Forged physical sector errors

davidwf · April 13, 2014

I am getting a lot of "forged physical sector" error reports, I have applied the recommended action (quarantine) which initially appear to have removed them but they re-appear on re-scan

Logs attached

protection.txt

scan.txt

MrCharlie · April 14, 2014

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then......

Download DDS from one of the links below and save it to your desktop: (may not run on W8.1)

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs: DDS.txt and Attach.txt

Save both reports to your desktop

Please Copy & Paste the contents of the following logs in your next reply

You can ignore the note about zipping the Attach.txt file

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

davidwf · April 14, 2014

Wow....thanks for your comprehensive reply and offer of help

reports attached as requested

dds.txt :

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2

Run by David at 18:31:29 on 2014-04-14

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.12286.9971 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\PROGRA~2\APC\PowerChute Business Edition\agent\pbeagent.exe

C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Windows\SysWOW64\bgsvcgen.exe

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\SysWOW64\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo64.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\windows\splwow64.exe

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\msiexec.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\DllHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

StartupFolder: D:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Canon MP Navigator EX 3.1.lnk - C:\Program Files (x86)\Canon\MP Navigator EX 3.1\mpnex31.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{4F3A06D2-461E-4F6E-8347-D61315F87376} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

x64-Run: [shadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - d:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\snaz000z.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - AOL Search

FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/|http://www.ebay.co.uk/|https://mail.google.com/mail/?shva=1#inbox

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLl

FF - plugin: C:\windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

.

============= SERVICES / DRIVERS ===============

.

R0 apmwin;apmwin;C:\windows\System32\drivers\apmwin.sys [2014-3-26 50896]

R0 fltsrv;Acronis Storage Filter Management;C:\windows\System32\drivers\fltsrv.sys [2014-1-5 116000]

R0 gpt_loader;GUID Partition table support driver;C:\windows\System32\drivers\gpt_loader.sys [2014-3-26 61136]

R0 mounthlp;Mounter helper driver for HFS+ volumes;C:\windows\System32\drivers\mounthlp.sys [2014-3-26 45776]

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]

R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2013-3-9 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2013-3-9 15920]

R0 tib;Acronis TIB Manager;C:\windows\System32\drivers\tib.sys [2014-1-5 1120032]

R0 tib_mounter;Acronis TIB Mounter;C:\windows\System32\drivers\tib_mounter.sys [2014-1-5 198432]

R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2014-1-5 161568]

R0 vidsflt;Acronis Disk Storage Filter;C:\windows\System32\drivers\vidsflt.sys [2014-1-5 117024]

R1 AppleCharger;AppleCharger;C:\windows\System32\drivers\AppleCharger.sys [2013-3-8 21544]

R1 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2014-4-11 88280]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-2-28 3873784]

R2 APCPBEAgent;APC PBE Agent;C:\PROGRA~2\APC\PowerChute Business Edition\agent\pbeagent.exe [2014-3-24 34168]

R2 apmwinsrv;Paragon APM service;C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe [2013-7-26 66768]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]

R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2013-9-19 98304]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-26 2224976]

R2 HauppaugeTVServer;HauppaugeTVServer;C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2013-5-11 577536]

R2 HfsplusRec;HfsplusRec;C:\windows\System32\drivers\hfsplusrec.sys [2014-3-26 15568]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2013-9-28 72304]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-26 377616]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-11 1809720]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-11 857912]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-23 1593632]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-23 16941856]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-6-20 389896]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\windows\System32\drivers\RtNdPt60.sys [2013-9-28 27136]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2013-3-8 114688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-23 411936]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142360]

R3 afcdp;afcdp;C:\windows\System32\drivers\afcdp.sys [2014-2-28 367200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2013-9-19 3735552]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-3-8 30528]

R3 HCW3x64;Hauppauge WinTV-HVR 713X PCI Card;C:\windows\System32\drivers\HCW71364.sys [2013-3-10 1501200]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-9 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-11 119512]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-11 63192]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\System32\drivers\nx6000.sys [2010-1-29 36720]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-3-23 39200]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-3-10 646248]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2014/01/21 00:31:12;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2013-3-8 247768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BthAvrcp;Bluetooth AVRCP Profile;C:\windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-3-8 25640]

S3 Hfsplus;Hfsplus;C:\windows\System32\drivers\hfsplus.sys [2014-3-26 204496]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-9 111616]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]

S3 Ph3xIB64;Philips 713x VU PCI TV Card;C:\windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]

S3 PsShutdownSvc;PsShutdown;C:\Windows\PSSDNSVC.EXE [2013-7-15 87616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-8 19456]

S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-3-10 31800]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\windows\System32\drivers\RtTeam60.sys [2013-9-28 58472]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\windows\System32\drivers\RtVlan60.sys [2013-9-28 24064]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\windows\System32\drivers\RtTeam60.sys [2013-9-28 58472]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-21 56832]

S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\windows\System32\drivers\RtVlan60.sys [2013-9-28 24064]

S3 vpcuxd;USB Virtualization Stub Service;C:\windows\System32\drivers\vpcuxd.sys [2013-3-11 16384]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-8 1255736]

S4 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2013-9-28 68136]

.

