1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Department of Justice / Windows security pro

Discussion in 'Malware and Virus Removal Archive' started by adrenalinesaint, 2013/08/21.

Page 1 of 3
  1. 2013/08/21
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    [Resolved] Department of Justice / Windows security pro

    Must of clicked on the wrong link/picture/article ect.
    My work computer is now infected.
    I googled my problem and ran a few different suggestions but to no avail.
    Need some help, actually I need flat out rescued :-(

    You guys bailed me about 3 years ago and also my father I know you can fix me and that your time is valuable, hence trying to fix it myself before taking up your time.
     
    adrenalinesaint,
    #1
  2. 2013/08/21
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2013/08/21
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.21.04

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    #2 :: 2-HP [administrator]

    8/21/2013 10:38:36 AM
    mbam-log-2013-08-21 (10-38-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218711
    Time elapsed: 3 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\*etadpug (Trojan.Zaccess) -> Delete on reboot.

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.Packed.HP) -> Data: C:\Users\#2\AppData\Roaming\isprotection.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Zaccess) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\#2\AppData\Roaming\isprotection.exe (Trojan.Packed.HP) -> Quarantined and deleted successfully.
    C:\Users\#2\AppData\Local\Temp\2BF2.tmp (Trojan.Packed.HP) -> Quarantined and deleted successfully.

    (end)
     
    adrenalinesaint,
    #3
  5. 2013/08/21
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by #2 at 10:49:26 on 2013-08-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.2279 [GMT -4:00]
    .
    AV: McAfee VirusScan Enterprise *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130711111316.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [rkrdr] "C:\Windows\System32\rundll32.exe" "C:\Users\#2\AppData\Roaming\rkrdr.dll ",get_cHRM
    uRunOnce: [TopArcadeHits396] cmd.exe /c rmdir "C:\Users\#2\AppData\Local\TopArcadeHits" /s /q
    uRunOnce: [TopArcadeHits256] cmd.exe /c reg delete HKCU\Software\AppDataLow\Software\toparcadehitsconfig /f
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll ",ProcessCleanupScript
    dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NWepo.lnk - C:\Program Files (x86)\Network Associates\NWePO.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    Trusted Zone: agencyanywhere.agency.ni.nwie.net
    Trusted Zone: agencyanywhere.agency.ni.nwie.net
    Trusted Zone: skilldialogue.com
    Trusted Zone: skilldialogue.com
    Trusted Zone: skillport.com
    Trusted Zone: skillport.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nationwidenh.webex.com/client/T26L10NSP49EP9/webex/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.254.254
    TCP: Interfaces\{BEFCD235-CB09-49C0-B8BF-01DA28D15903} : DHCPNameServer = 192.168.254.254
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mWinlogon: Userinit = userinit.exe,
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130711111316.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SmartMenu] D
    x64-Run: [lxbkbmgr.exe] "C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe "
    x64-Run: [McAfee Host Intrusion Prevention Tray] \FIRETRAY.EXE "
    x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-2 75904]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-2 38016]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-8-28 665768]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-8-28 303464]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-20 45856]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-16 75672]
    R1 NEOFLTR_720_21697;Juniper Networks TDI Filter Driver (NEOFLTR_720_21697);C:\Windows\System32\drivers\NEOFLTR_720_21697.SYS [2012-11-27 100728]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-8-28 208272]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-28 170440]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-28 481504]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-2 349800]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-2 38456]
    S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-6-29 91864]
    S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-8-19 574272]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-2 203264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2011-9-12 641336]
    S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    S2 lxbk_device;lxbk_device;C:\Windows\System32\lxbkcoms.exe -service --> C:\Windows\System32\lxbkcoms.exe -service [?]
    S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
    S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]
    S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8-28 201864]
    S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2011-9-14 209760]
    S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-2 1119768]
    S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S3 FireNfcp;McAfee Inc. FireNfcp;C:\Windows\System32\drivers\FireNfcp.sys [2012-8-28 48840]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-8-28 195024]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-8-21 32000]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-28 274880]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-7-11 101200]
    S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-17 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-08-21 14:37:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-08-21 14:37:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-08-21 13:45:38 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
    2013-08-21 13:10:56 -------- d-----w- C:\ProgramData\HitmanPro
    2013-08-20 21:11:34 83762 ----a-w- C:\ProgramData\1377033014.bdinstall.bin
    2013-08-20 21:08:41 -------- d-----w- C:\Program Files\Common Files\Defender Pro
    2013-08-20 21:08:40 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
    2013-08-20 21:07:35 -------- d-----w- C:\Users\#2\AppData\Local\TopArcadeHits
    2013-08-20 21:06:54 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-08-20 21:05:20 -------- d--h--w- C:\ProgramData\Common Files
    2013-08-20 19:42:53 0 ----a-w- C:\Users\#2\vlcplayer.exe
    2013-08-20 19:42:53 0 ----a-w- C:\Users\#2\msconfig.exe
    2013-08-19 13:56:34 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    2013-08-01 15:00:27 -------- d-----w- C:\ProgramData\IObit
    2013-08-01 15:00:10 -------- d-----w- C:\Users\#2\AppData\Roaming\IObit
    2013-08-01 15:00:09 -------- d-----w- C:\Program Files (x86)\IObit
    .
    ==================== Find3M ====================
    .
    2013-07-11 15:12:41 99352 ----a-w- C:\Windows\System32\MfeOtlkAddin.dll
    2013-07-11 15:12:41 303464 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2013-07-11 15:12:41 170440 ----a-w- C:\Windows\System32\mfevtps.exe
    2013-07-11 15:12:41 101200 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2013-07-11 15:12:40 665768 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2013-07-11 15:12:40 274880 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2013-07-11 15:12:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2013-07-11 15:12:39 160952 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2013-07-11 15:12:36 75656 ----a-w- C:\Windows\SysWow64\MfeOtlkAddin.dll
    2013-07-11 15:12:36 23112 ----a-w- C:\Windows\SysWow64\MFEOtlk.dll
    2013-07-08 18:25:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-08 18:25:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 15:19:08 8610696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    .
    ============= FINISH: 10:50:54.02 ===============
     
