Mini Spy

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.

Runtime error when removing malware

Discussion in 'Malware Removal Assistance' started by streamlined, Mar 27, 2013.

  1. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    I made it to step 4 of Remove ZeroAccess rootkit (Uninstall Guide) dated Oct 12, 2012. While trying to install Malwarebytes Anti-Malware FREE I received these errors: (1) Setup CoCreateInstance failed; code 0x80040154 class not registered. (2) Run-time error '372' Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with your application


    Step 1: Kaspersky TDSSKiller ran no problem
    Step 2: Combofix ran no problem
    Step 3: RogueKiller ran no problem

    This laptop is a dell Inspiron 8600 running windows xp. Sorry its old and so am I. Sorry I guess I have more reading to do since I don't know what or how to OTL log
     
  2. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi and welcome to MalwareTips! :)

    I'm Fiery and I would gladly assist you in removing the malware on your computer.

    Before we start:
    • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
    • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
    • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
    • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
    • The absence of symptoms does not mean your PC is fully disinfected.
    • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
    • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

    <hr>

    Download OTL by Old Timer from here and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Click the Scan All Users checkbox.
    • Check the boxes beside LOP Check and Purity Check
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please attach the contents of these 2 Notepad files in your next reply.

    If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
     
  3. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    Thanks Fiery, sorry for the delay. It was supper time. I tried OTL and it failed to scan.
    The error was: Access violation at address 0052DFB7 in module 'OTL.exe' Read of address 00000000.I am unable to provide your request
     
  4. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    This is where the OTL program locked up

    Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder
     
  5. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Ok, let's try this instead.

    Download DDS from here
    • Temporarily disable any script blocker or Anti-Virus/Anti-Malware
    • Double click dds.scr to run the tool (On Vista or Win 7 or Win 8 right click and select Run as administrator)
    • Click the Run button if prompted with an Open File - Security Warning dialog box.
    • A black DOS console should open and run for a moment.
    • Once completed, DDS.txt and attach.txt will be created.
    • Save both reports and attach them in your next reply
     