=============== Created Last 30 ================

.

2014-04-13 19:40:00 10521840 ----a-w- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB34342D-661C-4E7E-9385-F452E3212AE0}\mpengine.dll

2014-04-13 19:34:33 -------- d-----w- d:\ProgramData\Sophos

2014-04-13 14:38:33 -------- d-----w- d:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-12 15:11:58 10521840 ----a-w- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-04-11 22:25:44 -------- d-sh--w- d:\Users\David\AppData\Local\EmieUserList

2014-04-11 22:25:44 -------- d-sh--w- d:\Users\David\AppData\Local\EmieSiteList

2014-04-11 22:17:20 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys

2014-04-11 22:17:06 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys

2014-04-11 22:17:06 63192 ----a-w- C:\windows\System32\drivers\mwac.sys

2014-04-11 22:17:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-09 02:02:59 5784064 ----a-w- C:\windows\System32\jscript9.dll

2014-04-09 02:02:58 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll

2014-04-08 21:32:02 116736 ----a-w- C:\windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll

2014-04-07 13:53:59 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-05 17:16:57 1031560 ------w- d:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3D2DC72-8AF5-48F8-8149-F34852F16E22}\gapaengine.dll

2014-04-05 17:02:34 -------- d-----w- C:\windows\Temp1FEBDC2E-6EE0-F1E5-9727-7014A3EBE638-Signatures

2014-03-30 07:55:47 520 ----a-w- d:\Users\David\AppData\Local\TempPSTEMPFILEon0809015076_1.tmp

2014-03-26 19:30:17 45776 ----a-w- C:\windows\System32\drivers\mounthlp.sys

2014-03-26 19:30:16 204496 ----a-w- C:\windows\System32\drivers\hfsplus.sys

2014-03-26 19:30:16 15568 ----a-w- C:\windows\System32\drivers\hfsplusrec.sys

2014-03-26 19:29:56 61136 ----a-w- C:\windows\System32\drivers\gpt_loader.sys

2014-03-26 19:29:46 50896 ----a-w- C:\windows\System32\drivers\apmwin.sys

2014-03-26 19:29:45 -------- d-----w- C:\Program Files (x86)\Paragon Software

2014-03-25 13:21:36 15648 ----a-w- C:\windows\System32\drivers\nvflash.sys

2014-03-25 09:14:51 -------- d-----w- C:\Program Files (x86)\MSECache

2014-03-23 23:10:15 36864 ----a-w- C:\windows\SysWow64\APCSnmp.dll

2014-03-23 23:10:05 -------- d-----w- C:\Program Files (x86)\APC

2014-03-23 17:54:56 -------- d-----w- d:\Users\David\AppData\Local\NVIDIA Corporation

2014-03-23 17:54:29 1179576 ----a-w- C:\windows\System32\nvspcap64.dll

2014-03-23 17:54:29 1048152 ----a-w- C:\windows\SysWow64\nvspcap.dll

2014-03-23 17:54:29 -------- d-----w- d:\Users\David\AppData\Local\NVIDIA

2014-03-23 17:53:45 599840 ----a-w- C:\windows\SysWow64\nvStreaming.exe

2014-03-23 10:53:02 89600 ----a-w- C:\windows\System32\drivers\ser2pl64.sys

2014-03-23 08:27:45 520 ----a-w- d:\Users\David\AppData\Local\TempPSTEMPFILEon0809018156_2.tmp

2014-03-23 08:27:45 520 ----a-w- d:\Users\David\AppData\Local\TempPSTEMPFILEon0809018156_1.tmp

2014-03-23 08:23:32 520 ----a-w- d:\Users\David\AppData\Local\TempPSTEMPFILEon0809017256_2.tmp

2014-03-23 08:23:32 520 ----a-w- d:\Users\David\AppData\Local\TempPSTEMPFILEon0809017256_1.tmp

2014-03-23 08:21:03 520 ----a-w- d:\Users\David\AppData\Local\TempPSTEMPFILEon0809014156_1.tmp

2014-03-22 10:24:24 6574592 ----a-w- C:\windows\System32\mstscax.dll

2014-03-22 10:24:24 5694464 ----a-w- C:\windows\SysWow64\mstscax.dll

2014-03-21 21:44:49 -------- d-----w- C:\Program Files (x86)\Microsoft

2014-03-21 21:41:11 792576 ----a-w- C:\windows\SysWow64\TSWorkspace.dll

2014-03-21 21:41:11 1030144 ----a-w- C:\windows\System32\TSWorkspace.dll

.