    adrenalinesaint,
    #4
  6. 2013/08/21
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/13/2011 9:39:17 AM
    System Uptime: 8/21/2013 10:46:46 AM (0 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 402.518 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.576 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP474: 6/13/2013 12:00:03 AM - Scheduled Checkpoint
    RP475: 6/20/2013 5:25:53 PM - Scheduled Checkpoint
    RP476: 6/27/2013 5:36:57 PM - Scheduled Checkpoint
    RP477: 7/8/2013 9:55:50 AM - Scheduled Checkpoint
    RP478: 7/16/2013 5:41:46 PM - Scheduled Checkpoint
    RP479: 7/25/2013 5:25:39 PM - Scheduled Checkpoint
    RP480: 8/1/2013 5:36:13 PM - Scheduled Checkpoint
    RP481: 8/13/2013 5:38:08 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    Adobe Shockwave Player 11.6
    Advanced SystemCare 6
    Agatha Christie - Peril at End House
    Applet
    ATI Catalyst Install Manager
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chinese Simplified Fonts Support For Adobe Reader X
    Chuzzle Deluxe
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    CyberLink DVD Suite Deluxe
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    Farm Frenzy
    FATE
    Final Drive Nitro
    Google Earth
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Odometer
    HP Setup
    HP Setup Manager
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    Hulu Desktop
    Java(TM) 6 Update 31
    Jewel Quest Solitaire 2
    JNLP
    Juniper Networks Host Checker
    Juniper Networks Secure Application Manager
    Juniper Networks, Inc. Setup Client
    Juniper Networks, Inc. Setup Client 64-bit Activex Control
    Junk Mail filter update
    Kobo
    LabelPrint
    Lexmark X1100 Series
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Agent
    McAfee Host Intrusion Prevention
    McAfee SiteAdvisor Enterprise Plus
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    NOOK for PC
    Online Plug-in
    Paint.NET v3.5.10
    PDF Complete Special Edition
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    Realtek High Definition Audio Driver
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Spybot - Search & Destroy
    swMSM
    System Information Reporter
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    WebEx
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/21/2013 9:45:52 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/21/2013 9:45:44 AM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache mfehidk mfenlfk NEOFLTR_720_21697 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 9:13:17 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 9:13:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2013 9:13:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2013 9:13:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2013 9:13:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/21/2013 10:47:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/21/2013 10:47:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/21/2013 10:47:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/21/2013 10:47:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/21/2013 10:47:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr Wanarpv6
    8/21/2013 10:47:07 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/21/2013 10:47:07 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    8/21/2013 10:47:06 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/21/2013 10:47:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/20/2013 8:52:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    8/20/2013 4:41:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/20/2013 4:41:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/20/2013 4:41:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/20/2013 4:05:35 PM, Error: Service Control Manager [7030] - The Task Scheduler service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/20/2013 3:47:39 PM, Error: Service Control Manager [7000] - The UrlFilter service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    8/19/2013 9:56:34 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
    adrenalinesaint,
    #5
  7. 2013/08/21
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    let me know if i missed anything and thank you again so much
     
    adrenalinesaint,
    #6
  8. 2013/08/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #7
  9. 2013/08/22
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : #2 [Admin rights]
    Mode : Remove -- Date : 08/22/2013 09:10:52
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" < [x] -> STOPPED

    ¤¤¤ Registry Entries : 19 ¤¤¤
    [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ( "C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" >) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : rkrdr ( "C:\Windows\System32\rundll32.exe" "C:\Users\#2\AppData\Roaming\rkrdr.dll ",get_cHRM [7][x][x]) -> DELETED
    [RUN][ZeroAccess] HKUS\S-1-5-21-242976623-2615718514-4156711866-1000\[...]\Run : Google Update ( "C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
    [RUN][SUSP PATH] HKUS\S-1-5-21-242976623-2615718514-4156711866-1000\[...]\Run : rkrdr ( "C:\Windows\System32\rundll32.exe" "C:\Users\#2\AppData\Roaming\rkrdr.dll ",get_cHRM [7][x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : TopArcadeHits396 (cmd.exe /c rmdir "C:\Users\#2\AppData\Local\TopArcadeHits" /s /q [x][-]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-242976623-2615718514-4156711866-1000\[...]\RunOnce : TopArcadeHits396 (cmd.exe /c rmdir "C:\Users\#2\AppData\Local\TopArcadeHits" /s /q [x][-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll ",ProcessCleanupScript [x][7][x]) -> DELETED
    [SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ( "C:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" < [x]) -> DELETED
    [SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ( "C:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" < [x]) -> DELETED
    [SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ( "C:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" < [x]) -> [0x57] The parameter is incorrect.
    [SERVICE][ZeroAccess] HKLM\[...]\CS003\[...]\Services : ???etadpug ( "C:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\GoogleUpdate.exe" < [x]) -> DELETED
    [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified.
    [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified.
    [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified.
    [HID SVC][Hidden from API] HKLM\[...]\CS003\[...]\Services : . e () -> [0x3] The system cannot find the path specified.

