Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: Replaced HHD with SSD. Still have this !@#$%^&Malware!!  (Read 12336 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
« Reply #15 on: January 04, 2015, 07:18:22 PM »
Try running it in Safe Mode.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

Valorus

    Topic Starter


    Beginner

    • Experience: Familiar
    • OS: Windows 7
    Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
    « Reply #16 on: January 04, 2015, 08:21:00 PM »
    That worked.

    # AdwCleaner v4.106 - Report created 04/01/2015 at 19:15:51
    # Updated 21/12/2014 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : norm - NORM-PC
    # Running from : C:\Users\norm\Downloads\adwcleaner_4.106.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [1663 octets] - [30/12/2014 08:30:57]
    AdwCleaner[R1].txt - [834 octets] - [04/01/2015 14:48:02]
    AdwCleaner[R2].txt - [951 octets] - [04/01/2015 15:07:35]
    AdwCleaner[R3].txt - [1396 octets] - [04/01/2015 19:14:54]
    AdwCleaner[S0].txt - [1729 octets] - [30/12/2014 08:32:22]
    AdwCleaner[S1].txt - [894 octets] - [04/01/2015 14:50:00]
    AdwCleaner[S2].txt - [1011 octets] - [04/01/2015 15:08:28]
    AdwCleaner[S3].txt - [1321 octets] - [04/01/2015 19:15:51]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1381 octets] ##########
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
    « Reply #17 on: January 05, 2015, 12:49:32 PM »
    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Valorus

      Topic Starter


      Beginner

      • Experience: Familiar
      • OS: Windows 7
      Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
      « Reply #18 on: January 05, 2015, 01:27:17 PM »
      Malwarebytes Anti-Rootkit BETA 1.08.2.1001
      www.malwarebytes.org

      Database version: v2015.01.05.12

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.17501
      norm :: NORM-PC [administrator]

      1/5/2015 12:20:17 PM
      mbar-log-2015-01-05 (12-20-17).txt

      Scan type: Quick scan
      Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
      Scan options disabled:
      Objects scanned: 406443
      Time elapsed: 4 minute(s), 21 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      Physical Sectors Detected: 0
      (No malicious items detected)

      (end)
      Logged

      Valorus

        Topic Starter


        Beginner

        • Experience: Familiar
        • OS: Windows 7
        Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
        « Reply #19 on: January 05, 2015, 01:32:28 PM »
        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 4232941568