  6. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/4/2005 7:25:41 PM
    System Uptime: 3/27/2013 8:21:07 PM (0 hours ago)
    .
    Motherboard: Dell Computer Corporation | | 0D5689
    Processor: Intel(R) Pentium(R) M processor 1.40GHz | Microprocessor | 1397/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 53 GiB total, 25.746 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1609: 1/10/2013 8:24:46 PM - System Checkpoint
    RP1610: 1/11/2013 11:20:16 PM - System Checkpoint
    RP1611: 1/12/2013 6:09:21 PM - Restore Operation
    RP1612: 1/12/2013 6:19:28 PM - Restore Operation
    RP1613: 1/12/2013 6:32:14 PM - Software Distribution Service 3.0
    RP1614: 1/12/2013 8:06:59 PM - Restore Operation
    RP1615: 1/12/2013 8:10:40 PM - Restore Operation
    RP1616: 1/12/2013 9:18:33 PM - Restore Operation
    RP1617: 1/12/2013 9:25:14 PM - Restore Operation
    RP1618: 1/13/2013 9:13:25 AM - Software Distribution Service 3.0
    RP1619: 1/13/2013 9:33:41 AM - Installed Windows Internet Explorer 8.
    RP1620: 1/14/2013 12:18:32 AM - Installed Windows Internet Explorer 8.
    RP1621: 1/14/2013 1:01:23 AM - Software Distribution Service 3.0
    RP1622: 1/15/2013 9:22:17 AM - Software Distribution Service 3.0
    RP1623: 1/16/2013 10:35:15 AM - System Checkpoint
    RP1624: 1/17/2013 8:03:55 PM - System Checkpoint
    RP1625: 1/19/2013 12:30:04 AM - System Checkpoint
    RP1626: 1/22/2013 5:50:55 PM - System Checkpoint
    RP1627: 1/23/2013 6:04:43 PM - System Checkpoint
    RP1628: 1/25/2013 8:39:08 PM - System Checkpoint
    RP1629: 1/26/2013 9:16:12 PM - System Checkpoint
    RP1630: 1/29/2013 11:13:58 PM - System Checkpoint
    RP1631: 2/2/2013 12:52:30 AM - System Checkpoint
    RP1632: 2/5/2013 6:36:40 PM - System Checkpoint
    RP1633: 2/9/2013 12:48:12 AM - System Checkpoint
    RP1634: 2/10/2013 1:30:37 AM - System Checkpoint
    RP1635: 2/14/2013 11:31:40 AM - System Checkpoint
    RP1636: 2/15/2013 12:13:34 AM - Software Distribution Service 3.0
    RP1637: 2/15/2013 3:00:11 PM - Software Distribution Service 3.0
    RP1638: 2/15/2013 11:46:08 PM - Software Distribution Service 3.0
    RP1639: 2/16/2013 8:24:31 PM - Software Distribution Service 3.0
    RP1640: 2/17/2013 12:47:22 AM - Software Distribution Service 3.0
    RP1641: 2/17/2013 7:36:07 PM - Software Distribution Service 3.0
    RP1642: 2/17/2013 7:52:13 PM - Software Distribution Service 3.0
    RP1643: 2/18/2013 7:57:43 PM - System Checkpoint
    RP1644: 2/19/2013 12:23:52 AM - Software Distribution Service 3.0
    RP1645: 2/20/2013 8:51:16 AM - Software Distribution Service 3.0
    RP1646: 2/21/2013 12:27:47 AM - Software Distribution Service 3.0
    RP1647: 2/21/2013 2:44:02 PM - Software Distribution Service 3.0
    RP1648: 2/22/2013 3:00:18 AM - Software Distribution Service 3.0
    RP1649: 2/22/2013 10:11:44 AM - Software Distribution Service 3.0
    RP1650: 2/23/2013 1:29:45 AM - Software Distribution Service 3.0
    RP1651: 2/24/2013 12:48:03 AM - Software Distribution Service 3.0
    RP1652: 2/25/2013 5:37:38 PM - System Checkpoint
    RP1653: 2/25/2013 6:04:59 PM - Software Distribution Service 3.0
    RP1654: 2/26/2013 9:03:43 AM - Software Distribution Service 3.0
    RP1655: 2/27/2013 12:21:46 AM - Software Distribution Service 3.0
    RP1656: 2/28/2013 1:36:52 AM - System Checkpoint
    RP1657: 2/28/2013 3:00:17 AM - Software Distribution Service 3.0
    RP1658: 3/1/2013 12:05:53 AM - Software Distribution Service 3.0
    RP1659: 3/2/2013 1:31:13 PM - System Checkpoint
    RP1660: 3/3/2013 3:00:17 AM - Software Distribution Service 3.0
    RP1661: 3/4/2013 9:10:35 AM - Software Distribution Service 3.0
    RP1662: 3/4/2013 8:07:17 PM - Software Distribution Service 3.0
    RP1663: 3/5/2013 10:15:25 AM - Software Distribution Service 3.0
    RP1664: 3/5/2013 11:12:40 AM - Software Distribution Service 3.0
    RP1665: 3/6/2013 12:20:54 AM - Software Distribution Service 3.0
    RP1666: 3/6/2013 3:23:25 PM - Software Distribution Service 3.0
    RP1667: 3/6/2013 3:35:58 PM - Software Distribution Service 3.0
    RP1668: 3/7/2013 11:18:53 PM - Software Distribution Service 3.0
    RP1669: 3/9/2013 12:36:01 AM - Software Distribution Service 3.0
    RP1670: 3/9/2013 2:10:42 AM - Software Distribution Service 3.0
    RP1671: 3/10/2013 3:13:55 PM - Software Distribution Service 3.0
    RP1672: 3/11/2013 12:35:40 AM - Software Distribution Service 3.0
    RP1673: 3/12/2013 12:42:01 AM - System Checkpoint
    RP1674: 3/12/2013 1:06:47 AM - Software Distribution Service 3.0
    RP1675: 3/12/2013 12:45:20 PM - Software Distribution Service 3.0
    RP1676: 3/13/2013 7:18:49 PM - System Checkpoint
    RP1677: 3/14/2013 12:09:58 AM - Software Distribution Service 3.0
    RP1678: 3/15/2013 4:38:34 PM - Software Distribution Service 3.0
    RP1679: 3/17/2013 4:04:42 PM - Software Distribution Service 3.0
    RP1680: 3/18/2013 3:00:17 AM - Software Distribution Service 3.0
    RP1681: 3/18/2013 10:47:56 PM - Software Distribution Service 3.0
    RP1682: 3/20/2013 1:24:21 AM - System Checkpoint
    RP1683: 3/20/2013 3:00:17 AM - Software Distribution Service 3.0
    RP1684: 3/21/2013 3:00:16 AM - Software Distribution Service 3.0
    RP1685: 3/22/2013 11:56:45 AM - Software Distribution Service 3.0
    RP1686: 3/23/2013 5:48:21 PM - Software Distribution Service 3.0
    RP1687: 3/24/2013 11:11:46 AM - Software Distribution Service 3.0
    RP1688: 3/25/2013 3:00:17 AM - Software Distribution Service 3.0
    RP1689: 3/26/2013 3:45:14 PM - Software Distribution Service 3.0
    RP1690: 3/26/2013 4:11:22 PM - Software Distribution Service 3.0
    RP1691: 3/26/2013 6:52:29 PM - Software Distribution Service 3.0
    RP1692: 3/26/2013 6:58:30 PM - Software Distribution Service 3.0
    RP1693: 3/27/2013 12:27:42 PM - Software Distribution Service 3.0
    RP1694: 3/27/2013 8:20:16 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    2Wire Wireless Client
    7500_7600_7700_Help
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 7.1.0
    Advanced Font Viewer 2.61
    ALPS Touch Pad Driver
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Yahoo! High Speed Internet Home Networking Installer
    AVG 2013
    Banctec Service Agreement
    Bonjour
    BPD_HPSU
    BPD_Scan
    BPDfax
    BPDSoftware
    BPDSoftware_Ini
    Broadcom Advanced Control Suite
    BroadJump Client Foundation
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon i560
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    ClipCollect 1.43
    Conexant D480 MDC V.9x Modem
    Consumer Complete Care Services Agreement
    DataLinkII
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Media Experience Update
    Dell Networking Guide
    Dell Picture Studio v3.0
    Dell System Restore
    DellConnect
    DellSupport
    Destinations
    DeviceManagementQFolder
    Digital Line Detect
    DocumentViewer
    DocumentViewerQFolder
    Easy-WebPrint
    eSupportQFolder
    Etomi (remove only)
    Garmin Communicator Plugin
    Google Earth Plug-in
    Google Update Helper
    Hawking Hi-Gain Wireless-G USB Dish Adapter
    History Cleaner - Free Version
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    hp officejet g series
    hp officejet g series - 2
    HP Officejet Pro All-In-One Series
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevicesMFC
    Intel(R) PROSet/Wireless Software
    Internet Explorer Default Page
    iTunes
    Java 7 Update 7
    Java Auto Updater
    L7600
    Learn2 Player (Uninstall Only)
    Malwarebytes Anti-Malware version 1.70.0.1100
    mCore
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 10
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Pro 10
    Microsoft Digital Image Suite 10
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Word 97
    Microsoft Works 4.5
    Microsoft Works Setup Launcher
    mIWA
    mIWCA
    mLogView
    mMHouse
    Modem Helper
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    mPfMgr
    mPfWiz
    mProSafe
    mSSO
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    mToolkit
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    mWlsSafe
    mXML
    My Way Search Assistant
    mZConfig
    NetWaiting
    NVIDIA Drivers
    P2P Identity Secure for Kazaa – iMesh – Morpheus Version 2.5
    PanoStandAlone
    Photo Click
    PL-2303 USB-to-Serial
    PowerDVD 5.1
    ProductContext
    QuickSet
    QuickTime
    RacePak DataLinkII
    RealPlayer Basic
    Safari
    SBC Self Support Tool
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    SLD CODEC PACK 1.5.3
    SolutionCenter
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Status
    StuffIt Standard
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB971029)
    WebFldrs XP
    WebReg
    Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00)
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WordPerfect Office 12
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/27/2013 5:40:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
    3/27/2013 5:40:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    3/26/2013 6:23:02 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    3/26/2013 6:23:02 PM, error: Service Control Manager [7000] - The RPakIO service failed to start due to the following error: The system cannot find the file specified.
    3/26/2013 4:11:29 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).
    3/25/2013 8:00:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    .
    ==== End Of File ===========================


