Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
User profile cannot be loaded
Message
<blockquote data-quote="sbcs" data-source="post: 125181" data-attributes="member: 9133"><p>The Windows Security Service is running. I appreciate your help.</p><p>Here are the requested logs:</p><p></p><p># AdwCleaner v2.303 - Logfile created 06/18/2013 at 09:57:05</p><p># Updated 08/06/2013 by Xplode</p><p># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)</p><p># User : Steve - OFFICE</p><p># Boot Mode : Normal</p><p># Running from : C:\Users\Steve\Desktop\adwcleaner.exe</p><p># Option [Delete]</p><p></p><p></p><p>***** [Services] *****</p><p></p><p></p><p>***** [Files / Folders] *****</p><p></p><p>File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml</p><p>File Deleted : C:\Users\Steve\AppData\Local\Temp\Uninstall.exe</p><p>File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\searchplugins\search-here.xml</p><p>Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare</p><p>Folder Deleted : C:\Users\Steve\AppData\Local\Conduit</p><p>Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc</p><p>Folder Deleted : C:\Users\Steve\AppData\Local\PackageAware</p><p>Folder Deleted : C:\Users\Steve\AppData\Local\Temp\avg@toolbar</p><p>Folder Deleted : C:\Users\Steve\AppData\Local\Temp\boost_interprocess</p><p>Folder Deleted : C:\Users\Steve\AppData\LocalLow\AVG Security Toolbar</p><p>Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit</p><p>Folder Deleted : C:\Users\Steve\AppData\LocalLow\PriceGong</p><p>Folder Deleted : C:\Users\Steve\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar</p><p>Folder Deleted : C:\Users\Steve\AppData\Roaming\DefaultTab</p><p></p><p>***** [Registry] *****</p><p></p><p>Key Deleted : HKCU\Software\AppDataLow\Software\Conduit</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong</p><p>Key Deleted : HKCU\Software\Ask&Record</p><p>Key Deleted : HKCU\Software\Conduit</p><p>Key Deleted : HKCU\Software\Default Tab</p><p>Key Deleted : HKCU\Software\DefaultTab</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}</p><p>Key Deleted : HKCU\Software\wecarereminder</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>Key Deleted : HKLM\Software\AVG Secure Search</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser</p><p>Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX</p><p>Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}</p><p>Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar</p><p>Key Deleted : HKLM\SOFTWARE\Software</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]</p><p></p><p>***** [Internet Browsers] *****</p><p></p><p>-\\ Internet Explorer v10.0.9200.16611</p><p></p><p>[OK] Registry is clean.</p><p></p><p>-\\ Mozilla Firefox v21.0 (en-US)</p><p></p><p>File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\prefs.js</p><p></p><p>C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\user.js ... Deleted !</p><p></p><p>Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]</p><p></p><p>-\\ Google Chrome v27.0.1453.110</p><p></p><p>File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p></p><p>[OK] File is clean.</p><p></p><p>-\\ Opera v12.15.1748.0</p><p></p><p>File : C:\Users\Steve\AppData\Roaming\Opera\Opera\operaprefs.ini</p><p></p><p>[OK] File is clean.</p><p></p><p>*************************</p><p></p><p>AdwCleaner[S1].txt - [6100 octets] - [18/06/2013 09:57:05]</p><p></p><p>########## EOF - C:\AdwCleaner[S1].txt - [6160 octets] ##########</p><p></p><p></p><p>====================================================================</p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Junkware Removal Tool (JRT) by Thisisu</p><p>Version: 4.9.4 (05.06.2013:1)</p><p>OS: Windows 7 Home Premium x64</p><p>Ran by Steve on Tue 06/18/2013 at 10:05:44.73</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p></p><p>~~~ Services</p><p></p><p></p><p></p><p>~~~ Registry Values</p><p></p><p>Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL</p><p></p><p></p><p></p><p>~~~ Registry Keys</p><p></p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{200EFE6E-9971-475A-AACF-01900B8FA7E7}</p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8E19848-715B-43FF-AE7F-16A475C51915}</p><p></p><p></p><p></p><p>~~~ Files</p><p></p><p></p><p></p><p>~~~ Folders</p><p></p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1A8C9475-3BE1-4E6C-A5C1-33D95AB249BB}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{248D7D6D-BA93-4BCB-9141-9F94561C0C1F}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2C30AB5F-3560-4DF5-874B-E7A644842093}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{45AB4B3A-8968-4C30-8425-6E9D0949951B}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4645FD04-7C4D-41A9-86DA-D723586CB882}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4800F9B8-856A-419E-A387-89271E3CDD05}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D63569B-25EE-49B3-932D-CF5D2CB50F18}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D7082AE-055B-4C3C-98F7-10FEC8E5104D}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4E6B0182-52E6-4877-A2D4-8F4926AA287D}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4ECAC928-FF57-4744-904B-5F4FFE55084B}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{510d3662-78a2-3009-94b6-0e30754d007b}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{51E69F84-4E16-4BA1-860A-B62FF9EE5D28}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{535BDCCE-622E-4235-B7F0-F87C5E1D2386}