Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help to remove Delta-Toolbar
Message
<blockquote data-quote="birdinthehand" data-source="post: 130977" data-attributes="member: 10508"><p>Hi There Kuttus,</p><p></p><p>All I can say is wow!!! I hope I' ve got everything right and in the correct order.</p><p>Here goes....</p><p></p><p><strong><strong>Step 1.</strong></strong></p><p><strong></strong></p><p>AdwCleaner v2.306 - Logfile created 07/30/2013 at 16:56:28</p><p># Updated 19/07/2013 by Xplode</p><p># Operating system : Windows 7 Starter Service Pack 1 (32 bits)</p><p># User : Trudy - TRUDY-PC</p><p># Boot Mode : Normal</p><p># Running from : C:\Users\Trudy\Downloads\adwcleaner.exe</p><p># Option [Delete]</p><p></p><p></p><p>***** [Services] *****</p><p></p><p>Stopped & Deleted : BrowserDefendert</p><p></p><p>***** [Files / Folders] *****</p><p></p><p>Deleted on reboot : C:\ProgramData\BrowserDefender</p><p>File Deleted : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data</p><p>File Deleted : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences</p><p>File Deleted : C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk</p><p>Folder Deleted : C:\Program Files\Wajam</p><p>Folder Deleted : C:\ProgramData\Tarma Installer</p><p>Folder Deleted : C:\Users\Trudy\AppData\Local\Ilivid</p><p>Folder Deleted : C:\Users\Trudy\AppData\Local\Wajam</p><p>Folder Deleted : C:\Users\Trudy\AppData\Roaming\BabSolution</p><p>Folder Deleted : C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam</p><p></p><p>***** [Registry] *****</p><p></p><p>Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong</p><p>Key Deleted : HKCU\Software\BabSolution</p><p>Key Deleted : HKCU\Software\DataMngr</p><p>Key Deleted : HKCU\Software\DataMngr_Toolbar</p><p>Key Deleted : HKCU\Software\de8bdbb23cef10</p><p>Key Deleted : HKCU\Software\Delta</p><p>Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh</p><p>Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj</p><p>Key Deleted : HKCU\Software\ilivid</p><p>Key Deleted : HKCU\Software\InstallCore</p><p>Key Deleted : HKCU\Software\InstalledBrowserExtensions</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</p><p>Key Deleted : HKCU\Software\mysearchdial</p><p>Key Deleted : HKCU\Software\Softonic</p><p>Key Deleted : HKCU\Software\Wajam</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane</p><p>Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc</p><p>Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc</p><p>Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore</p><p>Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd</p><p>Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr</p><p>Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO</p><p>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader</p><p>Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api</p><p>Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers</p><p>Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1</p><p>Key Deleted : HKLM\Software\DataMngr</p><p>Key Deleted : HKLM\SOFTWARE\de8bdbb23cef10</p><p>Key Deleted : HKLM\Software\Delta</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp</p><p>Key Deleted : HKLM\Software\InstallCore</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam</p><p>Key Deleted : HKLM\Software\Tarma Installer</p><p>Key Deleted : HKLM\Software\Wajam</p><p>Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater</p><p>Key Deleted : HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]</p><p>Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]</p><p></p><p>***** [Internet Browsers] *****</p><p></p><p>-\\ Internet Explorer v10.0.9200.16635</p><p></p><p>Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= --> hxxp://www.google.com</p><p></p><p>-\\ Google Chrome v28.0.1500.72</p><p></p><p>File : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p></p><p>[OK] File is clean.</p><p></p><p>*************************</p><p></p><p>AdwCleaner[S1].txt - [9611 octets] - [30/07/2013 16:56:29]</p><p></p><p>########## EOF - C:\AdwCleaner[S1].txt - [9671 octets] ##########</p><p></p><p></p><p><strong>Step 2.</strong></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p>Junkware Removal Tool (JRT) by Thisisu</p><p>Version: 5.2.8 (07.29.2013:2)</p><p>OS: Windows 7 Starter x86</p><p>Ran by Trudy on 30/07/2013 at 17:04:54.95</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p></p><p>~~~ Services</p><p></p><p>Successfully stopped: [Service] backupstack </p><p>Successfully deleted: [Service] backupstack </p><p></p><p></p><p></p><p>~~~ Registry Values</p><p></p><p>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs</p><p></p><p></p><p></p><p>~~~ Registry Keys</p><p></p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544}</p><p>Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings</p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch</p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622278}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255625578}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626678}</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}</p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p></p><p></p><p></p><p>~~~ Files</p><p></p><p>Successfully deleted: [File] "C:\windows\tasks\driverupdate startup.job"</p><p></p><p></p><p></p><p>~~~ Folders</p><p></p><p>Successfully deleted: [Folder] "C:\ProgramData\fighters"</p><p>Successfully deleted: [Folder] "C:\Users\Trudy\AppData\Roaming\fighters"</p><p>Successfully deleted: [Folder] "C:\Users\Trudy\AppData\Roaming\pccustubinstaller"</p><p>Successfully deleted: [Folder] "C:\Users\Trudy\appdata\local\torch"</p><p></p><p></p><p></p><p>~~~ Chrome</p><p></p><p>Successfully deleted: [Folder] C:\Users\Trudy\appdata\local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof</p><p></p><p></p><p></p><p>~~~ Event Viewer Logs were cleared</p><p></p><p></p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Scan was completed on 30/07/2013 at 17:09:18.35</p><p>End of JRT log</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p><strong>Step 3.