        Downloaded database version: v2014.12.21.04
        Downloaded database version: v2014.12.14.01
        Downloaded database version: v2014.12.06.01
        =======================================
        ------------ Kernel report ------------
             12/21/2014 10:55:03
        ------------ Loaded modules -----------
        \SystemRoot\system32\ntoskrnl.exe
        \SystemRoot\system32\hal.dll
        \SystemRoot\system32\kdcom.dll
        \SystemRoot\system32\mcupdate_GenuineIntel.dll
        \SystemRoot\system32\PSHED.dll
        \SystemRoot\system32\CLFS.SYS
        \SystemRoot\system32\CI.dll
        \SystemRoot\system32\drivers\Wdf01000.sys
        \SystemRoot\system32\drivers\WDFLDR.SYS
        \SystemRoot\system32\drivers\ACPI.sys
        \SystemRoot\system32\drivers\WMILIB.SYS
        \SystemRoot\system32\drivers\msisadrv.sys
        \SystemRoot\system32\drivers\pci.sys
        \SystemRoot\system32\drivers\vdrvroot.sys
        \SystemRoot\System32\drivers\partmgr.sys
        \SystemRoot\system32\DRIVERS\compbatt.sys
        \SystemRoot\system32\DRIVERS\BATTC.SYS
        \SystemRoot\system32\drivers\volmgr.sys
        \SystemRoot\System32\drivers\volmgrx.sys
        \SystemRoot\System32\drivers\mountmgr.sys
        \SystemRoot\system32\DRIVERS\iaStor.sys
        \SystemRoot\system32\drivers\atapi.sys
        \SystemRoot\system32\drivers\ataport.SYS
        \SystemRoot\system32\drivers\msahci.sys
        \SystemRoot\system32\drivers\PCIIDEX.SYS
        \SystemRoot\system32\drivers\amdxata.sys
        \SystemRoot\system32\drivers\fltmgr.sys
        \SystemRoot\system32\drivers\fileinfo.sys
        \SystemRoot\system32\DRIVERS\avc3.sys
        \SystemRoot\system32\DRIVERS\gzflt.sys
        \SystemRoot\System32\Drivers\Ntfs.sys
        \SystemRoot\System32\Drivers\msrpc.sys
        \SystemRoot\System32\Drivers\ksecdd.sys
        \SystemRoot\System32\Drivers\cng.sys
        \SystemRoot\System32\drivers\pcw.sys
        \SystemRoot\System32\Drivers\Fs_Rec.sys
        \SystemRoot\system32\drivers\ndis.sys
        \SystemRoot\system32\drivers\NETIO.SYS
        \SystemRoot\System32\Drivers\ksecpkg.sys
        \SystemRoot\System32\drivers\tcpip.sys
        \SystemRoot\System32\drivers\fwpkclnt.sys
        \SystemRoot\system32\drivers\volsnap.sys
        \SystemRoot\System32\Drivers\spldr.sys
        \SystemRoot\System32\drivers\rdyboost.sys
        \SystemRoot\system32\DRIVERS\nvpciflt.sys
        \SystemRoot\System32\Drivers\mup.sys
        \SystemRoot\System32\drivers\hwpolicy.sys
        \SystemRoot\System32\DRIVERS\fvevol.sys
        \SystemRoot\system32\drivers\disk.sys
        \SystemRoot\system32\drivers\CLASSPNP.SYS
        \SystemRoot\System32\Drivers\nvBridge.kmd
        \SystemRoot\System32\drivers\dxgkrnl.sys
        \SystemRoot\System32\drivers\watchdog.sys
        \SystemRoot\System32\drivers\dxgmms1.sys
        \SystemRoot\system32\DRIVERS\cdrom.sys
        \SystemRoot\System32\Drivers\Null.SYS
        \SystemRoot\System32\Drivers\Beep.SYS
        \SystemRoot\System32\drivers\vga.sys
        \SystemRoot\System32\drivers\VIDEOPRT.SYS
        \SystemRoot\System32\DRIVERS\RDPCDD.sys
        \SystemRoot\system32\drivers\rdpencdd.sys
        \SystemRoot\system32\drivers\rdprefmp.sys
        \SystemRoot\System32\Drivers\Msfs.SYS
        \SystemRoot\System32\Drivers\Npfs.SYS
        \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
        \SystemRoot\system32\DRIVERS\tdx.sys
        \SystemRoot\system32\DRIVERS\TDI.SYS
        \SystemRoot\system32\drivers\afd.sys
        \SystemRoot\System32\DRIVERS\netbt.sys
        \SystemRoot\system32\DRIVERS\wfplwf.sys
        \SystemRoot\system32\DRIVERS\pacer.sys
        \SystemRoot\system32\DRIVERS\vwififlt.sys
        \SystemRoot\system32\DRIVERS\netbios.sys
        \SystemRoot\system32\DRIVERS\wanarp.sys
        \SystemRoot\system32\DRIVERS\termdd.sys
        \SystemRoot\system32\DRIVERS\rdbss.sys
        \SystemRoot\system32\drivers\nsiproxy.sys
        \SystemRoot\system32\DRIVERS\mssmbios.sys
        \SystemRoot\System32\drivers\discache.sys
        \SystemRoot\System32\Drivers\dfsc.sys
        \SystemRoot\system32\DRIVERS\blbdrive.sys
        \SystemRoot\system32\DRIVERS\tunnel.sys
        \SystemRoot\system32\DRIVERS\wmiacpi.sys
        \SystemRoot\system32\DRIVERS\igdkmd64.sys
        \SystemRoot\system32\DRIVERS\HECIx64.sys
        \SystemRoot\system32\drivers\usbehci.sys
        \SystemRoot\system32\drivers\USBPORT.SYS
        \SystemRoot\system32\DRIVERS\HDAudBus.sys
        \SystemRoot\system32\DRIVERS\NETwNs64.sys
        \SystemRoot\system32\DRIVERS\vwifibus.sys
        \SystemRoot\system32\DRIVERS\nusb3xhc.sys
        \SystemRoot\system32\DRIVERS\USBD.SYS
        \SystemRoot\system32\DRIVERS\Rt64win7.sys
        \SystemRoot\system32\DRIVERS\i8042prt.sys
        \SystemRoot\system32\DRIVERS\kbdclass.sys
        \SystemRoot\system32\DRIVERS\mouclass.sys
        \SystemRoot\system32\DRIVERS\CmBatt.sys
        \SystemRoot\system32\DRIVERS\intelppm.sys
        \SystemRoot\system32\DRIVERS\CompositeBus.sys
        \SystemRoot\system32\DRIVERS\AgileVpn.sys
        \SystemRoot\system32\DRIVERS\rasl2tp.sys
        \SystemRoot\system32\DRIVERS\ndistapi.sys
        \SystemRoot\system32\DRIVERS\ndiswan.sys
        \SystemRoot\system32\DRIVERS\raspppoe.sys
        \SystemRoot\system32\DRIVERS\raspptp.sys
        \SystemRoot\system32\DRIVERS\rassstp.sys
        \SystemRoot\system32\DRIVERS\swenum.sys
        \SystemRoot\system32\DRIVERS\ks.sys
        \SystemRoot\system32\DRIVERS\avchv.sys
        \SystemRoot\system32\DRIVERS\umbus.sys
        \SystemRoot\system32\DRIVERS\usbhub.sys
        \SystemRoot\system32\DRIVERS\nusb3hub.sys
        \SystemRoot\System32\Drivers\NDProxy.SYS
        \SystemRoot\system32\drivers\RTKVHD64.sys
        \SystemRoot\system32\drivers\portcls.sys
        \SystemRoot\system32\drivers\drmk.sys
        \SystemRoot\system32\drivers\ksthunk.sys
        \SystemRoot\system32\DRIVERS\usbccgp.sys
        \SystemRoot\system32\drivers\hidusb.sys
        \SystemRoot\system32\drivers\HIDCLASS.SYS
        \SystemRoot\system32\drivers\HIDPARSE.SYS
        \SystemRoot\system32\DRIVERS\mouhid.sys
        \SystemRoot\system32\DRIVERS\kbdhid.sys
        \SystemRoot\System32\win32k.sys
        \SystemRoot\System32\drivers\Dxapi.sys
        \SystemRoot\System32\Drivers\crashdmp.sys
        \SystemRoot\System32\Drivers\dump_iaStor.sys
        \SystemRoot\System32\Drivers\dump_dumpfve.sys
        \SystemRoot\System32\Drivers\usbvideo.sys
        \SystemRoot\System32\Drivers\BTHUSB.sys
        \SystemRoot\System32\Drivers\bthport.sys
        \SystemRoot\System32\TSDDD.dll
        \SystemRoot\System32\cdd.dll
        \SystemRoot\system32\DRIVERS\rfcomm.sys
        \SystemRoot\system32\drivers\BthEnum.sys
        \SystemRoot\system32\DRIVERS\bthpan.sys
        \SystemRoot\system32\drivers\luafv.sys
        \SystemRoot\system32\DRIVERS\avckf.sys
        \SystemRoot\system32\DRIVERS\lltdio.sys
        \SystemRoot\system32\DRIVERS\nwifi.sys
        \SystemRoot\system32\DRIVERS\ndisuio.sys
        \SystemRoot\system32\DRIVERS\rspndr.sys
        \SystemRoot\system32\drivers\HTTP.sys
        \SystemRoot\system32\DRIVERS\bowser.sys
        \SystemRoot\System32\drivers\mpsdrv.sys
        \SystemRoot\system32\DRIVERS\mrxsmb.sys
        \SystemRoot\system32\DRIVERS\mrxsmb10.sys
        \SystemRoot\system32\DRIVERS\mrxsmb20.sys
        \SystemRoot\system32\drivers\peauth.sys
        \SystemRoot\System32\Drivers\secdrv.SYS
        \SystemRoot\System32\DRIVERS\srvnet.sys
        \SystemRoot\System32\drivers\tcpipreg.sys
        \SystemRoot\System32\DRIVERS\srv2.sys
        \SystemRoot\System32\DRIVERS\srv.sys
        \SystemRoot\system32\DRIVERS\vwifimp.sys
        \SystemRoot\system32\DRIVERS\USBSTOR.SYS
        \SystemRoot\System32\Drivers\fastfat.SYS
        \SystemRoot\system32\drivers\WudfPf.sys
        \SystemRoot\system32\DRIVERS\WUDFRd.sys
        \SystemRoot\system32\DRIVERS\monitor.sys
        \??\C:\Windows\system32\drivers\mbamchameleon.sys
        \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
        \Windows\System32\ntdll.dll
        \Windows\System32\smss.exe
        \Windows\System32\apisetschema.dll
        \Windows\System32\autochk.exe
        \Windows\System32\rpcrt4.dll
        \Windows\System32\msctf.dll
        \Windows\System32\iertutil.dll
        \Windows\System32\Wldap32.dll
        \Windows\System32\ws2_32.dll
        \Windows\System32\advapi32.dll
        \Windows\System32\lpk.dll
        \Windows\System32\normaliz.dll
        \Windows\System32\clbcatq.dll
        \Windows\System32\imm32.dll
        \Windows\System32\shlwapi.dll
        \Windows\System32\user32.dll
        \Windows\System32\nsi.dll
        \Windows\System32\comdlg32.dll
        \Windows\System32\difxapi.dll
        \Windows\System32\msvcrt.dll
        \Windows\System32\oleaut32.dll
        \Windows\System32\gdi32.dll
        \Windows\System32\ole32.dll
        \Windows\System32\setupapi.dll
        \Windows\System32\imagehlp.dll
        \Windows\System32\usp10.dll
        \Windows\System32\shell32.dll
        \Windows\System32\wininet.dll
        \Windows\System32\urlmon.dll
        \Windows\System32\psapi.dll
        \Windows\System32\sechost.dll
        \Windows\System32\kernel32.dll
        \Windows\System32\comctl32.dll
        \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
        \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
        \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
        \Windows\System32\crypt32.dll
        \Windows\System32\userenv.dll
        \Windows\System32\cfgmgr32.dll
        \Windows\System32\wintrust.dll
        \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
        \Windows\System32\KernelBase.dll
        \Windows\System32\devobj.dll
        \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
        \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
        \Windows\System32\msasn1.dll
        \Windows\System32\profapi.dll
        \Windows\SysWOW64\normaliz.dll
        ----------- End -----------
        Done!
        <<<1>>>
        Upper Device Name: \Device\Harddisk1\DR1
        Upper Device Object: 0xfffffa800f23d060
        Upper Device Driver Name: \Driver\Disk\
        Lower Device Name: \Device\00000092\
        Lower Device Object: 0xfffffa800f2d4520
        Lower Device Driver Name: \Driver\USBSTOR\
        <<<1>>>
        Upper Device Name: \Device\Harddisk0\DR0
        Upper Device Object: 0xfffffa8009661060
        Upper Device Driver Name: \Driver\Disk\
        Lower Device Name: \Device\Ide\IAAStorageDevice-1\
        Lower Device Object: 0xfffffa8007836050
        Lower Device Driver Name: \Driver\iaStor\
        <<<2>>>
        Physical Sector Size: 512
        Drive: 0, DevicePointer: 0xfffffa8009661060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
        --------- Disk Stack ------
        DevicePointer: 0xfffffa8009661b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
        DevicePointer: 0xfffffa8009661060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
        DevicePointer: 0xfffffa8007836050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
        ------------ End ----------
        Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
        Upper DeviceData: 0x0, 0x0, 0x0
        Lower DeviceData: 0x0, 0x0, 0x0
        <<<3>>>
        Volume: C:
        File system type: NTFS
        SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
        <<<2>>>
        <<<3>>>
        Volume: C:
        File system type: NTFS
        SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
        Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
        Done!
        Drive 0
        This is a System drive
        Scanning MBR on drive 0...
        Inspecting partition table:
        MBR Signature: 55AA
        Disk Signature: 321E70D2

