First Logs for malware removal

[kleddon]

# AdwCleaner v3.207 - Report created 09/05/2014 at 13:21:23
# Updated 05/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Valued Customer - VALUEDCUSTOMER
# Running from : C:\Users\Valued Customer\Downloads\adwcleaner(3).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\ssafe  saovei
Folder Deleted : C:\Program Files (x86)\LinkSwift
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Valued Customer\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Valued Customer\AppData\Local\DefineExt
Folder Deleted : C:\Users\Valued Customer\AppData\Local\PackageAware
Folder Deleted : C:\Users\Valued Customer\AppData\LocalLow\ssafe  saovei
Folder Deleted : C:\Users\Valued Customer\AppData\Roaming\ParetoLogic
File Deleted : C:\END
File Deleted : C:\WINDOWS\System32\Tasks\SMupdate1
File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\45tamlz7.default-1391729245796\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3418 octets] - [09/05/2014 13:14:07]
AdwCleaner[S0].txt - [3259 octets] - [09/05/2014 13:21:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3319 octets] ##########

MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.09.10

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.17105
Valued Customer :: VALUEDCUSTOMER [administrator]

5/9/2014 1:36:23 PM
mbam-log-2014-05-09 (13-36-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236418
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

security:

 Results of screen317's Security Check version 0.99.82 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender   
avast! Antivirus   
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 51 
 Java version out of Date!
 Adobe Flash Player    13.0.0.206 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (24.2.0)
 Google Chrome 34.0.1847.116 
 Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The log shows that you have two Anti-virus programs on your computer. Windows 8 comes with its own AV called Windows Defender. If you wish to run Avast, you should disable Windows Defender.
*************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
***********************************************
 Are you experiencing any problems with your computer?

[kleddon]

I am updated with Java and it removed old installations

When I ran JRT

selected remove all old installations

window popped up and said:

Cannot find the C:\JavaRa.log file and it
I chose option to create..

Blank text file opened but it did not create the file
 C:\JavaRa.log file

I guess I am good but not sure

thanks
Kirk

[kleddon]

sorry dave but I guess I am stupid today..

Just downloaded JRT I will run it then get back to you...

[kleddon]