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][Folder] Install : C:\Users\#2\AppData\Local\Google\Desktop\Install [-] --> DELETED
    [ZeroAccess][File] @ : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\@ [-] --> DELETED
    [ZeroAccess][Folder] L : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\L [-] --> DELETED
    [ZeroAccess][Folder] U : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\U [-] --> DELETED
    [ZeroAccess][Folder] {80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} [-] --> DELETED
    [ZeroAccess][Folder] ???ﯹ๛ : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
    [ZeroAccess][Folder] ?��?��?�� : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?��\?��?��?�� [-] --> DELETED
    [ZeroAccess][Folder] ?��?��?�� : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\?��?��?�� [-] --> DELETED
    [ZeroAccess][Folder] {80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} : C:\Users\#2\AppData\Local\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} [-] --> DELETED

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST350041 8AS SATA Disk Device +++++
    --- User ---
    [MBR] e7db6b7f7da521866bded43253a291a3
    [BSP] 00ef47d4ce3ae26e563ebb1d5b5b6e4d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 463696 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949856256 | Size: 13142 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 6ffeaa811fe53ab53a8b72c2b72d0835
    [BSP] 7457fc4d2ac6adfbf254db7ba56e69f0 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

    Finished : << RKreport[0]_D_08222013_091052.txt >>
    RKreport[0]_S_08222013_090932.txt
     
    adrenalinesaint,
    #8
  10. 2013/08/22
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    After running Roguekiller I am hesitant to continue...
    System Protection does not seem to be selectible on my computer, I have looked at all suggested ways for creating a system restore point and it simply does not allow it.

    It is not availible under System Restore, nor is System Protection a selectible option whether I am in computer properties or advanced system settings...
     
    adrenalinesaint,
    #9
  11. 2013/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your system is seriously infected.
    RogueKiller removed some ZeroAccess rootkit items.


    I strongly suggest you continue with MBAR.

    Do NOT attempt using system restore.
    System restore will NOT fix any serious infections.
     
    broni,
    #10
  12. 2013/08/23
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005
    www.malwarebytes.org

    Database version: v2013.08.23.02

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    #2 :: 2-HP [administrator]

    8/23/2013 9:12:02 AM
    mbar-log-2013-08-23 (09-12-02).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 237316
    Time elapsed: 8 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 13
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\U (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\U (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\L (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36 (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36 (Trojan.Siredef.C) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u (Trojan.0Access) -> Delete on reboot.
    c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} (Trojan.0Access) -> Delete on reboot.

    Files Detected: 16
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\@ (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\@ (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\6715e287 (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\@ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\00000004.@ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\201d3dde (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\6715e287 (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\76603ac3 (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\00000001.@ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\00000002.@ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\80000000.@ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\80000001.@ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\800000cb.@ (Trojan.0Access) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
    adrenalinesaint,
    #11
  13. 2013/08/23
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2281127936

    Downloaded database version: v2013.08.23.02
    Initializing...
    ------------ Kernel report ------------
    08/23/2013 09:11:58
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\mfenlfk.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\iertutil.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msctf.dll
    \Windows\System32\ole32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80022ab060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa80022ac750
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8002982060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa8002968060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8002982060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002982ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002982060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800296ea50, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8002968060, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa80022ab060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002dc39c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80022ab060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002dc3040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa80022ac750, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\U --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\U --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\00000004.@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\201d3dde --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\6715e287 --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\76603ac3 --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\L --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36 --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36 --> [Trojan.Siredef.C]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\00000004.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\201d3dde --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\6715e287 --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\76603ac3 --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\00000001.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\00000002.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\80000000.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\80000001.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\800000cb.@ --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
     
    adrenalinesaint,
    #12
  14. 2013/08/23
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    The reports I posted were from the first scan using the tool.
    I have ran the scan seven times total and the last five times have the same 3 things to remove.
    So I am posting the last scan after directly after this post.
    Let me know what you think.
    I am very thankful for your time and willingness to share your experience.
     
    adrenalinesaint,
    #13
  15. 2013/08/23
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005
    www.malwarebytes.org

    Database version: v2013.08.23.02

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    #2 :: 2-HP [administrator]

    8/23/2013 10:30:20 AM
    mbar-log-2013-08-23 (10-30-20).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 237035
    Time elapsed: 8 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 3
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ (Trojan.0Access) -> Delete on reboot.
    c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... (Trojan.0Access) -> Delete on reboot.
    c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} (Trojan.0Access) -> Delete on reboot.

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
    adrenalinesaint,
    #14
  16. 2013/08/23
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2281127936

    Downloaded database version: v2013.08.23.02
    Initializing...
    ------------ Kernel report ------------
    08/23/2013 09:11:58
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\mfenlfk.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\iertutil.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\msctf.dll
    \Windows\System32\ole32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80022ab060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa80022ac750
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8002982060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa8002968060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8002982060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002982ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002982060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800296ea50, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8002968060, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa80022ab060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002dc39c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80022ab060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002dc3040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa80022ac750, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\U --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\U --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\00000004.@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\201d3dde --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\6715e287 --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36\L\76603ac3 --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36\L --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$80cee34612d4f5c1e08fc1b4f7f8ad36 --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-242976623-2615718514-4156711866-1000\$80cee34612d4f5c1e08fc1b4f7f8ad36 --> [Trojan.Siredef.C]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\00000004.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\201d3dde --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\6715e287 --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\l\76603ac3 --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\00000001.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\00000002.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\80000000.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\80000001.@ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\u\800000cb.@ --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2461560832

    Initializing...
    ------------ Kernel report ------------
    08/23/2013 09:28:51
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\mfenlfk.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\wininet.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\msctf.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\nsi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\sechost.dll
    \Windows\System32\psapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\ole32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8002dde790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa8002dc98f0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80029843e0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa800296b060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80029843e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002985040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80029843e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002971040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa800296b060, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa8002dde790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002dddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002dde790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002dde040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8002dc98f0, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \...\*ﯹ๛ --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2505633792