==================== Find3M ====================

.

2014-04-14 17:08:07 30528 ----a-w- C:\windows\GVTDrv64.sys

2014-04-14 17:07:52 25640 ----a-w- C:\windows\gdrv.sys

2014-04-14 06:19:55 87616 ----a-w- C:\windows\PSSDNSVC.EXE

2014-04-06 15:31:58 25640 ----a-w- C:\windows\etdrv.sys

2014-04-05 17:00:24 468480 ----a-w- C:\windows\System32\deployJava1.dll

2014-04-03 08:50:58 25816 ----a-w- C:\windows\System32\drivers\mbam.sys

2014-03-12 15:04:29 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-12 15:04:29 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2014-03-11 08:52:30 133928 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys

2014-03-06 09:32:16 2724864 ----a-w- C:\windows\System32\mshtml.tlb

2014-03-06 09:31:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll

2014-03-06 08:59:04 66048 ----a-w- C:\windows\System32\iesetup.dll

2014-03-06 08:57:34 548352 ----a-w- C:\windows\System32\vbscript.dll

2014-03-06 08:57:20 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll

2014-03-06 08:32:07 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb

2014-03-06 08:29:40 139264 ----a-w- C:\windows\System32\ieUnatt.exe

2014-03-06 08:29:14 111616 ----a-w- C:\windows\System32\ieetwcollector.exe

2014-03-06 08:28:15 752640 ----a-w- C:\windows\System32\jscript9diag.dll

2014-03-06 08:15:54 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe

2014-03-06 08:02:34 61952 ----a-w- C:\windows\SysWow64\iesetup.dll

2014-03-06 08:02:33 455168 ----a-w- C:\windows\SysWow64\vbscript.dll

2014-03-06 08:01:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56:43 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll

2014-03-06 07:38:13 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2014-03-06 07:36:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll

2014-03-06 07:13:43 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11:15 2043904 ----a-w- C:\windows\System32\inetcpl.cpl

2014-03-06 06:40:39 1967104 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2014-03-06 06:22:40 2260480 ----a-w- C:\windows\System32\wininet.dll

2014-03-06 05:41:49 1789440 ----a-w- C:\windows\SysWow64\wininet.dll

2014-03-04 13:06:00 6714312 ----a-w- C:\windows\System32\nvcpl.dll

2014-03-04 13:06:00 3497816 ----a-w- C:\windows\System32\nvsvc64.dll

2014-03-04 13:05:58 922968 ----a-w- C:\windows\System32\nvvsvc.exe

2014-03-04 13:05:58 64968 ----a-w- C:\windows\System32\nvshext.dll

2014-03-04 13:05:57 386336 ----a-w- C:\windows\System32\nvmctray.dll

2014-03-04 13:05:53 3649185 ----a-w- C:\windows\System32\nvcoproc.bin

2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll

2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll

2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2014-03-04 09:17:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe

2014-02-27 23:23:04 3600880 ----a-w- C:\windows\System32\auto_reactivate.exe

2014-02-27 23:23:04 345408 ----a-w- C:\windows\System32\snapapiar64.dll

2014-02-27 23:21:59 367200 ----a-w- C:\windows\System32\drivers\afcdp.sys

2014-02-27 23:21:56 1464096 ----a-w- C:\windows\System32\drivers\tdrpman.sys

2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys

2014-02-04 02:35:56 190912 ----a-w- C:\windows\System32\drivers\storport.sys

2014-02-04 02:35:49 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys

2014-02-04 02:35:35 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys

2014-02-04 02:32:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll

2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll

2014-02-04 02:28:36 2048 ----a-w- C:\windows\System32\iologmsg.dll

2014-02-04 02:04:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll

2014-02-04 02:00:39 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll

2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll

2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll

2014-01-25 00:19:42 268512 ----a-w- C:\windows\System32\drivers\MpFilter.sys

2014-01-24 02:37:55 1684928 ----a-w- C:\windows\System32\drivers\ntfs.sys

2014-01-21 00:29:17 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2014-01-21 00:29:17 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2014-01-21 00:29:17 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll

2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe

2014-01-17 22:24:35 99384 ----a-w- d:\Users\David\AppData\Roaming\inst.exe

2014-01-17 22:24:35 82816 ----a-w- d:\Users\David\AppData\Roaming\pcouffin.sys

2013-05-14 17:38:56 708168 ----a-w- C:\Program Files (x86)\39Uninstall MapsGalaxy.dll

2013-05-14 17:38:56 186744 ----a-w- C:\Program Files (x86)\39res.dll

.