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{53FCED83-ADF5-42AD-83D3-A31A56FF2A12}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5A118C80-1B07-4D62-A9A4-EFBEBC5313A7}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{64E0AFBB-7589-4B71-9930-5FF268EAECF7}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6FA82842-2D26-4C4D-8719-1F972D129C58}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{77F9F3C3-09BA-4EC5-B3FA-3D85A9DC127B}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7BDA706A-796F-48CF-A01C-B1C80F9F888D}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7EEBC780-D4B9-422E-ABAE-F5E0B0842B24}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7F130B31-18E6-49A8-A9E8-92E278BBD05D}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{83B53B7A-B204-4D93-83B1-0E3F796BB1C8}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{90897ABC-F91C-4FF6-99FE-85007923E93F}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{98E9EEB8-05A1-41B3-8FA5-07473A1B9C65}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9EF69437-C230-4AD3-837A-8F3742E16AAF}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A9BCCD5B-503B-4F2C-9101-DC3F618326A3}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BE9B579B-EC52-45F4-AC2E-160006F5611E}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C5FB2E66-AB33-42F2-80C4-F6E975CED238}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C6D63F3A-FD67-4C94-B749-8D5349CE57F1}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C7D3191A-91D2-474F-BA7F-99A716EEEE68}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C867F629-DB3F-44EB-ADAA-3A6BC5E96F3F}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D937BE60-DCDE-4494-A1FB-0C573427FF45}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E2290EC0-AC46-4024-91DF-DBB5EEF3876A}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F38E51AD-8404-4A65-BBBE-731A338F16EA}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F8C99EFF-7E3B-4F57-AB97-80ACB35F39B7}</p><p>Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FE772C7D-B91E-4B14-A080-E6B04ADB3D89}</p><p></p><p></p><p></p><p>~~~ FireFox</p><p></p><p>Successfully deleted the following from C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\pi3lwl05.default\prefs.js</p><p></p><p>user_pref("extensions.addon@defaulttab.com.install-event-fired", true);</p><p>user_pref("extensions.defaulttab.active.affiliate", 2628);</p><p>user_pref("extensions.defaulttab.active.overridechromesearch", false);</p><p>user_pref("extensions.defaulttab.active.overridekeywordsearch", false);</p><p>user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20120728,18175,0,0,0");</p><p>user_pref("extensions.defaulttab.browserID", "3b63c7b8a79a80292d8004c81abfd778");</p><p>user_pref("extensions.defaulttab.firstrun", false);</p><p>user_pref("extensions.defaulttab.installedVersion", "1.4");</p><p>Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\pi3lwl05.default\minidumps [70 files]</p><p></p><p></p><p></p><p>~~~ Chrome</p><p></p><p>Successfully deleted: [Folder] C:\Users\Steve\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc</p><p></p><p></p><p></p><p>~~~ Event Viewer Logs were cleared</p><p></p><p></p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Scan was completed on Tue 06/18/2013 at 10:11:04.81</p><p>End of JRT log</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p>====================================================================</p><p></p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1003</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.06.18.04</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 10.0.9200.16618</p><p>Steve :: OFFICE [administrator]</p><p></p><p>6/18/2013 10:19:04 AM</p><p>mbar-log-2013-06-18 (10-19-04).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P</p><p>Scan options disabled: PUP</p><p>Objects scanned: 366257</p><p>Time elapsed: 1 hour(s), 33 minute(s), 31 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p></p><p>===========================================================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1003</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16618</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, K:\ DRIVE_FIXED</p><p>CPU speed: 2.600000 GHz</p><p>Memory total: 8312995840, free: 5845188608</p><p></p><p>Downloaded database version: v2013.06.18.04</p><p>Downloaded database version: v2013.05.22.01</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 06/18/2013 10:19:00</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_AuthenticAMD.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\System32\Drivers\sprs.sys</p><p>\SystemRoot\System32\Drivers\WMILIB.SYS</p><p>\SystemRoot\System32\Drivers\SCSIPORT.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\system32\drivers\pciide.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\PxHlpa64.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\disk.sys</p><p>\SystemRoot\system32\DRIVERS\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\avgrkx64.sys</p><p>\SystemRoot\system32\DRIVERS\avgloga.sys</p><p>\SystemRoot\system32\DRIVERS\avgmfx64.sys</p><p>\SystemRoot\system32\DRIVERS\avgidsha.sys</p><p>\SystemRoot\system32\DRIVERS\AtiPcie.sys</p><p>\SystemRoot\system32\DRIVERS\ahcix64s.sys</p><p>\SystemRoot\system32\DRIVERS\storport.sys</p><p>\SystemRoot\system32\DRIVERS\c2scsi64.sys</p><p>\SystemRoot\system32\drivers\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\DRIVERS\avgtdia.