    Initializing...
    ------------ Kernel report ------------
    08/23/2013 09:41:27
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\mfenlfk.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\psapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\nsi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shell32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\user32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8003813790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa8002dd3b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8002986060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa800296c9c0
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8002986060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002985510, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002986060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80029722a0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa800296c9c0, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa8003813790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002dd5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8003813790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002dd2bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8002dd3b60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2504646656

    Initializing...
    ------------ Kernel report ------------
    08/23/2013 09:53:53
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\mfenlfk.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\sechost.dll
    \Windows\System32\msctf.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\lpk.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\user32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800380b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa8002dc4b60
    Lower Device Driver Name: \Driver\USBSTOR\
     
    adrenalinesaint,
    #15
  17. 2013/08/23
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8002989060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa800296f9c0
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8002989060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002989ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002989060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002975310, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa800296f9c0, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800380b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800380bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800380b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002dc5bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8002dc4b60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2503974912

    Initializing...
    ------------ Kernel report ------------
    08/23/2013 10:06:38
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \??\C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\mfenlfk.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msvcrt.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\ole32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\sechost.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\nsi.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\user32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\psapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8002dc5060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa8002dc6b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8002986060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa800296c060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8002986060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002986ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002986060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002972ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa800296c060, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa8002dc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002dc8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8002dc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002dc8040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8002dc6b60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2544930816

    Initializing...
    ------------ Kernel report ------------
    08/23/2013 10:17:45
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\ws2_32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\user32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\imm32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\ole32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\difxapi.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800309d790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000074\
    Lower Device Object: 0xfffffa8003098060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800294b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa8002815320
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800294b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800294bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800294b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800293a040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8002815320, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800309d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800309f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800309d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800309d040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8003098060, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 2952040448, free: 2546712576

    Initializing...
    ------------ Kernel report ------------
    08/23/2013 10:30:15
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\usbohci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\imagehlp.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\lpk.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80030a2060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000074\
    Lower Device Object: 0xfffffa80030a1790
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80029483f0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xfffffa8002931060
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80029483f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8002949040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80029483f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002937040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8002931060, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1219ACE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 949649408

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 949856256 Numsec = 26914816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa80030a2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80030a2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80030a2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800309abf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa80030a1790, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ --> [Trojan.0Access]
    Infected: c:\program files (x86)\google\desktop\install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}\ \... --> [Trojan.0Access]
    Infected: c:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
     
    adrenalinesaint,
    #16
  18. 2013/08/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're infected with the newest ZeroAccess version so we need to use another tool to remove what's still there.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
    broni,
    #17
  19. 2013/08/26
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
    Ran by #2 (administrator) on 26-08-2013 09:34:40
    Running from C:\Users\#2\Desktop\ransomware
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Safe Mode (with Networking)

    ==================== Processes (Whitelisted) =================

    (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] - D [x]
    HKLM\...\Run: [lxbkbmgr.exe] - C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
    HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - \FIRETRAY.EXE" [x]
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
    HKLM-x32\...\RunOnce: [ (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll ",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1563448 2013-08-07] (Malwarebytes Corporation)
    HKCU\...\Runonce: [TopArcadeHits256] - cmd.exe /c reg delete HKCU\Software\AppDataLow\Software\toparcadehitsconfig /f [x]
    HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
    HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NWepo.lnk
    ShortcutTarget: NWepo.lnk -> C:\Program Files (x86)\Network Associates\NWePO.exe ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.windowsbbs.com/malware-v...-justice-windows-security-pro.html#post611765
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130711111316.dll (McAfee, Inc.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130711111316.dll (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nationwidenh.webex.com/client/T26L10NSP49EP9/webex/ieatgpc1.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll "
    Winsock: Catalog5 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll "
    Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll "
    Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll "
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

    ==================== Services (Whitelisted) =================

    S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
    S2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
    S2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
    S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [324928 2011-05-12] (McAfee, Inc.)
    S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
    S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-07-11] (McAfee, Inc.)
    S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-07-11] (McAfee, Inc.)
    S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-20] (AVG Technologies)
    S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-07] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-08-21] ()
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-23] ()
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-23] ()
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-07-11] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-07-11] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-07-11] (McAfee, Inc.)
    R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-07-11] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-07-11] (McAfee, Inc.)
    R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
    R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
    S1 A2DDA; \??\C:\Users\#2\Desktop\ransomware\Run\a2ddax64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-08-23 09:11 - 2013-08-23 10:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-08-23 09:10 - 2013-08-23 09:10 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
    2013-08-22 09:10 - 2013-08-22 09:10 - 00006885 _____ C:\Users\#2\Desktop\RKreport[0]_D_08222013_091052.txt
    2013-08-22 09:09 - 2013-08-22 09:09 - 00004949 _____ C:\Users\#2\Desktop\RKreport[0]_S_08222013_090932.txt
    2013-08-22 09:08 - 2013-08-22 09:15 - 00000000 ____D C:\Users\#2\Desktop\RK_Quarantine
    2013-08-21 10:51 - 2013-08-21 10:51 - 00014519 _____ C:\Users\#2\Desktop\attach.txt
    2013-08-21 10:51 - 2013-08-21 10:50 - 00017832 _____ C:\Users\#2\Desktop\dds.txt
    2013-08-21 10:37 - 2013-08-21 10:37 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-08-21 10:37 - 2013-08-21 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-08-21 10:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-08-21 10:29 - 2013-08-23 10:41 - 00017532 _____ C:\Windows\PFRO.log
    2013-08-21 09:45 - 2013-08-21 09:45 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2013-08-21 09:44 - 2013-08-21 09:44 - 00001972 _____ C:\Windows\system32\.crusader
    2013-08-21 09:10 - 2013-08-21 09:44 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-08-20 17:11 - 2013-08-20 17:11 - 00083762 _____ C:\ProgramData\1377033014.bdinstall.bin
    2013-08-20 17:08 - 2013-08-20 17:08 - 00000000 ____D C:\Program Files\Common Files\Defender Pro
    2013-08-20 17:07 - 2013-08-21 09:44 - 00000000 ____D C:\Users\#2\AppData\Local\TopArcadeHits
    2013-08-20 17:07 - 2013-08-20 17:08 - 02458223 _____ C:\Users\#2\Downloads\defender_pro_ultimate.exe
    2013-08-20 17:06 - 2013-08-20 17:06 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2013-08-20 16:54 - 2013-08-21 09:45 - 00000168 _____ C:\Windows\setupact.log
    2013-08-20 16:54 - 2013-08-20 16:54 - 00000000 _____ C:\Windows\setuperr.log
    2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 _____ C:\Users\#2\vlcplayer.exe
    2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 _____ C:\Users\#2\msconfig.exe
    2013-08-19 09:56 - 2013-08-19 09:56 - 00001190 _____ C:\Users\#2\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
    2013-08-19 09:56 - 2013-08-19 09:56 - 00001151 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
    2013-08-19 09:56 - 2013-08-19 09:56 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    2013-08-01 11:00 - 2013-08-21 10:28 - 00000000 ____D C:\Program Files (x86)\IObit
    2013-08-01 11:00 - 2013-08-21 10:25 - 00000000 ____D C:\Users\#2\AppData\Roaming\IObit
    2013-08-01 11:00 - 2013-08-21 09:16 - 00000000 ____D C:\ProgramData\IObit
    2013-08-01 10:37 - 2013-08-01 10:37 - 00000821 _____ C:\AdwCleaner[R2].txt
    2013-07-30 09:02 - 2013-07-30 09:02 - 00002214 _____ C:\Users\Public\Desktop\Google Earth.lnk

