll\Windows\System32\rpcrt4.dll\Windows\System32\imm32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007da2060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007add050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007da2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007da2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007da2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8007da1060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\DevicePointer: 0xfffffa8006cabe40, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007add050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 65B46DD5 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 950984704 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 954058752 Numsec = 22714368 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_954058752_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 4552241152 Downloaded database version: v2014.01.03.07Downloaded database version: v2013.12.18.01Initializing...=======================================------------ Kernel report ------------ 01/04/2014 09:40:16------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ.SYS\SystemRoot\system32\DRIVERS\tos_sps64.sys\SystemRoot\system32\DRIVERS\Thpevm.SYS\SystemRoot\system32\DRIVERS\thpdrv.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\NISx64\1501000.012\ccSetx64.sys\SystemRoot\system32\drivers\NISx64\1501000.012\Ironx64.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140102.001\IDSvia64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys\??\C:\EEK\RUN\a2ddax64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\risdpe64.sys\SystemRoot\system32\DRIVERS\rimspe64.sys\SystemRoot\system32\DRIVERS\rixdpe64.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\tosrfec.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\drivers\nvvad64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\system32\DRIVERS\rzdaendpt.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\rzudd.sys\SystemRoot\system32\DRIVERS\rzvkeyboard.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\??\C:\windows\system32\drivers\regi.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSP64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140102.022\EX64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140102.022\ENG64.SYS\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\windows\system32\drivers\mbam.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\nsi.dll\Windows\System32\usp10.dll\Windows\System32\shlwapi.dll\Windows\System32\user32.dll\Windows\System32\msvcrt.dll\Windows\System32\difxapi.dll\Windows\System32\imagehlp.dll\Windows\System32\imm32.dll\Windows\System32\shell32.dll\Windows\System32\ws2_32.dll\Windows\System32\rpcrt4.dll\Windows\System32\comdlg32.dll\Windows\System32\lpk.dll\Windows\System32\normaliz.dll\Windows\System32\kernel32.dll\Windows\System32\sechost.dll\Windows\System32\wininet.dll\Windows\System32\psapi.dll\Windows\System32\msctf.dll\Windows\System32\oleaut32.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\gdi32.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\crypt32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8009b6b060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007afa050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8009b6b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009b6bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009b6b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009b6a060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\DevicePointer: 0xfffffa8006c73260, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007afa050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesFile C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [Forged file]Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bakInfected: C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak --> [unknown.Rootkit.Driver]Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 65B46DD5 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 950984704 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 954058752 Numsec = 22714368 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finishedCreating System Restore point...Cleaning up...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 6898081792 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 6674841600 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 5579255808 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.660000 GHzMemory total: 8439386112, free: 6202859520 Downloaded database version: v2014.01.04.04Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 01/04/2014 22:46:06------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ.SYS\SystemRoot\system32\DRIVERS\tos_sps64.sys\SystemRoot\system32\DRIVERS\Thpevm.SYS\SystemRoot\system32\DRIVERS\thpdrv.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\NISx64\1501000.012\ccSetx64.sys\SystemRoot\system32\drivers\NISx64\1501000.012\Ironx64.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SYMNETS.SYS\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140102.001\IDSvia64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys\??\C:\EEK\RUN\a2ddax64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\risdpe64.sys\SystemRoot\system32\DRIVERS\rimspe64.sys\SystemRoot\system32\DRIVERS\rixdpe64.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\tosrfec.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\drivers\nvvad64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\rzdaendpt.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\rzudd.sys\SystemRoot\system32\DRIVERS\rzvkeyboard.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\??\C:\windows\system32\drivers\regi.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSP64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140102.022\EX64.SYS\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140102.022\ENG64.SYS\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imm32.dll\Windows\System32\msvcrt.dll\Windows\System32\wininet.dll\Windows\System32\nsi.dll\Windows\System32\imagehlp.dll\Windows\System32\usp10.dll\Windows\System32\kernel32.dll\Windows\System32\ws2_32.dll\Windows\System32\user32.dll\Windows\System32\rpcrt4.dll\Windows\System32\urlmon.dll\Windows\System32\normaliz.dll\Windows\System32\ole32.dll\Windows\System32\lpk.dll\Windows\System32\iertutil.dll\Windows\System32\advapi32.dll\Windows\System32\difxapi.dll\Windows\System32\gdi32.dll\Windows\System32\msctf.dll\Windows\System32\Wldap32.dll\Windows\System32\shell32.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\psapi.dll\Windows\System32\sechost.dll\Windows\System32\comdlg32.dll\Windows\System32\shlwapi.dll\Windows\System32\oleaut32.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8009b6a060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007af9050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8009b6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009b6ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009b6a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009b69060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\DevicePointer: 0xfffffa8006c732d0, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007af9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 65B46DD5 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 950984704 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 954058752 Numsec = 22714368 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done! -------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.03.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Jame-DID :: USER-PC [administrator] 4/1/2014 09:40:21mbar-log-2014-01-04 (09-40-21).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 322125Time elapsed: 24 minute(s), 35 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot. Physical Sectors Detected: 0(No malicious items detected) (end)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.03.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Jame-DID :: USER-PC [administrator] Protection: Enabled 3/1/2014 21:53:57 mbam-log-2014-01-03 (21-53-57).txt Scan type: Full scan (C:\|D:\|H:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 685645 Time elapsed: 3 hour(s), 30 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) However, during the scan (and even now) i still kept getting reports of malwarebytes blocking explorer.exe from accessing potentially malicious sites on some outgoing ports?

# AdwCleaner v3.016 - Report created 03/01/2014 at 20:27:50# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Jame-DID - USER-PC# Running from : C:\Users\Jame-DID\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Jame-DID\AppData\Roaming\Mozilla\Firefox\Profiles\da2uayzw.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Jame-DID\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2277 octets] - [25/12/2013 23:18:01]AdwCleaner[R1].txt - [1107 octets] - [26/12/2013 00:54:09]AdwCleaner[R2].txt - [1227 octets] - [27/12/2013 15:39:53]AdwCleaner[R3].txt - [1348 octets] - [28/12/2013 08:24:26]AdwCleaner[R4].txt - [1468 octets] - [02/01/2014 16:14:26]AdwCleaner[R5].txt - [1588 octets] - [03/01/2014 09:16:47]AdwCleaner[s0].txt - [2285 octets] - [25/12/2013 23:23:14]AdwCleaner[s1].txt - [1169 octets] - [26/12/2013 00:56:51]AdwCleaner[s2].txt - [1289 octets] - [27/12/2013 15:42:31]AdwCleaner[s3].txt - [1409 octets] - [28/12/2013 08:53:57]AdwCleaner[s4].txt - [1529 octets] - [02/01/2014 16:16:23]AdwCleaner[s5].txt - [1509 octets] - [03/01/2014 20:27:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1569 octets] ########## commencing full malwarebytes scan shortly..