</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong><strong>There are 3 mbar logs as the first time I scanned I didn't update prior to scanning [mbar-log-2013-07-30(17-21-36)].</strong></strong></p><p><strong><strong>Therefor mbar-log-2013-07-30(17-38-25) is the first update & scan and mbar-log-2013-07-30(17-57-43)</strong></strong></p><p><strong><strong>is the 2nd after rebooting.</strong></strong></p><p><strong><strong></strong></strong></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16635</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.600000 GHz</p><p>Memory total: 1062608896, free: 486252544</p><p></p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 07/30/2013 17:21:16</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\halmacpi.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\BOOTVID.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\system32\drivers\intelide.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\DRIVERS\MpFilter.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\disk.sys</p><p>\SystemRoot\system32\DRIVERS\CLASSPNP.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd32.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt86win7.sys</p><p>\SystemRoot\system32\DRIVERS\netr28.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\drivers\usbuhci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\i8042prt.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\fspad_wlh32.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\drivers\ks.sys</p><p>\SystemRoot\system32\drivers\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\RTKVHDA.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_atapi.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\DRIVERS\NisDrvWFP.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\windows\system32\drivers\mbamswissarmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\msasn1.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff84800a20</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xffffffff84360610</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff84800658, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff8473d918, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff84360610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\windows\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 57A73787</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 16001024</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 16003072 Numsec = 472392048</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 250059350016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...</p><p>Done!</p><p>Scan finished</p><p>Removal queue found; removal started</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...</p><p>Removal finished</p><p>Downloaded database version: v2013.07.30.08</p><p>Downloaded database version: v2013.07.29.01</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 07/30/2013 17:38:05</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\halmacpi.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\BOOTVID.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\system32\drivers\intelide.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\DRIVERS\MpFilter.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\disk.sys</p><p>\SystemRoot\system32\DRIVERS\CLASSPNP.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd32.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt86win7.sys</p><p>\SystemRoot\system32\DRIVERS\netr28.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\drivers\usbuhci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\i8042prt.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\fspad_wlh32.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\drivers\ks.sys</p><p>\SystemRoot\system32\drivers\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\RTKVHDA.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_atapi.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\DRIVERS\NisDrvWFP.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\windows\system32\drivers\mbamswissarmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\msasn1.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff84800a20</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xffffffff84360610</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff84800658, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff8473d918, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff84360610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\windows\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 57A73787</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 16001024</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 16003072 Numsec = 472392048</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 250059350016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...</p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16635</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 1.600000 GHz</p><p>Memory total: 1062608896, free: 443527168</p><p></p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 07/30/2013 17:57:22</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\halmacpi.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\BOOTVID.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\DRIVERS\compbatt.sys</p><p>\SystemRoot\system32\DRIVERS\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\system32\drivers\intelide.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\DRIVERS\MpFilter.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\disk.sys</p><p>\SystemRoot\system32\DRIVERS\CLASSPNP.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd32.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt86win7.sys</p><p>\SystemRoot\system32\DRIVERS\netr28.