        Partition information:

            Partition 0 type is Primary (0x7)
            Partition is ACTIVE.
            Partition starts at LBA: 2048  Numsec = 204800
            Partition file system is NTFS
            Partition is bootable

            Partition 1 type is Primary (0x7)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 206848  Numsec = 468652032

            Partition 2 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

            Partition 3 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

        Disk Size: 240057409536 bytes
        Sector size: 512 bytes

        Done!
        Physical Sector Size: 512
        Drive: 1, DevicePointer: 0xfffffa800f23d060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
        --------- Disk Stack ------
        DevicePointer: 0xfffffa800c47c830, DeviceName: Unknown, DriverName: \Driver\partmgr\
        DevicePointer: 0xfffffa800f23d060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
        DevicePointer: 0xfffffa800f2d4520, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
        ------------ End ----------
        Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
        Upper DeviceData: 0x0, 0x0, 0x0
        Lower DeviceData: 0x0, 0x0, 0x0
        Drive 1
        Scanning MBR on drive 1...
        Inspecting partition table:
        MBR Signature: 55AA
        Disk Signature: 790FC2

        Partition information:

            Partition 0 type is Other (0xb)
            Partition is ACTIVE.
            Partition starts at LBA: 64  Numsec = 15728576
            Partition file system is FAT32
            Partition is not bootable

            Partition 1 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

            Partition 2 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

            Partition 3 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

        Disk Size: 8053063680 bytes
        Sector size: 512 bytes

        Done!
        Scan finished
        =======================================


        Removal queue found; removal started
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-64-i.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
        Removal finished
        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 4717101056

        Downloaded database version: v2014.12.28.08
        =======================================