    I hope this is what you were looking for
     
  7. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    There should be another log called DDS.txt
     
  8. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
    Run by at 20:54:17 on 2013-03-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\etomi\plugins\RazaWebHook.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: <No Name>: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [RealTray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    mRun: [nwiz] "nwiz.exe" /installquiet
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Motive SmartBridge] "c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe"
    mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
    mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [bacstray] "BacsTray.exe"
    mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
    mRun: [BJCFD] "c:\program files\broadjump\client foundation\CFD.exe"
    mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194630862701
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{131DB1F6-5184-4D54-B400-3B7762D6B9CA} : DHCPNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\g man\application data\mozilla\firefox\profiles\gdf3hr6x.default\
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 164832]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
    S2 RPakIO;RPakIO; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-27 40776]
    S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2008-2-6 402432]
    .
    =============== Created Last 30 ================
    .
    2013-03-28 01:01:35 -------- d-sha-r- C:\cmdcons
    2013-03-28 00:58:53 98816 ----a-w- c:\windows\sed.exe
    2013-03-28 00:58:53 256000 ----a-w- c:\windows\PEV.exe
    2013-03-28 00:58:53 208896 ----a-w- c:\windows\MBR.exe
    2013-03-28 00:37:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-03-27 20:29:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-03-27 20:29:20 -------- d-----w- c:\documents and settings\g man\application data\Malwarebytes
    2013-03-27 20:28:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-03-27 20:28:25 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-27 20:28:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-03-21 19:04:36 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
    2013-03-21 19:04:36 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
    .
    ==================== Find3M ====================
    .
    2013-03-14 01:51:18 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-14 01:51:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    .
    ============= FINISH: 20:55:45.92 ===============