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\vsdatant.sys</p><p>\SystemRoot\system32\drivers\ws2ifsl.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\avgldx64.sys</p><p>\SystemRoot\system32\DRIVERS\avgidsdrivera.sys</p><p>\??\C:\Users\Steve\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\amdppm.sys</p><p>\SystemRoot\system32\DRIVERS\atikmdag.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\athrx.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\System32\Drivers\GEARAspiWDM.sys</p><p>\SystemRoot\system32\DRIVERS\usbohci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbfilter.sys</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\drivers\1394ohci.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\kbdclass.sys</p><p>\SystemRoot\system32\drivers\mouclass.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\drivers\ks.sys</p><p>\SystemRoot\system32\drivers\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\vmnetadapter.sys</p><p>\SystemRoot\system32\DRIVERS\VMNET.SYS</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\drivers\RTKVHD64.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\drivers\USBSTOR.SYS</p><p>\SystemRoot\system32\drivers\USBD.SYS</p><p>\SystemRoot\system32\drivers\hidusb.sys</p><p>\SystemRoot\system32\drivers\HIDCLASS.SYS</p><p>\SystemRoot\system32\drivers\HIDPARSE.SYS</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\drivers\kbdhid.sys</p><p>\??\C:\Windows\system32\drivers\VMkbd.sys</p><p>\SystemRoot\system32\DRIVERS\usbscan.sys</p><p>\SystemRoot\system32\DRIVERS\usbprint.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_diskdump.sys</p><p>\SystemRoot\System32\Drivers\dump_ahcix64s.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\vmnetbridge.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\Windows\system32\drivers\hcmon.sys</p><p>\??\C:\Windows\system32\drivers\vmci.sys</p><p>\??\C:\Windows\system32\drivers\vmx86.sys</p><p>\SystemRoot\System32\Drivers\adfs.SYS</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\??\C:\Windows\system32\drivers\vmnetuserif.sys</p><p>\??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\mbamswissarmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk6\DR6</p><p>Upper Device Object: 0xfffffa80096f6060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000094\</p><p>Lower Device Object: 0xfffffa8009718770</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>IRP handler 0 of \Driver\USBSTOR points to an unknown module</p><p>Unhooking enabled.</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk6\DR6</p><p>Upper Device Object: 0xfffffa80096f6060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000094\</p><p>Lower Device Object: 0xfffffa8009718770</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>Driver name found: USBSTOR</p><p>Initialization returned 0x0</p><p>Load Function returned 0x0</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk5\DR5</p><p>Upper Device Object: 0xfffffa80096f2790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000092\</p><p>Lower Device Object: 0xfffffa8009417b60</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>Driver name found: USBSTOR</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk4\DR4</p><p>Upper Device Object: 0xfffffa80096f1790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000091\</p><p>Lower Device Object: 0xfffffa8008202060</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>Driver name found: USBSTOR</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk3\DR3</p><p>Upper Device Object: 0xfffffa8008201790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000090\</p><p>Lower Device Object: 0xfffffa80096f0b60</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>Driver name found: USBSTOR</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk2\DR2</p><p>Upper Device Object: 0xfffffa8009418790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\0000008f\</p><p>Lower Device Object: 0xfffffa8009416750</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>Driver name found: USBSTOR</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR1</p><p>Upper Device Object: 0xfffffa8009433060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000080\</p><p>Lower Device Object: 0xfffffa8009154b60</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p>Driver name found: USBSTOR</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8007815060</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\00000070\</p><p>Lower Device Object: 0xfffffa800764c9c0</p><p>Lower Device Driver Name: \Driver\ahcix64s\</p><p>Driver name found: ahcix64s</p><p>Initialization returned 0x0</p><p>Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)</p><p>Load Function returned 0x0</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8007815060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8007815b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8007815060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800764c9c0, DeviceName: \Device\00000070\, DriverName: \Driver\ahcix64s\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0xfffff8a014f6c150, 0xfffffa8007815060, 0xfffffa800c70f090</p><p>Lower DeviceData: 0xfffff8a0127f1890, 0xfffffa800764c9c0, 0xfffffa800852f4c0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\Windows\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 1549F232</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 204800</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 206848 Numsec = 1439074304</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1439281152 Numsec = 25864192</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 750156374016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...