============= FINISH: 18:32:09.16 ===============

attach.txt :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 08/03/2013 12:55:49

System Uptime: 14/04/2014 07:17:21 (11 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R

Processor: Intel® Core i7 CPU 950 @ 3.07GHz | Socket 1366 | 3060/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 238 GiB total, 145.359 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 152.371 GiB free.

E: is CDROM ()

I: is CDROM ()

X: is FIXED (NTFS) - 466 GiB total, 193.003 GiB free.

Z: is FIXED (NTFS) - 466 GiB total, 194.673 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1609: 26/03/2014 20:03:18 - Automatic creation

RP1614: 27/03/2014 10:31:47 - Automatic creation

RP1616: 28/03/2014 04:59:15 - Automatic creation

RP1618: 29/03/2014 04:59:36 - Automatic creation

RP1622: 30/03/2014 12:15:04 - Automatic creation

RP1624: 31/03/2014 04:59:15 - Automatic creation

RP1627: 01/04/2014 04:59:11 - Automatic creation

RP1633: 02/04/2014 23:59:13 - Automatic creation

RP1635: 03/04/2014 04:59:15 - Automatic creation

RP1639: 04/04/2014 03:00:39 - Automatic creation

RP1655: 05/04/2014 20:48:04 - Automatic creation

RP1659: 06/04/2014 16:15:00 - Automatic creation

RP1661: 07/04/2014 04:59:15 - Automatic creation

RP1665: 08/04/2014 04:59:19 - Automatic creation

RP1673: 09/04/2014 19:14:18 - Automatic creation

RP1675: 10/04/2014 04:59:15 - Automatic creation

RP1677: 11/04/2014 04:59:15 - Automatic creation

RP1681: 12/04/2014 05:32:25 - Automatic creation

RP1688: 13/04/2014 15:24:47 - Automatic creation

RP1691: 14/04/2014 09:45:50 - Automatic creation

RP1693: 14/04/2014 18:23:18 - Revo Uninstaller Pro's restore point - Sophos Virus Removal Tool

RP1695: 14/04/2014 18:26:34 - Revo Uninstaller Pro's restore point - Sophos Virus Removal Tool

RP1696: 14/04/2014 18:27:24 - Removed Sophos Virus Removal Tool.

RP1697: 14/04/2014 18:29:56 - DDS

.

==== Installed Programs ======================

.

@BIOS Ver.2.06

7-Zip 9.20 (x64 edition)

Acronis True Image 2014

Adobe After Effects CC

Adobe Creative Cloud

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

Adobe SVG Viewer 3.0

Advanced Renamer

Apple Application Support

ArcSoft PhotoStudio 6

Audacity 2.0.3

Autocom Cars CDP+

AutoGreen B09.1014.2

Bright Spark

Brother P-touch Editor 5.1

Browser Configuration Utility

Bulk Rename Utility 2.7.1.2

Call of Duty

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer Driver Add-On Module V2.00

Canon MP Navigator EX 3.1

Canon My Printer

Canon Utilities Digital Photo Professional

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities ImageBrowser EX

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities Solution Menu

CanoScan 9000F Scanner Driver

CCleaner

CD-LabelPrint

CMN

Cool Edit Pro

Counter-Strike: Source

CryptoPrevent v4.2.4

CurrentChart

CyberLink PhotoNow

CyberLink PowerDirector 11

CyberLink PowerDirector 11 Content Pack Essential

CyberLink PowerDirector 11 Content Pack Premium

CyberLink PowerDVD 10

CyberLink WaveEditor 2

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DES 2.0

DF_Labels 9.7

Diagnostic Utility

Dolby Home Theater v4

DSO-2090 USB(V6.0.0.5)

DVD Decrypter (Remove Only)

DVDFab 6.2.0.5 (11/11/2009)

Easy Tune 6 B10.0420.1

Firebird 2.5.0.26074 (Win32)

FlukeView Forms Basic

Free PDF Solutions PDF to WORD version 1.0

GameSpy Arcade

Garry's Mod

GeForce Experience NvStream Client Components

Gigabyte Raid Configurer

Google Chrome

Google Earth

Google Update Helper

Half-Life 2: Deathmatch

Half-Life 2: Episode Two

Hauppauge WinTV 7

HD Writer AE 2.1

High-Definition Video Playback

HM NIS Edit 2.0.3

Insane

Intel® Matrix Storage Manager

Jasc Paint Shop Pro 9

Java 7 Update 51

Java Auto Updater

Jawbreaker

LAME v3.99.3 (for Windows)

Livewire

LockHunter version 1.0 beta 3, 64 bit edition

LogMeIn Hamachi

Malwarebytes Anti-Malware version 2.0.1.1004

marvell 91xx driver

Memory-Map OS Edition Version 5

Microsoft .NET Framework 4.5.1

Microsoft Access database engine 2010 (English)

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft Halo

Microsoft IntelliPoint 8.2

Microsoft IntelliType Pro 8.2

Microsoft LifeCam

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Express Edition (CCOST)