        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 6286483456

        =======================================
        Initializing...
        ------------ Kernel report ------------
             12/28/2014 13:23:34
        ------------ Loaded modules -----------
        \SystemRoot\system32\ntoskrnl.exe
        \SystemRoot\system32\hal.dll
        \SystemRoot\system32\kdcom.dll
        \SystemRoot\system32\mcupdate_GenuineIntel.dll
        \SystemRoot\system32\PSHED.dll
        \SystemRoot\system32\CLFS.SYS
        \SystemRoot\system32\CI.dll
        \SystemRoot\system32\drivers\Wdf01000.sys
        \SystemRoot\system32\drivers\WDFLDR.SYS
        \SystemRoot\system32\drivers\ACPI.sys
        \SystemRoot\system32\drivers\WMILIB.SYS
        \SystemRoot\system32\drivers\msisadrv.sys
        \SystemRoot\system32\drivers\pci.sys
        \SystemRoot\system32\drivers\vdrvroot.sys
        \SystemRoot\System32\drivers\partmgr.sys
        \SystemRoot\system32\DRIVERS\compbatt.sys
        \SystemRoot\system32\DRIVERS\BATTC.SYS
        \SystemRoot\system32\drivers\volmgr.sys
        \SystemRoot\System32\drivers\volmgrx.sys
        \SystemRoot\System32\drivers\mountmgr.sys
        \SystemRoot\system32\DRIVERS\iaStor.sys
        \SystemRoot\system32\drivers\atapi.sys
        \SystemRoot\system32\drivers\ataport.SYS
        \SystemRoot\system32\drivers\msahci.sys
        \SystemRoot\system32\drivers\PCIIDEX.SYS
        \SystemRoot\system32\drivers\amdxata.sys
        \SystemRoot\system32\drivers\fltmgr.sys
        \SystemRoot\system32\drivers\fileinfo.sys
        \SystemRoot\system32\DRIVERS\avc3.sys
        \SystemRoot\System32\Drivers\Ntfs.sys
        \SystemRoot\System32\Drivers\msrpc.sys
        \SystemRoot\System32\Drivers\ksecdd.sys
        \SystemRoot\System32\Drivers\cng.sys
        \SystemRoot\System32\drivers\pcw.sys
        \SystemRoot\System32\Drivers\Fs_Rec.sys
        \SystemRoot\system32\drivers\ndis.sys
        \SystemRoot\system32\drivers\NETIO.SYS
        \SystemRoot\System32\Drivers\ksecpkg.sys
        \SystemRoot\System32\drivers\tcpip.sys
        \SystemRoot\System32\drivers\fwpkclnt.sys
        \SystemRoot\system32\drivers\volsnap.sys
        \SystemRoot\System32\Drivers\spldr.sys
        \SystemRoot\System32\drivers\rdyboost.sys
        \SystemRoot\system32\DRIVERS\nvpciflt.sys
        \SystemRoot\System32\Drivers\mup.sys
        \SystemRoot\System32\drivers\hwpolicy.sys
        \SystemRoot\System32\DRIVERS\fvevol.sys
        \SystemRoot\system32\drivers\disk.sys
        \SystemRoot\system32\drivers\CLASSPNP.SYS
        \SystemRoot\System32\Drivers\nvBridge.kmd
        \SystemRoot\System32\drivers\dxgkrnl.sys
        \SystemRoot\System32\drivers\watchdog.sys
        \SystemRoot\System32\drivers\dxgmms1.sys
        \SystemRoot\system32\DRIVERS\cdrom.sys
        \SystemRoot\System32\Drivers\Null.SYS
        \SystemRoot\System32\Drivers\Beep.SYS
        \SystemRoot\System32\drivers\vga.sys
        \SystemRoot\System32\drivers\VIDEOPRT.SYS
        \SystemRoot\System32\DRIVERS\RDPCDD.sys
        \SystemRoot\system32\drivers\rdpencdd.sys
        \SystemRoot\system32\drivers\rdprefmp.sys
        \SystemRoot\System32\Drivers\Msfs.SYS
        \SystemRoot\System32\Drivers\Npfs.SYS
        \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
        \SystemRoot\system32\DRIVERS\tdx.sys
        \SystemRoot\system32\DRIVERS\TDI.SYS
        \SystemRoot\system32\drivers\afd.sys
        \SystemRoot\System32\DRIVERS\netbt.sys
        \SystemRoot\system32\DRIVERS\wfplwf.sys
        \SystemRoot\system32\DRIVERS\pacer.sys
        \SystemRoot\system32\DRIVERS\vwififlt.sys
        \SystemRoot\system32\DRIVERS\netbios.sys
        \SystemRoot\system32\DRIVERS\wanarp.sys
        \SystemRoot\system32\DRIVERS\termdd.sys
        \SystemRoot\system32\DRIVERS\rdbss.sys
        \SystemRoot\system32\drivers\nsiproxy.sys
        \SystemRoot\system32\DRIVERS\mssmbios.sys
        \SystemRoot\System32\drivers\discache.sys
        \SystemRoot\System32\Drivers\dfsc.sys
        \SystemRoot\system32\DRIVERS\blbdrive.sys
        \SystemRoot\system32\DRIVERS\tunnel.sys
        \SystemRoot\system32\DRIVERS\wmiacpi.sys
        \SystemRoot\system32\DRIVERS\igdkmd64.sys
        \SystemRoot\system32\DRIVERS\HECIx64.sys
        \SystemRoot\system32\drivers\usbehci.sys
        \SystemRoot\system32\drivers\USBPORT.SYS
        \SystemRoot\system32\DRIVERS\HDAudBus.sys
        \SystemRoot\system32\DRIVERS\NETwNs64.sys
        \SystemRoot\system32\DRIVERS\vwifibus.sys
        \SystemRoot\system32\DRIVERS\nusb3xhc.sys
        \SystemRoot\system32\DRIVERS\USBD.SYS
        \SystemRoot\system32\DRIVERS\Rt64win7.sys
        \SystemRoot\system32\DRIVERS\i8042prt.sys
        \SystemRoot\system32\DRIVERS\kbdclass.sys
        \SystemRoot\system32\DRIVERS\mouclass.sys
        \SystemRoot\system32\DRIVERS\CmBatt.sys
        \SystemRoot\system32\DRIVERS\intelppm.sys
        \SystemRoot\system32\DRIVERS\CompositeBus.sys
        \SystemRoot\system32\DRIVERS\AgileVpn.sys
        \SystemRoot\system32\DRIVERS\rasl2tp.sys
        \SystemRoot\system32\DRIVERS\ndistapi.sys
        \SystemRoot\system32\DRIVERS\ndiswan.sys
        \SystemRoot\system32\DRIVERS\raspppoe.sys
        \SystemRoot\system32\DRIVERS\raspptp.sys
        \SystemRoot\system32\DRIVERS\rassstp.sys
        \SystemRoot\system32\DRIVERS\swenum.sys
        \SystemRoot\system32\DRIVERS\ks.sys
        \SystemRoot\system32\DRIVERS\avchv.sys
        \SystemRoot\system32\DRIVERS\umbus.sys
        \SystemRoot\system32\DRIVERS\usbhub.sys
        \SystemRoot\system32\DRIVERS\nusb3hub.sys
        \SystemRoot\System32\Drivers\NDProxy.SYS
        \SystemRoot\system32\drivers\RTKVHD64.sys
        \SystemRoot\system32\drivers\portcls.sys
        \SystemRoot\system32\drivers\drmk.sys
        \SystemRoot\system32\drivers\ksthunk.sys
        \SystemRoot\system32\DRIVERS\usbccgp.sys
        \SystemRoot\system32\drivers\hidusb.sys
        \SystemRoot\system32\drivers\HIDCLASS.SYS
        \SystemRoot\system32\drivers\HIDPARSE.SYS
        \SystemRoot\system32\DRIVERS\mouhid.sys
        \SystemRoot\system32\DRIVERS\kbdhid.sys
        \SystemRoot\System32\win32k.sys
        \SystemRoot\System32\drivers\Dxapi.sys
        \SystemRoot\System32\Drivers\crashdmp.sys
        \SystemRoot\System32\Drivers\dump_iaStor.sys
        \SystemRoot\System32\Drivers\dump_dumpfve.sys
        \SystemRoot\System32\Drivers\usbvideo.sys
        \SystemRoot\System32\Drivers\BTHUSB.sys
        \SystemRoot\System32\Drivers\bthport.sys
        \SystemRoot\System32\TSDDD.dll
        \SystemRoot\System32\cdd.dll
        \SystemRoot\system32\DRIVERS\rfcomm.sys
        \SystemRoot\system32\drivers\BthEnum.sys
        \SystemRoot\system32\DRIVERS\bthpan.sys
        \SystemRoot\system32\drivers\luafv.sys
        \SystemRoot\system32\DRIVERS\lltdio.sys
        \SystemRoot\system32\DRIVERS\nwifi.sys
        \SystemRoot\system32\DRIVERS\ndisuio.sys
        \SystemRoot\system32\DRIVERS\rspndr.sys
        \SystemRoot\system32\drivers\HTTP.sys
        \SystemRoot\system32\DRIVERS\bowser.sys
        \SystemRoot\System32\drivers\mpsdrv.sys
        \SystemRoot\system32\DRIVERS\mrxsmb.sys
        \SystemRoot\system32\DRIVERS\mrxsmb10.sys
        \SystemRoot\system32\DRIVERS\mrxsmb20.sys
        \SystemRoot\system32\drivers\peauth.sys
        \SystemRoot\System32\Drivers\secdrv.SYS
        \SystemRoot\System32\DRIVERS\srvnet.sys
        \SystemRoot\System32\drivers\tcpipreg.sys
        \SystemRoot\System32\DRIVERS\srv2.sys
        \SystemRoot\System32\DRIVERS\srv.sys
        \SystemRoot\system32\DRIVERS\vwifimp.sys
        \SystemRoot\system32\DRIVERS\udfs.sys
        \SystemRoot\system32\DRIVERS\trufos.sys
        \SystemRoot\system32\DRIVERS\gzflt.sys
        \SystemRoot\system32\DRIVERS\monitor.sys
        \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
        \??\C:\Windows\system32\drivers\mbamchameleon.sys
        \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
        \Windows\System32\ntdll.dll
        \Windows\System32\smss.exe
        \Windows\System32\apisetschema.dll
        \Windows\System32\autochk.exe
        \Windows\System32\rpcrt4.dll
        \Windows\System32\gdi32.dll
        \Windows\System32\ole32.dll
        \Windows\System32\usp10.dll
        \Windows\System32\iertutil.dll
        \Windows\System32\imm32.dll
        \Windows\System32\nsi.dll
        \Windows\System32\urlmon.dll
        \Windows\System32\comdlg32.dll
        \Windows\System32\msctf.dll
        \Windows\System32\ws2_32.dll
        \Windows\System32\advapi32.dll
        \Windows\System32\Wldap32.dll
        \Windows\System32\difxapi.dll
        \Windows\System32\psapi.dll
        \Windows\System32\imagehlp.dll
        \Windows\System32\lpk.dll
        \Windows\System32\user32.dll
        \Windows\System32\shell32.dll
        \Windows\System32\msvcrt.dll
        \Windows\System32\shlwapi.dll
        \Windows\System32\oleaut32.dll
        \Windows\System32\kernel32.dll
        \Windows\System32\sechost.dll
        \Windows\System32\normaliz.dll
        \Windows\System32\setupapi.dll
        \Windows\System32\clbcatq.dll
        \Windows\System32\wininet.dll
        \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
        \Windows\System32\KernelBase.dll
        \Windows\System32\devobj.dll
        \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
        \Windows\System32\crypt32.dll
        \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
        \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
        \Windows\System32\wintrust.dll
        \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
        \Windows\System32\userenv.dll
        \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
        \Windows\System32\comctl32.dll
        \Windows\System32\cfgmgr32.dll
        \Windows\System32\msasn1.dll
        \Windows\System32\profapi.dll
        \Windows\SysWOW64\normaliz.dll
        ----------- End -----------
        Done!
        <<<1>>>
        Upper Device Name: \Device\Harddisk0\DR0
        Upper Device Object: 0xfffffa8009661060
        Upper Device Driver Name: \Driver\Disk\
        Lower Device Name: \Device\Ide\IAAStorageDevice-1\
        Lower Device Object: 0xfffffa8007832050
        Lower Device Driver Name: \Driver\iaStor\
        <<<2>>>
        Physical Sector Size: 512
        Drive: 0, DevicePointer: 0xfffffa8009661060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
        --------- Disk Stack ------
        DevicePointer: 0xfffffa8009661b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
        DevicePointer: 0xfffffa8009661060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
        DevicePointer: 0xfffffa8007832050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
        ------------ End ----------
        Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
        Upper DeviceData: 0x0, 0x0, 0x0
        Lower DeviceData: 0x0, 0x0, 0x0
        <<<3>>>
        Volume: C:
        File system type: NTFS
        SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
        <<<2>>>
        <<<3>>>
        Volume: C:
        File system type: NTFS
        SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
        Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
        Done!
        Drive 0
        This is a System drive
        Scanning MBR on drive 0...
        Inspecting partition table:
        MBR Signature: 55AA
        Disk Signature: 321E70D2