</p><p>Done!</p><p>Physical Sector Size: 512</p><p>Drive: 1, DevicePointer: 0xfffffa8009433060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8009155b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8009433060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8009038c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\</p><p>DevicePointer: 0xfffffa8009154b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0xfffff8a01325a5e0, 0xfffffa8009433060, 0xfffffa800b936090</p><p>Lower DeviceData: 0xfffff8a017ff2520, 0xfffffa8009154b60, 0xfffffa800c3ef710</p><p>Drive 1</p><p>Scanning MBR on drive 1...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 5C74AE42</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0xc)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 488392002</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 250059350016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Physical Sector Size: 0</p><p>Drive: 2, DevicePointer: 0xfffffa8009418790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa8008201040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8009418790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8008202c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\</p><p>DevicePointer: 0xfffffa8009416750, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 3, DevicePointer: 0xfffffa8008201790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80096f1040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8008201790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8008202590, DeviceName: Unknown, DriverName: \Driver\usbfilter\</p><p>DevicePointer: 0xfffffa80096f0b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 4, DevicePointer: 0xfffffa80096f1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80096f2040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa80096f1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa800942c5b0, DeviceName: Unknown, DriverName: \Driver\usbfilter\</p><p>DevicePointer: 0xfffffa8008202060, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 5, DevicePointer: 0xfffffa80096f2790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80096f3040, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa80096f2790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8009417700, DeviceName: Unknown, DriverName: \Driver\usbfilter\</p><p>DevicePointer: 0xfffffa8009417b60, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Physical Sector Size: 0</p><p>Drive: 6, DevicePointer: 0xfffffa80096f6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80096f6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa80096f6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8009718040, DeviceName: Unknown, DriverName: \Driver\usbfilter\</p><p>DevicePointer: 0xfffffa8009718770, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Read File: File "c:\programdata\avg2013\chjw\40e04010e03ea8e.dat:06375845-c7f2-423e-a4ca-fa6e65249624" is sparse (flags = 32768)</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...</p><p>Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...</p><p>Removal finished</p><p></p><p></p><p></p><p>============================================================================</p><p></p><p></p><p>Malwarebytes Anti-Malware 1.75.0.1300</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.06.16.04</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 10.0.9200.16618</p><p>Steve :: OFFICE [administrator]</p><p></p><p>6/18/2013 11:55:21 AM</p><p>mbam-log-2013-06-18 (11-55-21).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</p><p>Scan options disabled: P2P</p><p>Objects scanned: 292601</p><p>Time elapsed: 10 minute(s), 11 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p></blockquote><p></p>
[QUOTE="sbcs, post: 125181, member: 9133"] The Windows Security Service is running. I appreciate your help. Here are the requested logs: # AdwCleaner v2.303 - Logfile created 06/18/2013 at 09:57:05 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Steve - OFFICE # Boot Mode : Normal # Running from : C:\Users\Steve\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Users\Steve\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\searchplugins\search-here.xml Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare Folder Deleted : C:\Users\Steve\AppData\Local\Conduit Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Folder Deleted : C:\Users\Steve\AppData\Local\PackageAware Folder Deleted : C:\Users\Steve\AppData\Local\Temp\avg@toolbar Folder Deleted : C:\Users\Steve\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Steve\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Steve\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Steve\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Folder Deleted : C:\Users\Steve\AppData\Roaming\DefaultTab ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] ***** [Internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\prefs.js C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\pi3lwl05.default\user.js ... Deleted ! Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...] -\\ Google Chrome v27.0.1453.110 File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.15.1748.0 File : C:\Users\Steve\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [6100 octets] - [18/06/2013 09:57:05] ########## EOF - C:\AdwCleaner[S1].txt - [6160 octets] ########## ==================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Steve on Tue 06/18/2013 at 10:05:44.73 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{200EFE6E-9971-475A-AACF-01900B8FA7E7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8E19848-715B-43FF-AE7F-16A475C51915} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1A8C9475-3BE1-4E6C-A5C1-33D95AB249BB} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{248D7D6D-BA93-4BCB-9141-9F94561C0C1F} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2C30AB5F-3560-4DF5-874B-E7A644842093} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{45AB4B3A-8968-4C30-8425-6E9D0949951B} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4645FD04-7C4D-41A9-86DA-D723586CB882} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4800F9B8-856A-419E-A387-89271E3CDD05} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D63569B-25EE-49B3-932D-CF5D2CB50F18} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4D7082AE-055B-4C3C-98F7-10FEC8E5104D} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4E6B0182-52E6-4877-A2D4-8F4926AA287D} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4ECAC928-FF57-4744-904B-5F4FFE55084B} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{510d3662-78a2-3009-94b6-0e30754d007b} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{51E69F84-4E16-4BA1-860A-B62FF9EE5D28} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{535BDCCE-622E-4235-B7F0-F87C5E1D2386} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{53FCED83-ADF5-42AD-83D3-A31A56FF2A12} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5A118C80-1B07-4D62-A9A4-EFBEBC5313A7} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{64E0AFBB-7589-4B71-9930-5FF268EAECF7} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6FA82842-2D26-4C4D-8719-1F972D129C58} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{77F9F3C3-09BA-4EC5-B3FA-3D85A9DC127B} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7BDA706A-796F-48CF-A01C-B1C80F9F888D} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7EEBC780-D4B9-422E-ABAE-F5E0B0842B24} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7F130B31-18E6-49A8-A9E8-92E278BBD05D} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{83B53B7A-B204-4D93-83B1-0E3F796BB1C8} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{90897ABC-F91C-4FF6-99FE-85007923E93F} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{98E9EEB8-05A1-41B3-8FA5-07473A1B9C65} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9EF69437-C230-4AD3-837A-8F3742E16AAF} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A9BCCD5B-503B-4F2C-9101-DC3F618326A3} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{BE9B579B-EC52-45F4-AC2E-160006F5611E} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C5FB2E66-AB33-42F2-80C4-F6E975CED238} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C6D63F3A-FD67-4C94-B749-8D5349CE57F1} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C7D3191A-91D2-474F-BA7F-99A716EEEE68} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{C867F629-DB3F-44EB-ADAA-3A6BC5E96F3F} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D937BE60-DCDE-4494-A1FB-0C573427FF45} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{E2290EC0-AC46-4024-91DF-DBB5EEF3876A} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F38E51AD-8404-4A65-BBBE-731A338F16EA} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F8C99EFF-7E3B-4F57-AB97-80ACB35F39B7} Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FE772C7D-B91E-4B14-A080-E6B04ADB3D89} ~~~ FireFox Successfully deleted the following from C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\pi3lwl05.default\prefs.js user_pref("extensions.addon@defaulttab.com.install-event-fired", true); user_pref("extensions.defaulttab.active.affiliate", 2628); user_pref("extensions.defaulttab.active.overridechromesearch", false); user_pref("extensions.defaulttab.active.overridekeywordsearch", false); user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20120728,18175,0,0,0"); user_pref("extensions.defaulttab.browserID", "3b63c7b8a79a80292d8004c81abfd778"); user_pref("extensions.defaulttab.firstrun", false); user_pref("extensions.defaulttab.installedVersion", "1.4"); Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\pi3lwl05.default\minidumps [70 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Steve\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 06/18/2013 at 10:11:04.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================================================== Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.18.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Steve :: OFFICE [administrator] 6/18/2013 10:19:04 AM mbar-log-2013-06-18 (10-19-04).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P Scan options disabled: PUP Objects scanned: 366257 Time elapsed: 1 hour(s), 33 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) =========================================================================== --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.600000 GHz Memory total: 8312995840, free: 5845188608 Downloaded database version: v2013.06.18.04 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 06/18/2013 10:19:00 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sprs.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\ahcix64s.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\c2scsi64.