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mirror's Edge

Mozilla Firefox 28.0 (x86 en-US)

Mozilla Thunderbird 17.0.4 (x86 en-US)

Mp3Gain PRO

MSI to redistribute MS VS2005 CRT libraries

MSVC90_x64

MSVC90_x86

MSXML 4.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

MyDriveConnect 3.3.0.1342

Need for Speed™ ProStreet

Need For Speed™ World

Nero 11

Nero 11 Disc Menus Basic

Nero 11 Effects Basic

Nero 11 Image Samples

Nero 11 Kwik Themes Basic

Nero 11 PiP Effects Basic

Nero Audio Pack 1

Nero BackItUp 11

Nero BackItUp 11 Help (CHM)

Nero Backup Drivers

Nero Burning ROM 11

Nero Burning ROM 11 Help (CHM)

Nero ControlCenter 11

Nero ControlCenter 11 Help (CHM)

Nero Core Components 11

Nero CoverDesigner 11

Nero CoverDesigner 11 Help (CHM)

Nero Express 11

Nero Express 11 Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Recode 11

Nero Recode 11 Help (CHM)

Nero RescueAgent 11

Nero RescueAgent 11 Help (CHM)

Nero SharedVideoCodecs

Nero SoundTrax 11

Nero SoundTrax 11 Help (CHM)

Nero Update

Nero Video 11

Nero Video 11 Help (CHM)

Nero WaveEditor 11

Nero WaveEditor 11 Help (CHM)

nero.prerequisites.msi

Newblue Art Effects for PowerDirector

Nullsoft Install System

NVIDIA 3D Vision Controller Driver 335.21

NVIDIA 3D Vision Driver 335.23

NVIDIA Control Panel 335.23

NVIDIA GeForce Experience 1.8.2.1

NVIDIA Graphics Driver 335.23

NVIDIA HD Audio Driver 1.3.30.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 11.10.13

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 11.10.13

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.20

ON_OFF Charge B10.0422.2

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

Paint.NET v3.5.11

PandoraRecovery (Remove Only)

Paragon HFS+ for Windows™ 9.1

PC Connectivity Solution

PCB Wizard 3

Pivot Stickfigure Animator version 2.2.7

PL-2303 USB-to-Serial

PlanetSide 2

PlayReady PC Runtime amd64

Portal

Portal 2

PowerChute Business Edition Agent

PowerDirector

Programming Editor

ProntoProEdit NG

ProntoProEdit NG Setup Support

Quantum Conundrum Demo

QuickTime

Realtek Ethernet Controller Driver

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

Realterm 2.0.0.57

Red Giant Link

Remote Control USB Driver

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller Pro 3.0.8

RouterStats-Lite v9.7

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

SHIELD Streaming

Skype Click to Call

Skype™ 6.11

Smart 6 B10.0422.1

SmartSound Quicktracks 5

SonicStage 4.3

Source SDK

Steam

Tag - v1.1

Team Fortress 2

The Elder Scrolls V: Skyrim

The Stanley Parable Demo

Toca2

Trapcode Suite 64-bit

TreeSize Free V2.7

Uniblue ProcessQuickLink 2

Unreal Development Kit

Unreal Tournament 3

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

VC User CRT71 RTL X86 ---

VC User MFC71 RTL X86 ---

VC User STL71 RTL X86 ---

Visual Studio C++ 10.0 Runtime

Visual Studio C++ 9.0 Runtime

VLC media player 2.1.2

VOB2MPG v3

welcome

Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)

Windows XP Mode

WinRAR 4.20 (64-bit)

WorldPainter 1.4.0

WorldPainter 1.7.1

XBMC

YTD Video Downloader 3.9.6

.

==== Event Viewer Messages From Past Week ========

.

14/04/2014 18:07:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

14/04/2014 18:07:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.

14/04/2014 14:33:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

14/04/2014 09:45:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

14/04/2014 09:45:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HauppaugeTVServer service.

12/04/2014 05:02:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80003698eb7, 0xfffff88003761c88, 0xfffff880037614e0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 041214-31278-01.

.