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\drivers\usbuhci.sys</p><p>\SystemRoot\system32\drivers\USBPORT.SYS</p><p>\SystemRoot\system32\drivers\usbehci.sys</p><p>\SystemRoot\system32\drivers\i8042prt.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\fspad_wlh32.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\drivers\ks.sys</p><p>\SystemRoot\system32\drivers\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\RTKVHDA.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpata.sys</p><p>\SystemRoot\System32\Drivers\dump_atapi.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\DRIVERS\NisDrvWFP.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\spsys.sys</p><p>\??\C:\windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\windows\system32\drivers\mbamswissarmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\msasn1.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff84402a58</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\</p><p>Lower Device Object: 0xffffffff83f62610</p><p>Lower Device Driver Name: \Driver\atapi\</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff84402a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff84402690, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xffffffff84402a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff83f84898, DeviceName: Unknown, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff83f62610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\windows\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 57A73787</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 16001024</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 16003072 Numsec = 472392048</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 250059350016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...</p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...</p><p>Removal finished</p><p></p><p></p><p><strong>Final step.</strong></p><p><strong></strong></p><p><strong>When I first ran the Mbam-setup.exe it showed 26 issues in results, I checked all entries as C:/ system volume information folder was not listed & when I clicked remove selected items my computer crashed, however it rebooted o.k. and I retrieved & opened it at perform quick scan, so I ran a second scan which showed 0 issues in the results.</strong></p><p><strong></strong></p><p>Malwarebytes Anti-Malware 1.75.0.1300</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.07.30.08</p><p></p><p>Windows 7 Service Pack 1 x86 NTFS</p><p>Internet Explorer 10.0.9200.16635</p><p>Trudy :: TRUDY-PC [administrator]</p><p></p><p>30/07/2013 18:55:42</p><p>mbam-log-2013-07-30 (18-55-42).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</p><p>Scan options disabled: P2P</p><p>Objects scanned: 204801</p><p>Time elapsed: 9 minute(s), 55 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p>I hope that I've done everything correctly and posted everything that you requested in the right order?!!!</p><p></p><p></p><p>Many thanks once again for your help kuttus.</p><p></p><p>Kind Regards.</p><p></p><p>Trudy<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="birdinthehand, post: 130977, member: 10508"] Hi There Kuttus, All I can say is wow!!! I hope I' ve got everything right and in the correct order. Here goes.... [b][b]Step 1.[/b] [/b] AdwCleaner v2.306 - Logfile created 07/30/2013 at 16:56:28 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Starter Service Pack 1 (32 bits) # User : Trudy - TRUDY-PC # Boot Mode : Normal # Running from : C:\Users\Trudy\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : BrowserDefendert ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\BrowserDefender File Deleted : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk Folder Deleted : C:\Program Files\Wajam Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Trudy\AppData\Local\Ilivid Folder Deleted : C:\Users\Trudy\AppData\Local\Wajam Folder Deleted : C:\Users\Trudy\AppData\Roaming\BabSolution Folder Deleted : C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\de8bdbb23cef10 Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\mysearchdial Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Wajam Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1 Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1 Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\de8bdbb23cef10 Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKLM\Software\InstallCore Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\Software\Wajam Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKU\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop] ***** [Internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0AtCtA0B0DtDtC0DtCyCtDtA0AtN0D0Tzu0CyDyByEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=431870537&ir= --> hxxp://www.google.com -\\ Google Chrome v28.0.1500.72 File : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [9611 octets] - [30/07/2013 16:56:29] ########## EOF - C:\AdwCleaner[S1].txt - [9671 octets] ########## [b]Step 2.[/b] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.8 (07.29.2013:2) OS: Windows 7 Starter x86 Ran by Trudy on 30/07/2013 at 17:04:54.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] backupstack Successfully deleted: [Service] backupstack ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622278} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255625578} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626678} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} ~~~ Files Successfully deleted: [File] "C:\windows\tasks\driverupdate startup.job" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\fighters" Successfully deleted: [Folder] "C:\Users\Trudy\AppData\Roaming\fighters" Successfully deleted: [Folder] "C:\Users\Trudy\AppData\Roaming\pccustubinstaller" Successfully deleted: [Folder] "C:\Users\Trudy\appdata\local\torch" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Trudy\appdata\local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30/07/2013 at 17:09:18.