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Valued Customer on Fri 05/09/2014 at 14:57:26.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"



~~~ FireFox

Emptied folder: C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\45tamlz7.default-1391729245796\minidumps [15 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/09/2014 at 15:04:02.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[SuperDave]

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

[kleddon]

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.10.06

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.17105
Valued Customer :: VALUEDCUSTOMER [administrator]

5/10/2014 9:54:19 AM
mbar-log-2014-05-10 (09-54-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 261467
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


===========================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17105

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.616000 GHz
Memory total: 8050499584, free: 6278279168

Downloaded database version: v2014.05.10.06
Downloaded database version: v2014.03.27.01
Initializing...
======================
------------ Kernel report ------------
     05/10/2014 09:54:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffe00039247060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002f\
Lower Device Object: 0xffffe0003926a470
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe000382d6450
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffe00038121060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000382d6450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000382d5040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000382d6450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000381269c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00038121060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1AD4AD3E

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 1952802816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe00039247060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00039268390, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00039247060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0003926a470, DeviceName: \Device\0000002f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5456FB41

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[kleddon]

ESETScan:

E:\ParetoLogic_PC_Health_Advisor_3_0__Patch_by_goodperson541.rar   a variant of Win32/Delf.PSD trojan   deleted - quarantined
E:\2010\Downloads\PageRageSetupv2.exe   multiple threats   cleaned by deleting - quarantined
E:\Dell May 2010\Downloads\_mfw.exe   MSIL/Bladabindi.F trojan   cleaned by deleting - quarantined
E:\Dell May 2010\Downloads\My Twisted Autoblog Method\PDF and Plugins.zip   PHP/Kryptik.AB trojan   deleted - quarantined
E:\HP April 2011\Misc\fr33ma55\fr33ma55\fmt\FMT-V1.0.exe   Win32/Adware.FreeMassTraffic application   cleaned by deleting - quarantined
E:\HP Downloads Jan 2011\FMT-V1.0.exe   Win32/Adware.FreeMassTraffic application   cleaned by deleting - quarantined
E:\HP FEB\fr33ma55.rar   Win32/Adware.FreeMassTraffic application   deleted - quarantined
E:\HP Feb 2011\_mfw.exe   MSIL/Bladabindi.F trojan   cleaned by deleting - quarantined
E:\HP Feb2 2011\FMT-V1.0.exe   Win32/Adware.FreeMassTraffic application   cleaned by deleting - quarantined
E:\HP Feb2 2011\My Twisted Auto Blog\Plugins.zip   PHP/Kryptik.AB trojan   deleted - quarantined
E:\HP May 2 2010\New Folder\Software\Software.rar   a variant of Generik.CFVHGMT trojan   deleted - quarantined
E:\HP May 2 2010\New Folder2\Downloads\downloads\RegCareSetup.exe   Win32/Adware.RegistryCare application   cleaned by deleting - quarantined
E:\HP May 2 2010\New Folder2\Software\Software.rar   a variant of Generik.CFVHGMT trojan   deleted - quarantined
E:\July 2011\Wordpress\DeskTop\_mfw.exe   MSIL/Bladabindi.F trojan   cleaned by deleting - quarantined
E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk\My Documents\Downloads\BestVideoDownloaderSetup.exe   multiple threats   cleaned by deleting - quarantined
E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\14\2d72bece-585b53af   Java/TrojanDownloader.OpenStream.NBL trojan   cleaned by deleting - quarantined
E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\30\217fdb1e-7ed4a39d   Java/TrojanDownloader.OpenStream.NBL trojan   cleaned by deleting - quarantined
E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\42\f175b6a-5fd09009   multiple threats   cleaned by deleting - quarantined
E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\61\7a35eb7d-49b6e80f   multiple threats   cleaned by deleting - quarantined

========================
Log

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d2de32c39f1b3044860fd9a20bb028ec
# engine=18213
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-11 02:39:18
# local_time=2014-05-10 09:39:18 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=774 16777213 85 76 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 3976962 0 0
# scanned=373228
# found=19
# cleaned=19
# scan_time=23928
sh=D3733ADFD560DCF37C2E757A37B1322D738D751E ft=0 fh=0000000000000000 vn="a variant of Win32/Delf.PSD trojan (deleted - quarantined)" ac=C fn="E:\ParetoLogic_PC_Health_Advisor_3_0__Patch_by_goodperson541.rar"
sh=98226A662E7661165895985C9437FFED14E1F27E ft=1 fh=24e595f16f074937 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\2010\Downloads\PageRageSetupv2.exe"
sh=22809EBA036778E133838A9D654BF0AEDA21B65F ft=1 fh=06db9c49b38c18e8 vn="MSIL/Bladabindi.F trojan (cleaned by deleting - quarantined)" ac=C fn="E:\Dell May 2010\Downloads\_mfw.exe"
sh=BFF8C1771ED44298C3791379F3A89C39F0FF996C ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan (deleted - quarantined)" ac=C fn="E:\Dell May 2010\Downloads\My Twisted Autoblog Method\PDF and Plugins.zip"
sh=A55255A771F8B49A9ACEDD372ED1991512B4FB5F ft=1 fh=be9e813c3e106f6b vn="Win32/Adware.FreeMassTraffic application (cleaned by deleting - quarantined)" ac=C fn="E:\HP April 2011\Misc\fr33ma55\fr33ma55\fmt\FMT-V1.0.exe"
sh=A55255A771F8B49A9ACEDD372ED1991512B4FB5F ft=1 fh=be9e813c3e106f6b vn="Win32/Adware.FreeMassTraffic application (cleaned by deleting - quarantined)" ac=C fn="E:\HP Downloads Jan 2011\FMT-V1.0.exe"
sh=35EFC1FD3C40FE929CF6DA723406BB12CAA37B4C ft=0 fh=0000000000000000 vn="Win32/Adware.FreeMassTraffic application (deleted - quarantined)" ac=C fn="E:\HP FEB\fr33ma55.rar"
sh=22809EBA036778E133838A9D654BF0AEDA21B65F ft=1 fh=06db9c49b38c18e8 vn="MSIL/Bladabindi.F trojan (cleaned by deleting - quarantined)" ac=C fn="E:\HP Feb 2011\_mfw.exe"
sh=A55255A771F8B49A9ACEDD372ED1991512B4FB5F ft=1 fh=be9e813c3e106f6b vn="Win32/Adware.FreeMassTraffic application (cleaned by deleting - quarantined)" ac=C fn="E:\HP Feb2 2011\FMT-V1.0.exe"
sh=45D7CCE67BAE5A1632372596C5153F73F74F6EC6 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan (deleted - quarantined)" ac=C fn="E:\HP Feb2 2011\My Twisted Auto Blog\Plugins.zip"
sh=20B33CAC100CA69DE893AA6D694B68790453EAF0 ft=0 fh=0000000000000000 vn="a variant of Generik.CFVHGMT trojan (deleted - quarantined)" ac=C fn="E:\HP May 2 2010\New Folder\Software\Software.rar"
sh=2174FE74DA1253E3D9A3F7C536BBF3C802B51C69 ft=1 fh=845de06981dc6d1a vn="Win32/Adware.RegistryCare application (cleaned by deleting - quarantined)" ac=C fn="E:\HP May 2 2010\New Folder2\Downloads\downloads\RegCareSetup.exe"
sh=20B33CAC100CA69DE893AA6D694B68790453EAF0 ft=0 fh=0000000000000000 vn="a variant of Generik.CFVHGMT trojan (deleted - quarantined)" ac=C fn="E:\HP May 2 2010\New Folder2\Software\Software.rar"
sh=22809EBA036778E133838A9D654BF0AEDA21B65F ft=1 fh=06db9c49b38c18e8 vn="MSIL/Bladabindi.F trojan (cleaned by deleting - quarantined)" ac=C fn="E:\July 2011\Wordpress\DeskTop\_mfw.exe"
sh=8A7AAB1805DFB60EECAAB4BCAEB9BBB543425319 ft=1 fh=d1cf1c5fea1c1083 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk\My Documents\Downloads\BestVideoDownloaderSetup.exe"
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL trojan (cleaned by deleting - quarantined)" ac=C fn="E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\14\2d72bece-585b53af"
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL trojan (cleaned by deleting - quarantined)" ac=C fn="E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\30\217fdb1e-7ed4a39d"
sh=03331B6649555916AE39E6064F6EFC9520A7C820 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\42\f175b6a-5fd09009"
sh=0380D68026FDFF39DC1427F473CF807C915F376B ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\Seagate Backup\KIRK-MW0T1T8WEV\C\Documents and Settings\Kirk Leddon\Application Data\Sun\Java\Deployment\cache\6.0\61\7a35eb7d-49b6e80f"

[SuperDave]

That looks good. How's your computer running now? Any other issues?

[kleddon]

Yes it's running like it should...
Don't notice any other issues...

thanks for all your help SuperDave..

Computer hope has been a great find for me..You guys have always been able
to help me solve my malware issues...

I am seriously considering doing some classes on malware removal. I have bookmarked all
the sites that offer it...Just not sure which one I will eventual take

[SuperDave]

Ok, let's do some cleanup

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
****************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!