    ==================== One Month Modified Files and Folders =======

    2013-08-26 09:34 - 2013-08-26 09:34 - 00000000 ____D C:\FRST
    2013-08-26 09:34 - 2012-10-03 11:09 - 00000000 ____D C:\Users\#2\Desktop\ransomware
    2013-08-23 10:46 - 2009-07-14 01:13 - 00727136 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-08-23 10:41 - 2013-08-21 10:29 - 00017532 _____ C:\Windows\PFRO.log
    2013-08-23 10:40 - 2013-08-23 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-08-23 09:10 - 2013-08-23 09:10 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
    2013-08-22 09:31 - 2011-06-07 15:07 - 00000000 ____D C:\Users\#2\AppData\Local\CrashDumps
    2013-08-22 09:19 - 2011-03-02 15:37 - 01293335 _____ C:\Windows\WindowsUpdate.log
    2013-08-22 09:15 - 2013-08-22 09:08 - 00000000 ____D C:\Users\#2\Desktop\RK_Quarantine
    2013-08-22 09:10 - 2013-08-22 09:10 - 00006885 _____ C:\Users\#2\Desktop\RKreport[0]_D_08222013_091052.txt
    2013-08-22 09:09 - 2013-08-22 09:09 - 00004949 _____ C:\Users\#2\Desktop\RKreport[0]_S_08222013_090932.txt
    2013-08-21 10:51 - 2013-08-21 10:51 - 00014519 _____ C:\Users\#2\Desktop\attach.txt
    2013-08-21 10:50 - 2013-08-21 10:51 - 00017832 _____ C:\Users\#2\Desktop\dds.txt
    2013-08-21 10:37 - 2013-08-21 10:37 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-08-21 10:37 - 2013-08-21 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-08-21 10:28 - 2013-08-01 11:00 - 00000000 ____D C:\Program Files (x86)\IObit
    2013-08-21 10:25 - 2013-08-01 11:00 - 00000000 ____D C:\Users\#2\AppData\Roaming\IObit
    2013-08-21 09:46 - 2011-05-26 09:18 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-08-21 09:45 - 2013-08-21 09:45 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
    2013-08-21 09:45 - 2013-08-20 16:54 - 00000168 _____ C:\Windows\setupact.log
    2013-08-21 09:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-08-21 09:44 - 2013-08-21 09:44 - 00001972 _____ C:\Windows\system32\.crusader
    2013-08-21 09:44 - 2013-08-21 09:10 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-08-21 09:44 - 2013-08-20 17:07 - 00000000 ____D C:\Users\#2\AppData\Local\TopArcadeHits
    2013-08-21 09:44 - 2011-05-13 09:39 - 00000000 ____D C:\Users\#2
    2013-08-21 09:19 - 2012-05-22 09:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-08-21 09:16 - 2013-08-01 11:00 - 00000000 ____D C:\ProgramData\IObit
    2013-08-21 09:16 - 2011-05-13 10:10 - 00000000 ____D C:\Users\#2\AppData\Roaming\ICAClient
    2013-08-21 09:16 - 2011-05-13 09:45 - 00000000 ___RD C:\Users\#2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2013-08-21 09:16 - 2011-03-02 15:58 - 00000000 ____D C:\ProgramData\RoxioNow
    2013-08-21 09:16 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-08-21 09:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
    2013-08-21 09:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
    2013-08-20 17:11 - 2013-08-20 17:11 - 00083762 _____ C:\ProgramData\1377033014.bdinstall.bin
    2013-08-20 17:08 - 2013-08-20 17:08 - 00000000 ____D C:\Program Files\Common Files\Defender Pro
    2013-08-20 17:08 - 2013-08-20 17:07 - 02458223 _____ C:\Users\#2\Downloads\defender_pro_ultimate.exe
    2013-08-20 17:06 - 2013-08-20 17:06 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2013-08-20 17:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
    2013-08-20 16:54 - 2013-08-20 16:54 - 00000000 _____ C:\Windows\setuperr.log
    2013-08-20 16:47 - 2011-07-18 09:03 - 00000000 ____D C:\Windows\Minidump
    2013-08-20 16:47 - 2011-05-13 10:57 - 00000000 ____D C:\Users\#2\Desktop\desktop docs
    2013-08-20 15:48 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-08-20 15:48 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-08-20 15:43 - 2011-05-13 11:02 - 00000000 ____D C:\Users\#2\AppData\Roaming\SoftGrid Client
    2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 _____ C:\Users\#2\vlcplayer.exe
    2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 _____ C:\Users\#2\msconfig.exe
    2013-08-20 15:14 - 2011-05-26 09:18 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-08-20 09:28 - 2011-09-26 10:14 - 00000000 ____D C:\Quarantine
    2013-08-20 08:57 - 2013-05-06 09:01 - 00003368 _____ C:\Windows\System32\Tasks\IE10
    2013-08-19 09:56 - 2013-08-19 09:56 - 00001190 _____ C:\Users\#2\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
    2013-08-19 09:56 - 2013-08-19 09:56 - 00001151 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
    2013-08-19 09:56 - 2013-08-19 09:56 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    2013-08-19 09:56 - 2012-08-27 13:44 - 00000000 ____D C:\Users\#2\AppData\Roaming\Apple Computer
    2013-08-16 11:04 - 2011-06-29 10:39 - 00000000 ____D C:\Users\#2\AppData\Local\Paint.NET
    2013-08-15 10:05 - 2011-03-02 15:58 - 00000000 ____D C:\ProgramData\PDFC
    2013-08-13 15:04 - 2011-08-12 09:09 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor2-HP$
    2013-08-13 15:04 - 2011-08-12 09:09 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleFor2-HP$.job
    2013-08-13 09:22 - 2012-01-08 04:02 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor#2
    2013-08-13 09:22 - 2012-01-08 04:02 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleFor#2.job
    2013-08-01 10:37 - 2013-08-01 10:37 - 00000821 _____ C:\AdwCleaner[R2].txt
    2013-07-31 16:01 - 2011-05-26 09:17 - 00000000 ____D C:\Users\#2\AppData\Local\Google
    2013-07-31 16:01 - 2011-05-26 09:17 - 00000000 ____D C:\Program Files (x86)\Google
    2013-07-31 10:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-07-30 09:02 - 2013-07-30 09:02 - 00002214 _____ C:\Users\Public\Desktop\Google Earth.lnk