        Partition information:

            Partition 0 type is Primary (0x7)
            Partition is ACTIVE.
            Partition starts at LBA: 2048  Numsec = 204800
            Partition file system is NTFS
            Partition is bootable

            Partition 1 type is Primary (0x7)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 206848  Numsec = 468652032

            Partition 2 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

            Partition 3 type is Empty (0x0)
            Partition is NOT ACTIVE.
            Partition starts at LBA: 0  Numsec = 0

        Disk Size: 240057409536 bytes
        Sector size: 512 bytes

        Done!
        Scan finished
        =======================================


        Removal queue found; removal started
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
        Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
        Removal finished
        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 6846869504

        Downloaded database version: v2014.12.30.06
        =======================================


        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 6108311552

        Downloaded database version: v2015.01.05.11
        Downloaded database version: v2014.12.30.01
        Downloaded database version: v2014.12.06.01
        =======================================
        Initializing...
        This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
        =======================================


        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 6207025152

        Downloaded database version: v2015.01.05.11
        Downloaded database version: v2014.12.30.01
        Downloaded database version: v2014.12.06.01
        =======================================
        Initializing...
        This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
        =======================================
        Initializing...
        This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
        =======================================
        Initializing...
        This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
        =======================================
        Initializing...
        This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
        =======================================


        ---------------------------------------
        Malwarebytes Anti-Rootkit BETA 1.08.2.1001

        (c) Malwarebytes Corporation 2011-2012

        OS version: 6.1.7601 Windows 7 Service Pack 1 x64

        Account is Administrative

        Internet Explorer version: 11.0.9600.17501

        File system is: NTFS
        Disk drives: C:\ DRIVE_FIXED
        CPU speed: 2.491000 GHz
        Memory total: 8478961664, free: 6704476160