==== End Of File ===========================

RKreport.txt :

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : David [Admin rights]

Mode : Scan -- Date : 04/14/2014 19:01:58

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL d:\Users\David\AppData\Local\Temp\IHU8B87.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> D:\Users\Alex\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> D:\Users\David\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Users\Fred\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> D:\Users\Sue\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> D:\Users\Wickham Skeith\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Documents and Settings\Alex\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> D:\Documents and Settings\David\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Documents and Settings\Fred\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> D:\Documents and Settings\Sue\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> D:\Documents and Settings\Wickham Skeith\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5002AALX-00J37A0 +++++

--- User ---

[MBR] f6e3104f5490a55fd6dab4f14570dd36

[bSP] 5bb311651a2e039d58d6c47ed10106e1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD5002AALX-00J37A0 +++++

--- User ---

[MBR] aad28795afd239adc2b3f3d2e2ff34f1

[bSP] dd5440ba811c4dada28c94c699293269 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD5002AALX-00J37A0 +++++

--- User ---

[MBR] 7b88304476c28fbd685c3be6da0f8d43

[bSP] 406f1f0855f9a93a9aecfd9a099fc7f2 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ SCSI) OCZ-VECT OR SCSI Disk Device +++++

--- User ---

[MBR] a89bedbec6ec115bd8b1d70abc9c2060

[bSP] b0c277dcc1b036f0df90d948eb66882e : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 244193 MB

User = LL1 ... OK!

Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_04142014_190158.txt >>

davidwf · April 14, 2014

malware protection.txt :

Malwarebytes Anti-Malware

www.malwarebytes.org

Update, 13/04/2014 00:50:14, SYSTEM, PC, Scheduler, Malware Database, 2014.4.12.5, 2014.4.12.7,

Protection, 13/04/2014 00:50:16, SYSTEM, PC, Protection, Refresh, Starting,

Protection, 13/04/2014 00:50:16, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 13/04/2014 00:50:16, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 13/04/2014 00:50:20, SYSTEM, PC, Protection, Refresh, Success,

Protection, 13/04/2014 00:50:20, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 13/04/2014 00:50:20, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Protection, 13/04/2014 08:23:44, SYSTEM, PC, Protection, Malware Protection, Starting,

Protection, 13/04/2014 08:23:44, SYSTEM, PC, Protection, Malware Protection, Started,

Protection, 13/04/2014 08:23:44, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 13/04/2014 08:23:47, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Update, 13/04/2014 08:24:01, SYSTEM, PC, Manual, Malware Database, 2014.4.12.7, 2014.4.13.2,

Protection, 13/04/2014 08:24:04, SYSTEM, PC, Protection, Refresh, Starting,

Protection, 13/04/2014 08:24:04, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 13/04/2014 08:24:04, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 13/04/2014 08:24:08, SYSTEM, PC, Protection, Refresh, Success,

Protection, 13/04/2014 08:24:08, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 13/04/2014 08:24:08, SYSTEM, PC, Protection, Malicious Website Protection, Started,

(end)

scan.txt :

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 13/04/2014

Scan Time: 08:21:21

Logfile: scan.txt

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.04.12.07

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Enabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: David

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 419857

Time Elapsed: 6 hr, 58 min, 32 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 12

Forged physical sector, Physical Sector #500089935 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500099072 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500100096 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500101120 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500102144 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500103168 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500104192 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500105216 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500106240 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500107264 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500108288 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

Forged physical sector, Physical Sector #500109312 on Drive #3, Replace-on-Reboot, [ee86404f10416f3902a96161cf40d491],

(end)

MrCharlie · April 14, 2014

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

davidwf · April 14, 2014

could not attach contents so here are the files

Nothing found

TDSSKiller.3.0.0.31_14.04.2014_22.30.22_log.txt

TDSSKiller.3.0.0.31_14.04.2014_22.34.46_log.txt

MrCharlie · April 14, 2014

Try this one:

Download Malwarebytes Anti-Rootkit from HERE

Double click mbar.exe to run, it will install in MBAR
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

MrC

davidwf · April 16, 2014

I downloaded and ran MBAR as requested, (I had in fact already done this but have removed and started afresh).....and have come across the same problem I had before : it appears to freeze when scanning one of our user accounts \ roaming folders (we have 4 user accounts, it passes two) .... the hard disk light is on and it sounds like it is still scanning but appears to be frozen - screen dump attached

If I "cancel" the scan it just sits there, if I terminate the process in task manager it does close down.

system log file : ( NO scan log !)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, X:\ DRIVE_FIXED, Z:\ DRIVE_FIXED

CPU speed: 3.064000 GHz

Memory total: 12883247104, free: 10727698432

Could not load protection driver

Downloaded database version: v2014.04.16.10

Downloaded database version: v2014.03.27.01

=======================================

Initializing...