    Files to move or delete:
    ====================
    ZeroAccess:
    C:\Program Files (x86)\Google\Desktop\Install\{80cee346-12d4-f5c1-e08f-c1b4f7f8ad36}
    C:\Users\#2\msconfig.exe
    C:\Users\#2\vlcplayer.exe
    C:\Users\#2\AppData\Local\Temp\HitmanPro.exe
    C:\Users\#2\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\#2\AppData\Local\Temp\oi_{6CAA10BF-D25E-41DE-9BA4-AD76AD18FB2E}.exe
    C:\Users\#2\AppData\Local\Temp\rtdrvmon.exe
    C:\Users\#2\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\#2\AppData\Local\Temp\is-Q960N.tmp\UninstallPromote.exe
    C:\Users\#2\AppData\Local\Temp\is-Q960N.tmp\_isetup\_shfoldr.dll
    C:\Users\#2\AppData\Local\Temp\is-N1RER.tmp\UninstallPromote.exe
    C:\Users\#2\AppData\Local\Temp\is-N1RER.tmp\_isetup\_shfoldr.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\avg-secure-search-installer.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ProgFiles\AVG SafeGuard toolbar\lip.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ProgFiles\AVG SafeGuard toolbar\vprot.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ProgFiles\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ConfigFiles\avguidx.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\ConfigFiles\MachineIdCreator.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\helper.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\log4cplusU.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\loggingserver.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
    C:\Users\#2\AppData\Local\Temp\avg_a01080\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\avg-secure-search-installer.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ProgFiles\AVG SafeGuard toolbar\lip.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ProgFiles\AVG SafeGuard toolbar\vprot.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ConfigFiles\avguidx.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\ConfigFiles\MachineIdCreator.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
    C:\Users\#2\AppData\Local\Temp\avg_a00892\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


    LastRegBack: 2013-08-13 17:31

    ==================== End Of Log ============================
     
    adrenalinesaint,
    #18
  20. 2013/08/26
    adrenalinesaint

    adrenalinesaint Inactive Thread Starter

    Joined:
    2011/05/05
    Messages:
    83
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2013
    Ran by #2 at 2013-08-26 09:35:23
    Running from C:\Users\#2\Desktop\ransomware
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Installed Programs =======================