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \??\C:\Users\Steve\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\vmnetadapter.sys \SystemRoot\system32\DRIVERS\VMNET.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\USBSTOR.SYS \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\drivers\kbdhid.sys \??\C:\Windows\system32\drivers\VMkbd.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_ahcix64s.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\vmnetbridge.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\hcmon.sys \??\C:\Windows\system32\drivers\vmci.sys \??\C:\Windows\system32\drivers\vmx86.sys \SystemRoot\System32\Drivers\adfs.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\vmnetuserif.sys \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa80096f6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000094\ Lower Device Object: 0xfffffa8009718770 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa80096f6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000094\ Lower Device Object: 0xfffffa8009718770 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa80096f2790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000092\ Lower Device Object: 0xfffffa8009417b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa80096f1790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000091\ Lower Device Object: 0xfffffa8008202060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8008201790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000090\ Lower Device Object: 0xfffffa80096f0b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8009418790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008f\ Lower Device Object: 0xfffffa8009416750 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8009433060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000080\ Lower Device Object: 0xfffffa8009154b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007815060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa800764c9c0 Lower Device Driver Name: \Driver\ahcix64s\ Driver name found: ahcix64s Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007815060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007815b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007815060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800764c9c0, DeviceName: \Device\00000070\, DriverName: \Driver\ahcix64s\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a014f6c150, 0xfffffa8007815060, 0xfffffa800c70f090 Lower DeviceData: 0xfffff8a0127f1890, 0xfffffa800764c9c0, 0xfffffa800852f4c0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1549F232 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1439074304 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1439281152 Numsec = 25864192 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8009433060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009155b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009433060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009038c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8009154b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a01325a5e0, 0xfffffa8009433060, 0xfffffa800b936090 Lower DeviceData: 0xfffff8a017ff2520, 0xfffffa8009154b60, 0xfffffa800c3ef710 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 5C74AE42 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 488392002 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8009418790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008201040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009418790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008202c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8009416750, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8008201790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80096f1040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008201790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008202590, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa80096f0b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa80096f1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80096f2040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80096f1790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800942c5b0, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8008202060, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa80096f2790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80096f3040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80096f2790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009417700, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8009417b60, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa80096f6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80096f6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80096f6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009718040, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8009718770, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Read File: File "c:\programdata\avg2013\chjw\40e04010e03ea8e.dat:06375845-c7f2-423e-a4ca-fa6e65249624" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished ============================================================================ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Steve :: OFFICE [administrator] 6/18/2013 11:55:21 AM mbam-log-2013-06-18 (11-55-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 292601 Time elapsed: 10 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