        Downloaded database version: v2015.01.05.12
        Downloaded database version: v2014.12.30.01
        Downloaded database version: v2014.12.06.01
        =======================================
        Initializing...
        ------------ Kernel report ------------
             01/05/2015 12:20:08
        ------------ Loaded modules -----------
        \SystemRoot\system32\ntoskrnl.exe
        \SystemRoot\system32\hal.dll
        \SystemRoot\system32\kdcom.dll
        \SystemRoot\system32\mcupdate_GenuineIntel.dll
        \SystemRoot\system32\PSHED.dll
        \SystemRoot\system32\CLFS.SYS
        \SystemRoot\system32\CI.dll
        \SystemRoot\system32\drivers\Wdf01000.sys
        \SystemRoot\system32\drivers\WDFLDR.SYS
        \SystemRoot\system32\drivers\ACPI.sys
        \SystemRoot\system32\drivers\WMILIB.SYS
        \SystemRoot\system32\drivers\msisadrv.sys
        \SystemRoot\system32\drivers\pci.sys
        \SystemRoot\system32\drivers\vdrvroot.sys
        \SystemRoot\System32\drivers\partmgr.sys
        \SystemRoot\system32\DRIVERS\compbatt.sys
        \SystemRoot\system32\DRIVERS\BATTC.SYS
        \SystemRoot\system32\drivers\volmgr.sys
        \SystemRoot\System32\drivers\volmgrx.sys
        \SystemRoot\System32\drivers\mountmgr.sys
        \SystemRoot\system32\DRIVERS\iaStor.sys
        \SystemRoot\system32\drivers\atapi.sys
        \SystemRoot\system32\drivers\ataport.SYS
        \SystemRoot\system32\drivers\msahci.sys
        \SystemRoot\system32\drivers\PCIIDEX.SYS
        \SystemRoot\system32\drivers\amdxata.sys
        \SystemRoot\system32\drivers\fltmgr.sys
        \SystemRoot\system32\drivers\fileinfo.sys
        \SystemRoot\system32\DRIVERS\avc3.sys
        \SystemRoot\system32\DRIVERS\gzflt.sys
        \SystemRoot\System32\Drivers\Ntfs.sys
        \SystemRoot\System32\Drivers\msrpc.sys
        \SystemRoot\System32\Drivers\ksecdd.sys
        \SystemRoot\System32\Drivers\cng.sys
        \SystemRoot\System32\drivers\pcw.sys
        \SystemRoot\System32\Drivers\Fs_Rec.sys
        \SystemRoot\system32\drivers\ndis.sys
        \SystemRoot\system32\drivers\NETIO.SYS
        \SystemRoot\System32\Drivers\ksecpkg.sys
        \SystemRoot\System32\drivers\tcpip.sys
        \SystemRoot\System32\drivers\fwpkclnt.sys
        \SystemRoot\system32\drivers\volsnap.sys
        \SystemRoot\System32\Drivers\spldr.sys
        \SystemRoot\System32\drivers\rdyboost.sys
        \SystemRoot\system32\DRIVERS\nvpciflt.sys
        \SystemRoot\System32\Drivers\mup.sys
        \SystemRoot\System32\drivers\hwpolicy.sys
        \SystemRoot\System32\DRIVERS\fvevol.sys
        \SystemRoot\system32\drivers\disk.sys
        \SystemRoot\system32\drivers\CLASSPNP.SYS
        \SystemRoot\System32\Drivers\nvBridge.kmd
        \SystemRoot\System32\drivers\dxgkrnl.sys
        \SystemRoot\System32\drivers\watchdog.sys
        \SystemRoot\System32\drivers\dxgmms1.sys
        \SystemRoot\system32\DRIVERS\cdrom.sys
        \SystemRoot\System32\Drivers\Null.SYS
        \SystemRoot\System32\Drivers\Beep.SYS
        \SystemRoot\System32\drivers\vga.sys
        \SystemRoot\System32\drivers\VIDEOPRT.SYS
        \SystemRoot\System32\DRIVERS\RDPCDD.sys
        \SystemRoot\system32\drivers\rdpencdd.sys
        \SystemRoot\system32\drivers\rdprefmp.sys
        \SystemRoot\System32\Drivers\Msfs.SYS
        \SystemRoot\System32\Drivers\Npfs.SYS
        \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
        \SystemRoot\system32\DRIVERS\tdx.sys
        \SystemRoot\system32\DRIVERS\TDI.SYS
        \SystemRoot\system32\drivers\afd.sys
        \SystemRoot\System32\DRIVERS\netbt.sys
        \SystemRoot\system32\drivers\ws2ifsl.sys
        \SystemRoot\system32\DRIVERS\wfplwf.sys
        \SystemRoot\system32\DRIVERS\pacer.sys
        \SystemRoot\system32\DRIVERS\vwififlt.sys
        \SystemRoot\system32\DRIVERS\netbios.sys
        \SystemRoot\system32\DRIVERS\wanarp.sys
        \SystemRoot\system32\DRIVERS\termdd.sys
        \SystemRoot\system32\DRIVERS\rdbss.sys
        \SystemRoot\system32\drivers\nsiproxy.sys
        \SystemRoot\system32\DRIVERS\mssmbios.sys
        \SystemRoot\System32\drivers\discache.sys
        \SystemRoot\System32\Drivers\dfsc.sys
        \SystemRoot\system32\DRIVERS\blbdrive.sys
        \SystemRoot\system32\DRIVERS\tunnel.sys
        \SystemRoot\system32\DRIVERS\wmiacpi.sys
        \SystemRoot\system32\DRIVERS\igdkmd64.sys
        \SystemRoot\system32\DRIVERS\HECIx64.sys
        \SystemRoot\system32\drivers\usbehci.sys
        \SystemRoot\system32\drivers\USBPORT.SYS
        \SystemRoot\system32\DRIVERS\HDAudBus.sys
        \SystemRoot\system32\DRIVERS\NETwNs64.sys
        \SystemRoot\system32\DRIVERS\vwifibus.sys
        \SystemRoot\system32\DRIVERS\nusb3xhc.sys
        \SystemRoot\system32\DRIVERS\USBD.SYS
        \SystemRoot\system32\DRIVERS\Rt64win7.sys
        \SystemRoot\system32\DRIVERS\i8042prt.sys
        \SystemRoot\system32\DRIVERS\kbdclass.sys
        \SystemRoot\system32\DRIVERS\mouclass.sys
        \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
        \SystemRoot\system32\DRIVERS\CmBatt.sys
        \SystemRoot\system32\DRIVERS\intelppm.sys
        \SystemRoot\system32\DRIVERS\CompositeBus.sys
        \SystemRoot\system32\DRIVERS\AgileVpn.sys
        \SystemRoot\system32\DRIVERS\rasl2tp.sys
        \SystemRoot\system32\DRIVERS\ndistapi.sys
        \SystemRoot\system32\DRIVERS\ndiswan.sys
        \SystemRoot\system32\DRIVERS\raspppoe.sys
        \SystemRoot\system32\DRIVERS\raspptp.sys
        \SystemRoot\system32\DRIVERS\rassstp.sys
        \SystemRoot\system32\DRIVERS\swenum.sys
        \SystemRoot\system32\DRIVERS\ks.sys
        \SystemRoot\system32\DRIVERS\avchv.sys
        \SystemRoot\system32\DRIVERS\umbus.sys
        \SystemRoot\system32\DRIVERS\usbhub.sys
        \SystemRoot\system32\DRIVERS\nusb3hub.sys
        \SystemRoot\System32\Drivers\NDProxy.SYS
        \SystemRoot\system32\drivers\RTKVHD64.sys
        \SystemRoot\system32\drivers\portcls.sys
        \SystemRoot\system32\drivers\drmk.sys
        \SystemRoot\system32\drivers\ksthunk.sys
        \SystemRoot\System32\win32k.sys
        \SystemRoot\System32\drivers\Dxapi.sys
        \SystemRoot\System32\Drivers\crashdmp.sys
        \SystemRoot\System32\Drivers\dump_iaStor.sys
        \SystemRoot\System32\Drivers\dump_dumpfve.sys
        \SystemRoot\system32\DRIVERS\monitor.sys
        \SystemRoot\system32\DRIVERS\usbccgp.sys
        \SystemRoot\System32\Drivers\usbvideo.sys
        \SystemRoot\System32\Drivers\BTHUSB.sys
        \SystemRoot\System32\Drivers\bthport.sys
        \SystemRoot\system32\DRIVERS\hidusb.sys
        \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
        \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
        \SystemRoot\system32\DRIVERS\mouhid.sys
        \SystemRoot\System32\TSDDD.dll
        \SystemRoot\System32\cdd.dll
        \SystemRoot\system32\DRIVERS\trufos.sys
        \SystemRoot\system32\DRIVERS\rfcomm.sys
        \SystemRoot\system32\drivers\BthEnum.sys
        \SystemRoot\system32\DRIVERS\bthpan.sys
        \SystemRoot\system32\drivers\luafv.sys
        \SystemRoot\system32\DRIVERS\avckf.sys
        \SystemRoot\system32\DRIVERS\lltdio.sys
        \SystemRoot\system32\DRIVERS\nwifi.sys
        \SystemRoot\system32\DRIVERS\ndisuio.sys
        \SystemRoot\system32\DRIVERS\rspndr.sys
        \SystemRoot\system32\drivers\HTTP.sys
        \SystemRoot\system32\DRIVERS\bowser.sys
        \SystemRoot\System32\drivers\mpsdrv.sys
        \SystemRoot\system32\DRIVERS\mrxsmb.sys
        \SystemRoot\system32\DRIVERS\mrxsmb10.sys
        \SystemRoot\system32\DRIVERS\mrxsmb20.sys
        \SystemRoot\system32\drivers\peauth.sys
        \SystemRoot\System32\Drivers\secdrv.SYS
        \SystemRoot\System32\DRIVERS\srvnet.sys
        \SystemRoot\System32\drivers\tcpipreg.sys
        \SystemRoot\System32\DRIVERS\srv2.sys
        \SystemRoot\System32\DRIVERS\srv.sys
        \SystemRoot\system32\DRIVERS\vwifimp.sys
        \??\C:\Windows\system32\drivers\mbamchameleon.sys
        \SystemRoot\system32\drivers\spsys.sys
        \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
        \Windows\System32\ntdll.dll
        \Windows\System32\smss.exe
        \Windows\System32\apisetschema.dll
        \Windows\System32\autochk.exe
        \Windows\System32\normaliz.dll
        \Windows\System32\lpk.dll
        \Windows\System32\gdi32.dll
        \Windows\System32\comdlg32.dll
        \Windows\System32\usp10.dll
        \Windows\System32\nsi.dll
        \Windows\System32\difxapi.dll
        \Windows\System32\shlwapi.dll
        \Windows\System32\wininet.dll
        \Windows\System32\clbcatq.dll
        \Windows\System32\urlmon.dll
        \Windows\System32\user32.dll
        \Windows\System32\Wldap32.dll
        \Windows\System32\ole32.dll
        \Windows\System32\iertutil.dll
        \Windows\System32\setupapi.dll
        \Windows\System32\advapi32.dll
        \Windows\System32\rpcrt4.dll
        \Windows\System32\msvcrt.dll
        \Windows\System32\sechost.dll
        \Windows\System32\ws2_32.dll
        \Windows\System32\shell32.dll
        \Windows\System32\kernel32.dll
        \Windows\System32\msctf.dll
        \Windows\System32\psapi.dll
        \Windows\System32\imm32.dll
        \Windows\System32\oleaut32.dll
        \Windows\System32\imagehlp.dll
        \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
        \Windows\System32\crypt32.dll
        \Windows\System32\wintrust.dll
        \Windows\System32\comctl32.dll
        \Windows\System32\cfgmgr32.dll
        \Windows\System32\KernelBase.dll
        \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
        \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
        \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
        \Windows\System32\userenv.dll
        \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
        \Windows\System32\devobj.dll
        \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
        \Windows\System32\profapi.dll
        \Windows\System32\msasn1.dll
        \Windows\SysWOW64\normaliz.dll
        ----------- End -----------
        Done!
        <<<1>>>
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
        « Reply #20 on: January 05, 2015, 07:48:25 PM »
        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan

        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        • Leave the check mark next to Remove found threats.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        Valorus

          Topic Starter


          Beginner

          • Experience: Familiar
          • OS: Windows 7
          Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
          « Reply #21 on: January 06, 2015, 07:50:26 AM »
          Eset scanner result:

          ESETSmartInstaller@High as downloader log:
          all ok
          # product=EOS
          # version=8
          # OnlineScannerApp.exe=1.0.0.1
          # OnlineScanner.ocx=1.0.0.7623
          # api_version=3.0.2
          # EOSSerial=98b1f139e3aad745bbd5f1519b820dfa
          # engine=21833
          # end=finished
          # remove_checked=true
          # archives_checked=false
          # unwanted_checked=true
          # unsafe_checked=false
          # antistealth_checked=true
          # utc_time=2015-01-06 05:27:51
          # local_time=2015-01-05 09:27:51 (-0800, Pacific Standard Time)
          # country="United States"
          # lang=1033
          # osver=6.1.7601 NT Service Pack 1
          # compatibility_mode_1=''
          # compatibility_mode=5893 16776574 100 94 1374783 172065521 0 0
          # scanned=129995
          # found=2
          # cleaned=2
          # scan_time=649
          sh=BEBBC2D67A8E2F0F852A6D6AC3C85BED73948F0C ft=1 fh=83bf463bc66b253f vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\norm\AppData\Roaming\RHEng\8A0639E7611B4B3698B6730EF05B7AF6\445f2.exe.vir"
          sh=CB4880C5F2A408AB012092CFE59EF6DFF53AD12A ft=1 fh=d9d68bb2627a62ac vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\norm\AppData\Roaming\RHEng\9CC7496943CF4D809BD20D73D50AE8F7\myradioplayerSetupx30012.exe.vir"
          ESETSmartInstaller@High as downloader log:
          all ok
          # product=EOS
          # version=8
          # OnlineScannerApp.exe=1.0.0.1
          # OnlineScanner.ocx=1.0.0.7623
          # api_version=3.0.2
          # EOSSerial=98b1f139e3aad745bbd5f1519b820dfa
          # engine=21839
          # end=finished
          # remove_checked=false
          # archives_checked=false
          # unwanted_checked=true
          # unsafe_checked=false
          # antistealth_checked=true
          # utc_time=2015-01-06 02:43:40
          # local_time=2015-01-06 06:43:40 (-0800, Pacific Standard Time)
          # country="United States"
          # lang=1033
          # osver=6.1.7601 NT Service Pack 1
          # compatibility_mode_1=''
          # compatibility_mode=5893 16776574 100 94 1408132 172098870 0 0
          # scanned=130042
          # found=0
          # cleaned=0
          # scan_time=629
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
          « Reply #22 on: January 06, 2015, 03:51:31 PM »
          How's your computer working now? Any other issues?
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          Valorus

            Topic Starter


            Beginner

            • Experience: Familiar
            • OS: Windows 7
            Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
            « Reply #23 on: January 07, 2015, 10:12:45 AM »
            Thanks for all your help Dave. This computer is still doing strange things,  Chrome freezes when I try to download any type of security scanner

            or anti-malware program, and when I can D/L, it does so very slowly.

            A utility called 'RogueKiller' says I probably have a difficult to detect rootkit virus called 'Zeus banking', here are the results of that scan, FWIW:

            RogueKiller V10.1.2.0 (x64) [Jan  7 2015] by Adlice Software
            mail : http://www.adlice.com/contact/
            Feedback : http://forum.adlice.com
            Website : http://www.adlice.com/softwares/roguekiller/
            Blog : http://www.adlice.com

            Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
            Started in : Normal mode
            User : norm [Administrator]
            Mode : Delete -- Date : 01/07/2015  08:32:24

            ¤¤¤ Processes : 0 ¤¤¤

            ¤¤¤ Registry : 0 ¤¤¤

            ¤¤¤ Tasks : 0 ¤¤¤

            ¤¤¤ Files : 0 ¤¤¤

            ¤¤¤ Hosts File : 1 ¤¤¤
            [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