    Adobe AIR (x32 Version: 2.6.0.19140)
    Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
    Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
    Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
    Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
    Advanced SystemCare 6 (x32 Version: 6.3)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
    Applet (HKCU)
    ATI Catalyst Install Manager (Version: 3.0.774.0)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95)
    Blasterball 3 (x32 Version: 2.2.0.95)
    Blio (x32 Version: 2.0.5350)
    Bounce Symphony (x32 Version: 2.2.0.95)
    Build-a-lot 2 (x32 Version: 2.2.0.95)
    Cake Mania (x32 Version: 2.2.0.95)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000)
    Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435)
    Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435)
    CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435)
    CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435)
    CCC Help Czech (x32 Version: 2010.0511.2152.37435)
    CCC Help Danish (x32 Version: 2010.0511.2152.37435)
    CCC Help Dutch (x32 Version: 2010.0511.2152.37435)
    CCC Help English (x32 Version: 2010.0511.2152.37435)
    CCC Help Finnish (x32 Version: 2010.0511.2152.37435)
    CCC Help French (x32 Version: 2010.0511.2152.37435)
    CCC Help German (x32 Version: 2010.0511.2152.37435)
    CCC Help Greek (x32 Version: 2010.0511.2152.37435)
    CCC Help Hungarian (x32 Version: 2010.0511.2152.37435)
    CCC Help Italian (x32 Version: 2010.0511.2152.37435)
    CCC Help Japanese (x32 Version: 2010.0511.2152.37435)
    CCC Help Korean (x32 Version: 2010.0511.2152.37435)
    CCC Help Norwegian (x32 Version: 2010.0511.2152.37435)
    CCC Help Polish (x32 Version: 2010.0511.2152.37435)
    CCC Help Portuguese (x32 Version: 2010.0511.2152.37435)
    CCC Help Russian (x32 Version: 2010.0511.2152.37435)
    CCC Help Spanish (x32 Version: 2010.0511.2152.37435)
    CCC Help Swedish (x32 Version: 2010.0511.2152.37435)
    CCC Help Thai (x32 Version: 2010.0511.2152.37435)
    CCC Help Turkish (x32 Version: 2010.0511.2152.37435)
    ccc-core-static (x32 Version: 2010.0511.2153.37435)
    ccc-utility64 (Version: 2010.0511.2153.37435)
    Chinese Simplified Fonts Support For Adobe Reader X (x32 Version: 10.0.0)
    Chuzzle Deluxe (x32 Version: 2.2.0.95)
    Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.1.0.89)
    Citrix Receiver (x32 Version: 13.1.0.89)
    Citrix Receiver Inside (x32 Version: 3.1.0.64094)
    Citrix Receiver(Aero) (x32 Version: 13.1.0.89)
    Citrix Receiver(DV) (x32 Version: 13.1.0.89)
    Citrix Receiver(USB) (x32 Version: 13.1.0.89)
    CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210)
    D3DX10 (x32 Version: 15.4.2368.0902)
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
    Dora's World Adventure (x32 Version: 2.2.0.95)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
    Escape Rosecliff Island (x32 Version: 2.2.0.95)
    Farm Frenzy (x32 Version: 2.2.0.95)
    FATE (x32 Version: 2.2.0.95)
    Final Drive Nitro (x32 Version: 2.2.0.95)
    Google Earth (x32 Version: 7.1.1.1888)
    Google Update Helper (x32 Version: 1.3.21.153)
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
    HP Auto (Version: 1.0.12494.3472)
    HP Client Services (Version: 1.0.12656.3472)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
    HP Game Console (x32)
    HP Games (x32 Version: 1.0.1.5)
    HP MediaSmart DVD (x32 Version: 4.2.4725)
    HP MediaSmart Music (x32 Version: 4.2.4517)
    HP MediaSmart Photo (x32 Version: 4.2.4513)
    HP MediaSmart SmartMenu (Version: 3.1.2.4)
    HP MediaSmart Video (x32 Version: 4.2.4522)
    HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
    HP MovieStore (x32 Version: 1.0.027)
    HP MovieStore (x32 Version: 2.0.2)
    HP Odometer (x32 Version: 2.10.0000)
    HP Setup (x32 Version: 8.4.4400.3525)
    HP Setup Manager (x32 Version: 1.0.12844.3519)
    HP Support Information (x32 Version: 10.1.1000)
    HP Update (x32 Version: 5.002.003.003)
    HP Vision Hardware Diagnostics (Version: 2.1.6.0)
    Hulu Desktop (HKCU Version: 0.9.13)
    iper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1)
    Java(TM) 6 Update 31 (x32 Version: 6.0.310)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
    JNLP (HKCU)
    Juniper Networks Host Checker (HKCU Version: 7.2.0.21697)
    Juniper Networks Secure Application Manager (x32 Version: 7.2.0.21697)
    Juniper Networks, Inc. Setup Client (HKCU Version: 7.2.4.25005)
    Junk Mail filter update (x32 Version: 15.4.3502.0922)
    Kobo (x32 Version: 1.6)
    LabelPrint (x32 Version: 2.5.3130)
    Lexmark X1100 Series
    LightScribe System Software (x32 Version: 1.18.20.1)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
    McAfee Agent (x32 Version: 4.6.0.2292)
    McAfee Host Intrusion Prevention (Version: 8.00.0000)
    McAfee SiteAdvisor Enterprise Plus (x32 Version: 3.0.0.638)
    McAfee VirusScan Enterprise (x32 Version: 8.8.02004)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
    Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
    Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
    Microsoft Silverlight (x32 Version: 4.1.10329.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
    MSVCRT (x32 Version: 15.4.2862.0708)
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
    NOOK for PC (x32 Version: 2.5.6.9575)
    Online Plug-in (x32 Version: 13.1.0.89)
    Paint.NET v3.5.10 (Version: 3.60.0)
    PDF Complete Special Edition (x32 Version: 4.0.9)
    Penguins! (x32 Version: 2.2.0.95)
    PhotoNow! (x32 Version: 1.1.7717)
    Plants vs. Zombies (x32 Version: 2.2.0.95)
    PlayReady PC Runtime amd64 (Version: 1.3.0)
    PlayReady PC Runtime x86 (x32 Version: 1.3.0)
    Poker Superstars III (x32 Version: 2.2.0.95)
    Polar Bowler (x32 Version: 2.2.0.95)
    Polar Golfer (x32 Version: 2.2.0.95)
    Power2Go (x32 Version: 6.1.4329)
    PowerDirector (x32 Version: 8.0.3129)
    PressReader (x32 Version: 5.10.1102.0)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
    Recovery Manager (x32 Version: 5.5.3219)
    RoxioNow Player (x32 Version: 1.9.5.101)
    Spybot - Search & Destroy (x32 Version: 1.6.2)
    swMSM (x32 Version: 12.0.0.1)
    System Information Reporter (x32 Version: 1.0.0.180)
    Unity Web Player (HKCU Version: )
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
    Virtual Families (x32 Version: 2.2.0.95)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
    WebEx (x32)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
    Windows Live Essentials (x32 Version: 15.4.3502.0922)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
    Windows Live Installer (x32 Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3502.0922)
    Windows Live Mail (x32 Version: 15.4.3502.0922)
    Windows Live Messenger (x32 Version: 15.4.3502.0922)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
    Windows Live Photo Common (x32 Version: 15.4.3502.0922)
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
    Windows Live SOXE (x32 Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
    Windows Live Writer (x32 Version: 15.4.3502.0922)
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
    Zinio Reader 4 (x32 Version: 4.0.3184)
    Zuma Deluxe (x32 Version: 2.2.0.95)