------------ Kernel report ------------

04/17/2014 00:19:20

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\vidsflt.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\jraid.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\DRIVERS\mvs91xx.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\mvxxmm.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vididr.sys

\SystemRoot\system32\DRIVERS\tib_mounter.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\tib.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\DRIVERS\snapman.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\NBVol.sys

\SystemRoot\system32\DRIVERS\NBVolUp.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\DRIVERS\mounthlp.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\DRIVERS\fltsrv.sys

\SystemRoot\system32\DRIVERS\gpt_loader.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\apmwin.sys

\SystemRoot\System32\Drivers\dump_mvxxmm.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\cdrbsdrv.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vpcnfltr.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\vpcvmm.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\AppleCharger.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\HCW71364.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\BdaSup.SYS

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\drivers\nvvad64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\vpcusb.sys

\SystemRoot\system32\DRIVERS\usbrpm.sys

\SystemRoot\system32\DRIVERS\vpchbus.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_mvs91xx.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\ser2pl64.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\nx6000.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\hfsplusrec.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\RtNdPt60.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\point64.sys

\??\C:\windows\system32\Drivers\rikvm_38F51D56.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\MSPQM.sys

\SystemRoot\system32\DRIVERS\afcdp.sys

\??\C:\Windows\gdrv.sys

\??\C:\Windows\GVTDrv64.sys

\??\C:\windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800bd95790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa8009c387e0

Lower Device Driver Name: \Driver\mvs91xx\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800bdb9790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-4\

Lower Device Object: 0xfffffa8009c30050

Lower Device Driver Name: \Driver\iaStor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800bdda790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-3\

Lower Device Object: 0xfffffa8009c2e050

Lower Device Driver Name: \Driver\iaStor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800bdc7790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-2\

Lower Device Object: 0xfffffa8009a97050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 3, DevicePointer: 0xfffffa800bd95790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800bcd9ac0, DeviceName: Unknown, DriverName: \Driver\gpt_loader\

DevicePointer: 0xfffffa800bcd9cd0, DeviceName: Unknown, DriverName: \Driver\apmwin\

DevicePointer: 0xfffffa800bd952c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800bd95790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800bcd5870, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa8009c387e0, DeviceName: \Device\00000071\, DriverName: \Driver\mvs91xx\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\apmwin\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800bdc7790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800bcca940, DeviceName: Unknown, DriverName: \Driver\gpt_loader\

DevicePointer: 0xfffffa8009ee6b60, DeviceName: Unknown, DriverName: \Driver\apmwin\

DevicePointer: 0xfffffa800bccbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800bdc7790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009ee9d30, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa8009a97050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\apmwin\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: C3A28E30

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800bdda790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800bcce940, DeviceName: Unknown, DriverName: \Driver\gpt_loader\

DevicePointer: 0xfffffa800bcd2cd0, DeviceName: Unknown, DriverName: \Driver\apmwin\

DevicePointer: 0xfffffa800bccfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800bdda790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800bcccb40, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa8009c2e050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\apmwin\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: DD44569B

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xfffffa800bdb9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800bcd4940, DeviceName: Unknown, DriverName: \Driver\gpt_loader\

DevicePointer: 0xfffffa800bcd5cd0, DeviceName: Unknown, DriverName: \Driver\apmwin\

DevicePointer: 0xfffffa800bdb92c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800bdb9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800bcd2a90, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa8009c30050, DeviceName: \Device\Ide\IAAStorageDevice-4\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\apmwin\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1C519507

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Drive 3

Scanning MBR on drive 3...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 829EEDC2

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 500107888

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 256056286720 bytes

Sector size: 512 bytes

Done!

<<<2>>>

<<<3>>>

Volume: D:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

davidwf · April 16, 2014

Just re-scanned....as before it scans user Alex all OK including the roaming folder, it scans user David OK including the roaming folder, it stops on user Fred roaming folder \ file xxx

I deleted file xxx, re-started and it stops on file yyy in that folder, deleted that file, re-started and it stops on another file in that folder !

MrCharlie · April 17, 2014

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

MrC

davidwf · April 17, 2014

OK, will do later - thanks

MrCharlie · April 17, 2014

OK....MrC

davidwf · April 17, 2014

Files attached as requested

thank you

aswMBR.txt

mbr_dat.zip

MrCharlie · April 18, 2014

Is Malwarebytes still deleting the Forged sectors when you run a scan???

Please run this scan: (I'm going to have someone else who's an expert look at this for us)

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

MrC

davidwf · April 18, 2014

I ran the anti root kit scanner again and left it running overnight ....here is the system log.txt from that

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, X:\ DRIVE_FIXED, Z:\ DRIVE_FIXED

CPU speed: 3.064000 GHz

Memory total: 12883247104, free: 8702431232

Could not load protection driver

=======================================

Initializing...

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800bd95790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa8009c387e0

Lower Device Driver Name: \Driver\mvs91xx\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800bdb9790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-4\

Lower Device Object: 0xfffffa8009c30050

Lower Device Driver Name: \Driver\iaStor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800bdda790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-3\

Lower Device Object: 0xfffffa8009c2e050

Lower Device Driver Name: \Driver\iaStor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800bdc7790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-2\

Lower Device Object: 0xfffffa8009a97050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: D:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: D:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: D:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: C3A28E30

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: DD44569B

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1C519507

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Drive 3

Scanning MBR on drive 3...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 829EEDC2

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 500107888

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 256056286720 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...

Removing d:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...