            ¤¤¤ Antirootkit : 171 (Driver: Loaded) ¤¤¤
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x753507ae (jmp 0x585a45|jmp 0xffffffffffffe15a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x753507ae (jmp 0x57f23d|jmp 0xffffffffffffdd32|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExA : Unknown @ 0x753507ae (jmp 0xfffffffffe8893c5|jmp 0xffffffffffffee6a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x753507ae (jmp 0xfffffffffed92509|jmp 0xffffffffffffd282|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x753507ae (jmp 0xfffffffffed92509|jmp 0xffffffffffffd282|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x753507ae (jmp 0x585a45|jmp 0xffffffffffffe15a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x753507ae (jmp 0x57f23d|jmp 0xffffffffffffdd32|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2095|jmp 0xffffffffffffe6b2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2e09|jmp 0xffffffffffffdad2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa19a1|jmp 0xffffffffffffef9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1a09|jmp 0xffffffffffffef02|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa0331|jmp 0xffffffffffffe4ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa03f1|jmp 0xffffffffffffe87a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa3029|jmp 0xffffffffffffda3a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x753507ae (jmp 0xfffffffffdfa2189|jmp 0xffffffffffffe7e2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x753507ae (jmp 0xfffffffffdfa109d|jmp 0xffffffffffffd90a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1e65|jmp 0xffffffffffffe912|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x753507ae (jmp 0xfffffffffdf61bb6|jmp 0xffffffffffffdc9a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1f1d|jmp 0xffffffffffffe74a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1045|jmp 0xffffffffffffeca2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x753507ae (jmp 0xfffffffffed6ace2|jmp 0xffffffffffffe582|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe89b866|jmp 0xffffffffffffd152|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x753507ae (jmp 0xfffffffffe88f9bf|jmp 0xffffffffffffd022|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89235c|jmp 0xffffffffffffcf8a|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x753507ae (jmp 0xfffffffffdfa14b9|jmp 0xffffffffffffd1ea|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x753507ae (jmp 0xfffffffffed79474|jmp 0xffffffffffffd612|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x753507ae (jmp 0xfffffffffe89bbef|jmp 0xffffffffffffd0ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x753507ae (jmp 0xfffffffffe8933c8|jmp 0xffffffffffffe3ba|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x753507ae (jmp 0xfffffffffe88a1b6|jmp 0xffffffffffffedd2|call 0x1fe)
            [IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x753507ae (jmp 0xfffffffffdfa1df5|jmp 0xffffffffffffd9a2|call 0x1fe)

            ¤¤¤ Web browsers : 0 ¤¤¤

            ¤¤¤ MBR Check : ¤¤¤
            +++++ PhysicalDrive0: SSD2SC240G1LC763C121S443 +++++
            --- User ---
            [MBR] d9322d6af92b3db59e3df7ee3c3172ff
            [BSP] 4959772a3612bb8ad19f1d53ce42bc5a : Windows Vista/7/8 MBR Code
            Partition table:
            0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
            1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB
            User = LL1 ... OK
            User = LL2 ... OK


            ============================================
            RKreport_DEL_01042015_154849.log - RKreport_DEL_01062015_062635.log - RKreport_DEL_01062015_152930.log - RKreport_DEL_11302014_080036.log
            RKreport_DEL_12072014_184842.log - RKreport_DEL_12082014_184910.log - RKreport_DEL_12082014_184945.log - RKreport_DEL_12082014_185118.log
            RKreport_DEL_12082014_185131.log - RKreport_DEL_12082014_190246.log - RKreport_DEL_12092014_095223.log - RKreport_DEL_12102014_074218.log
            RKreport_DEL_12102014_075624.log - RKreport_DEL_12102014_201743.log - RKreport_DEL_12122014_104726.log - RKreport_DEL_12132014_134632.log
            RKreport_DEL_12142014_130451.log - RKreport_DEL_12152014_171031.log - RKreport_DEL_12172014_212028.log - RKreport_DEL_12252014_192222.log
            RKreport_DEL_12252014_193516.log - RKreport_DEL_12262014_113308.log - RKreport_DEL_12272014_083632.log - RKreport_DEL_12272014_144246.log
            RKreport_DEL_12282014_125924.log - RKreport_DEL_12302014_102053.log - RKreport_SCN_01022015_115431.log - RKreport_SCN_01042015_154738.log
            RKreport_SCN_01062015_062508.log - RKreport_SCN_01062015_072324.log - RKreport_SCN_01062015_152834.log - RKreport_SCN_11292014_135454.log
            RKreport_SCN_11302014_075943.log - RKreport_SCN_12072014_184749.log - RKreport_SCN_12082014_184801.log - RKreport_SCN_12082014_190156.log
            RKreport_SCN_12092014_095016.log - RKreport_SCN_12102014_073929.log - RKreport_SCN_12102014_075550.log - RKreport_SCN_12102014_201725.log
            RKreport_SCN_12122014_104704.log - RKreport_SCN_12132014_134614.log - RKreport_SCN_12142014_130428.log - RKreport_SCN_12152014_170941.log
            RKreport_SCN_12172014_212004.log - RKreport_SCN_12252014_192003.log - RKreport_SCN_12252014_193450.log - RKreport_SCN_12262014_113236.log
            RKreport_SCN_12272014_083607.log - RKreport_SCN_12272014_144158.log - RKreport_SCN_12282014_112626.log - RKreport_SCN_12282014_125901.log
            RKreport_SCN_12302014_101942.log - RKreport_SCN_01072015_083126.log

            I don't know if this is of any use to you, but don't know where else to turn.


               
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
            « Reply #24 on: January 07, 2015, 01:20:19 PM »
            Quote
            Chrome freezes when I try to download any type of security scanner

            or anti-malware program, and when I can D/L, it does so very slowly.
            Does it do that when you use another browser?
            You could try uninstalling and reinstalling Chrome.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            Valorus

              Topic Starter


              Beginner

              • Experience: Familiar
              • OS: Windows 7
              Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
              « Reply #25 on: January 09, 2015, 02:47:07 PM »
              Yesterday things looked pretty good, but this morning the wireless adaptor was disabled, start button was gone, and action center was disabled.

              I still don't understand how this virus could survive a hard drive change.

              Things are almost back to normal after running RogueKiller. It found 12 incorrect registry entries and corrected them.

              Is there anything else we could try, Dave?
              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
              « Reply #26 on: January 09, 2015, 07:35:05 PM »
              Quote
              I still don't understand how this virus could survive a hard drive change.
              I seriously doubt it is an infection. They just don't act that way.

              To Run the SFC /SCANNOW Command in Windows 7
              1. Open an elevated command prompt.

              2. To Scan and Repair System Files
              NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
              A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
              NOTE: This may take some time to finish.



              B) Go to step 4.

              3. To Only Verify if the System Files are Corrupted
              NOTE: Scans and only verifies the integrity of all proteced system files only.
              A) In the elevated command prompt, type sfc /verifyonly and press Enter.

              4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
              NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



              5. When done, close the elevated command prompt.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              Valorus

                Topic Starter


                Beginner

                • Experience: Familiar
                • OS: Windows 7
                Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
                « Reply #27 on: January 09, 2015, 08:02:48 PM »
                Did not find any integrity violations.
                Logged

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
                « Reply #28 on: January 10, 2015, 12:56:28 PM »
                The only thing I can think of at this point is to reformat and re-install the OS. Something may have amiss in the first installation.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's

                Valorus

                  Topic Starter


                  Beginner

                  • Experience: Familiar
                  • OS: Windows 7
                  Re: Replaced HHD with SSD. Still have this !@#$%^&Malware!!
                  « Reply #29 on: January 11, 2015, 09:25:33 AM »
                  Dave,

                  Thanks for your time and help. I've cleaned the ssd and reinstalled win7 and things ran fine

                  Until this morning. My desktop is frozen, greyed out. Just this little blue donut going round and round.

                  Going to Safe mode, event system is not running, also security center and windows update have stopped.

                  Now, the modem has stopped and is asking for the password , again.

                  The modem is working again, RogueKiller found 15 pups, deleted them and everything is working again

                  Until next time.







                  Logged
                  Pages: 1 [2] 3  All   Go Up
                  « previous next »