    ==================== Restore Points =========================

    13-06-2013 04:00:03 Scheduled Checkpoint
    20-06-2013 21:25:53 Scheduled Checkpoint
    27-06-2013 21:36:57 Scheduled Checkpoint
    08-07-2013 13:55:50 Scheduled Checkpoint
    16-07-2013 21:41:46 Scheduled Checkpoint
    25-07-2013 21:25:39 Scheduled Checkpoint
    01-08-2013 21:36:13 Scheduled Checkpoint
    13-08-2013 21:38:08 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2013-02-14 10:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {3139C562-95FC-4C79-AB76-A589E0D69851} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26] (Google Inc.)
    Task: {3ABB30BF-4527-4C02-A40B-BFB8F35F0C47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26] (Google Inc.)
    Task: {4A3D58DD-5B90-4F8E-BEA2-8F7013E97040} - System32\Tasks\HPCeeScheduleFor#2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {71202BC6-A1B5-43E0-88F6-EB9F20C01C47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-08] (Adobe Systems Incorporated)
    Task: {88519575-57D0-4591-AE63-A98523D250CE} - System32\Tasks\IE10 => C:\Windows\System32\reg No File
    Task: {93728C7B-396A-41D2-AD0D-1D33EFAAFA28} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
    Task: {C4230E01-0796-456E-897B-0B33CCF1F4A1} - System32\Tasks\HPCeeScheduleFor2-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleFor#2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleFor2-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe


    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/23/2013 10:40:40 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/23/2013 10:28:49 AM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (08/23/2013 10:28:22 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/23/2013 10:15:45 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/23/2013 10:04:39 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/23/2013 09:51:34 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/23/2013 09:38:36 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/23/2013 09:23:51 AM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Users\#2\Desktop\ransomware\mbar\mbar.exe; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

    Error: (08/22/2013 09:31:41 AM) (Source: Application Error) (User: )
    Description: Faulting application name: HPPhotoViewer.exe, version: 4.2.1.4513, time stamp: 0x4c85f062
    Faulting module name: _render3d.pyd, version: 4.5.3993.2602, time stamp: 0x4b68656b
    Exception code: 0xc0000005
    Fault offset: 0x0000de93
    Faulting process id: 0xb48
    Faulting application start time: 0xHPPhotoViewer.exe0
    Faulting application path: HPPhotoViewer.exe1
    Faulting module path: HPPhotoViewer.exe2
    Report Id: HPPhotoViewer.exe3

    Error: (08/21/2013 09:46:47 AM) (Source: IMFservice) (User: )
    Description: The handle is invalid


    System errors:
    =============
    Error: (08/26/2013 09:20:00 AM) (Source: DCOM) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (08/25/2013 10:42:09 AM) (Source: DCOM) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (08/24/2013 10:42:07 AM) (Source: DCOM) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (08/23/2013 10:42:15 AM) (Source: DCOM) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (08/23/2013 10:42:15 AM) (Source: DCOM) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (08/23/2013 10:42:13 AM) (Source: DCOM) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (08/23/2013 10:42:05 AM) (Source: DCOM) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (08/23/2013 10:41:59 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ctxusbm
    discache
    spldr
    Wanarpv6

    Error: (08/23/2013 10:41:57 AM) (Source: Service Control Manager) (User: )
    Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
    %%1068

    Error: (08/23/2013 10:41:56 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (08/23/2013 10:40:40 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exe Malwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/23/2013 10:28:49 AM) (Source: Microsoft-Windows-CAPI2)(User: )
    Description:
    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.

    Error: (08/23/2013 10:28:22 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exe Malwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/23/2013 10:15:45 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exe Malwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/23/2013 10:04:39 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exe Malwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/23/2013 09:51:34 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exe Malwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/23/2013 09:38:36 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exe Malwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/23/2013 09:23:51 AM) (Source: System Restore)(User: )
    Description: C:\Users\#2\Desktop\ransomware\mbar\mbar.exeMalwarebytes Anti-Rootkit Restore Point0x8007043c

    Error: (08/22/2013 09:31:41 AM) (Source: Application Error)(User: )
    Description: HPPhotoViewer.exe4.2.1.45134c85f062_render3d.pyd4.5.3993.26024b68656bc00000050000de93b4801ce9f3be0315282C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\PhotoViewer\HPPhotoViewer.exeC:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\PhotoViewer\koan\_render3d.pyd2d93e0ec-0b2f-11e3-a616-78acc0bf545e

    Error: (08/21/2013 09:46:47 AM) (Source: IMFservice)(User: )
    Description: The handle is invalid


    ==================== Memory info ===========================

    Percentage of memory in use: 23%
    Total physical RAM: 2815.29 MB
    Available physical RAM: 2146.44 MB
    Total Pagefile: 5628.77 MB
    Available Pagefile: 5008.69 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:452.83 GB) (Free:402.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:12.83 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.59 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: A1219ACE)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
    adrenalinesaint,
    #19
  21. 2013/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Re-run FRST one more time and post new log.
     

    Attached Files:

    broni,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...