Removal finished

davidwf · April 18, 2014

I was about to run Malware Bytes again to see if it still picked up those errors.....but it seems to have disappeared off my system !!! ?????

Will re-install and see

davidwf · April 18, 2014

Is Malwarebytes still deleting the Forged sectors when you run a scan???

Just completed the scan......and NO ERRORS

protection log :

Malwarebytes Anti-Malware

www.malwarebytes.org

Update, 18/04/2014 10:59:24, SYSTEM, PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,

Update, 18/04/2014 10:59:51, SYSTEM, PC, Manual, Malware Database, 2014.3.4.9, 2014.4.18.3,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Malware Protection, Starting,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Malware Protection, Started,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Refresh, Starting,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 18/04/2014 11:00:07, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 18/04/2014 11:00:10, SYSTEM, PC, Protection, Refresh, Success,

Protection, 18/04/2014 11:00:10, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 18/04/2014 11:00:10, SYSTEM, PC, Protection, Malicious Website Protection, Started,

(end)

scan log :

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 18/04/2014

Scan Time: 11:08:04

Logfile: scan.txt

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.04.18.03

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: David

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 423816

Time Elapsed: 8 min, 10 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

So, on the face of it at least it looks like the MBAR scan may have found and deleted the problem.....maybe I should have left it running longer....maybe it needs some more "confidence" indication that it is actually doing something - it certainly appeared to have frozen !

davidwf · April 18, 2014

Listpart report as requested :

ListParts by Farbar Version: 17-04-2014

Ran by David (administrator) on 18-04-2014 at 11:22:44

Windows 7 (X64)

Running From: D:\Users\David\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 29%

Total physical RAM: 12286.42 MB

Available physical RAM: 8662.75 MB

Total Pagefile: 24571.02 MB

Available Pagefile: 20301.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (SYSTEM FILES) (Fixed) (Total:238.47 GB) (Free:147.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (USER DATA) (Fixed) (Total:465.76 GB) (Free:151.96 GB) NTFS

5 Drive x: (VIDEO) (Fixed) (Total:465.76 GB) (Free:193 GB) NTFS

6 Drive z: (BACKUPS) (Fixed) (Total:465.76 GB) (Free:118.97 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB

Disk 1 Online 465 GB 1024 KB

Disk 2 Online 465 GB 1024 KB

Disk 3 Online 238 GB 0 B

Partitions of Disk 0:

===============

Disk ID: C3A28E30

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D USER DATA NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Disk ID: DD44569B

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 X VIDEO NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 2:

===============

Disk ID: 1C519507

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 Z BACKUPS NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 3:

===============

Disk ID: 829EEDC2

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 238 GB 1024 KB

======================================================================================================

Disk: 3

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 C SYSTEM FILE NTFS Partition 238 GB Healthy System (partition with boot components)

======================================================================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: C3A28E30

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==============================

Partitions of Disk 1:

===============

Disk ID: DD44569B

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==============================

Partitions of Disk 2:

===============

Disk ID: 1C519507

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==============================

Partitions of Disk 3:

===============

Disk ID: 829EEDC2

Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

****** End Of Log ******

davidwf · April 18, 2014

Aw dammit.....just ran another scan after re-booting......

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 18/04/2014

Scan Time: 11:56:53

Logfile: MBAM.txt

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.04.18.03

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Enabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: David

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 426302

Time Elapsed: 26 min, 34 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 21

Forged physical sector, Physical Sector #500089935 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500096708 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500096752 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500096792 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500096796 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500097072 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500097216 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500098720 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500099072 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500100096 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500100394 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500100397 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500101120 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500102144 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500103168 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500104192 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500105216 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500106240 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500107264 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500108288 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

Forged physical sector, Physical Sector #500109312 on Drive #3, , [022b6028989832b7fcbc1d3003035cf6],

(end)

MrCharlie · April 18, 2014

OK, hang on while I have someone look over the logs.

MrC

davidwf · April 18, 2014

OK, will do.....am slightly concerned to see MORE errors than before......

MrCharlie · April 18, 2014

While I wait for an opinion on the logs.

Open up Malwarebytes > Settings > Detection and Protection > enable Scan for Rootkits

Run a scan

Let me know,.......MrC

davidwf · April 18, 2014

It was already ticked....everything is ticked....

davidwf · April 18, 2014

Did some more digging and it seems that "vol 3" is in fact my X drive, used mainly for video editing.....

davidwf · April 18, 2014

Disregard that....with that drive unplugged it reported the same errors on volume 3 (!!) which was then my Z drive !

I unplugged that drive as well and it reported the same errors on volume 3 that appears to me my C drive

In case you hadn't worked it out, I have programs etc on C:\ (an OCZ Vector SSD) and user files etc on D:\ - a normal hard drive

Just did a custom scan on C: drive only and almost immediately it picked up the same errors !

Forged physical sector errors

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information