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [b]Step 3. [b]There are 3 mbar logs as the first time I scanned I didn't update prior to scanning [mbar-log-2013-07-30(17-21-36)]. Therefor mbar-log-2013-07-30(17-38-25) is the first update & scan and mbar-log-2013-07-30(17-57-43) is the 2nd after rebooting. [/b][/b] --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.600000 GHz Memory total: 1062608896, free: 486252544 Initializing... ------------ Kernel report ------------ 07/30/2013 17:21:16 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\netr28.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\fspad_wlh32.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\psapi.dll \Windows\System32\setupapi.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\comdlg32.dll \Windows\System32\nsi.dll \Windows\System32\oleaut32.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\sechost.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\msctf.dll \Windows\System32\imm32.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\urlmon.dll \Windows\System32\advapi32.dll \Windows\System32\gdi32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff84800a20 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff84360610 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84800658, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8473d918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84360610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 57A73787 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 16001024 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 16003072 Numsec = 472392048 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Scan finished Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished Downloaded database version: v2013.07.30.08 Downloaded database version: v2013.07.29.01 Initializing... ------------ Kernel report ------------ 07/30/2013 17:38:05 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\netr28.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\fspad_wlh32.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\psapi.dll \Windows\System32\setupapi.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\comdlg32.dll \Windows\System32\nsi.dll \Windows\System32\oleaut32.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\sechost.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\msctf.dll \Windows\System32\imm32.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\urlmon.dll \Windows\System32\advapi32.dll \Windows\System32\gdi32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff84800a20 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff84360610 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84800658, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff84800a20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8473d918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84360610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 57A73787 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 16001024 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 16003072 Numsec = 472392048 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.600000 GHz Memory total: 1062608896, free: 443527168 Initializing... ------------ Kernel report ------------ 07/30/2013 17:57:22 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\netr28.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\fspad_wlh32.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\msctf.dll \Windows\System32\rpcrt4.dll \Windows\System32\gdi32.dll \Windows\System32\lpk.dll \Windows\System32\ole32.dll \Windows\System32\ws2_32.dll \Windows\System32\difxapi.dll \Windows\System32\shlwapi.dll \Windows\System32\imm32.dll \Windows\System32\shell32.dll \Windows\System32\imagehlp.dll \Windows\System32\urlmon.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\advapi32.dll \Windows\System32\psapi.dll \Windows\System32\oleaut32.dll \Windows\System32\comdlg32.dll \Windows\System32\wininet.dll \Windows\System32\usp10.dll \Windows\System32\clbcatq.dll \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\nsi.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\Wldap32.dll \Windows\System32\setupapi.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff84402a58 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff83f62610 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff84402a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84402690, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff84402a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff83f84898, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff83f62610, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 57A73787 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 16001024 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 16003072 Numsec = 472392048 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished [b]Final step. When I first ran the Mbam-setup.exe it showed 26 issues in results, I checked all entries as C:/ system volume information folder was not listed & when I clicked remove selected items my computer crashed, however it rebooted o.k. and I retrieved & opened it at perform quick scan, so I ran a second scan which showed 0 issues in the results. [/b] Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.30.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Trudy :: TRUDY-PC [administrator] 30/07/2013 18:55:42 mbam-log-2013-07-30 (18-55-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204801 Time elapsed: 9 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I hope that I've done everything correctly and posted everything that you requested in the right order?!!! Many thanks once again for your help kuttus. Kind Regards. Trudy:) [/QUOTE]
Insert quotes…
Verification
Post reply
Top