    Better?
     
  9. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    How would I zip that whole thing so it would be smaller? Am I posting info that compromises my computers safety? I read the attach thing and I still don't really get it. Sorry for my ignorance.
     
  10. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12

    Nothing in your log contains personal or computer information. These logs are formatted specifically for internet forum uses :)

    Upload a File to Virustotal
    Please visit www.Virustotal.com
    • Click the Choose file... button
    • Navigate to the file c:\windows\system32\quartz.dll
    • Click the Open button
    • Click the Scan It button
    • Copy and paste the results back here.
     
  11. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    Antivirus Result Update
    Agnitum - 20130328
    AhnLab-V3 - 20130327
    AntiVir - 20130328
    Antiy-AVL - 20130328
    Avast - 20130328
    AVG - 20130328
    BitDefender - 20130328
    ByteHero - 20130322
    CAT-QuickHeal - 20130328
    ClamAV - 20130328
    Commtouch - 20130327
    Comodo - 20130328
    DrWeb - 20130328
    Emsisoft - 20130328
    eSafe - 20130324
    ESET-NOD32 - 20130327
    F-Prot - 20130327
    F-Secure - 20130328
    Fortinet - 20130328
    GData - 20130328
    Ikarus - 20130328
    Jiangmin - 20130326
    K7AntiVirus - 20130327
    Kaspersky - 20130328
    Kingsoft - 20130325
    Malwarebytes - 20130328
    McAfee - 20130328
    McAfee-GW-Edition - 20130328
    Microsoft - 20130328
    MicroWorld-eScan - 20130328
    NANO-Antivirus - 20130328
    Norman - 20130327
    nProtect - 20130327
    Panda - 20130327
    PCTools - 20130328
    Rising - 20130328
    Sophos - 20130328
    SUPERAntiSpyware - 20130328
    Symantec - 20130328
    TheHacker - 20130327
    TotalDefense - 20130327
    TrendMicro - 20130328
    TrendMicro-HouseCall - 20130328
    VBA32 - 20130327
    VIPRE - 20130328
    ViRobot - 20130328
     
  12. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Ok, I know you have ran Combofix before, please run it again after MBAR. Delete the old copy Combofix

    Download Malwarebytes Anti-Rootkit from here to your Desktop
    • Unzip the contents to a folder on your Desktop.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
    • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
    • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


    Please download ComboFix from one of these locations:

    <a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
    <a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

    <>* IMPORTANT !!! Save ComboFix to your Desktop as ComboFix.exe</>
    <ul>
    <li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
    <li>Double click on Combo-Fix & follow the prompts.</li>
    <li>As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's ly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.</li>
    <li>Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.</li>
    </ul>
    **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    <img src="http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif" alt="Posted Image" />
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    <img src="http://img.photobucket.com/albums/v706/ried7/whatnext.png" alt="Posted Image" />
    Click on <>Yes</>, to continue scanning for malware.

    When finished, ComboFix will produce a log.

    <>Note:</>
    1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
    2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
     
    Last edited by a moderator: Mar 13, 2014
  13. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    I have no program to unzip, could you suggest one?
     
  14. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    I use WinRAR

    http://download.cnet.com/WinRAR-32-bit/3000-2250_4-10007677.html
     
  15. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    nevermind I found one
    [hr]
    scanning now
     
  16. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org

    Database version: v2013.03.28.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    :: [administrator]

    3/27/2013 11:25:24 PM
    mbar-log-2013-03-27 (23-25-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27478
    Time elapsed: 14 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  17. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.397000 GHz
    Memory total: 1072930816, free: 527466496

    ------------ Kernel report ------------
    03/27/2013 23:08:05
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    aliide.sys
    intelide.sys
    toside.sys
    viaide.sys
    cmdide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    cpqarray.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    atapi.sys
    aha154x.sys
    sparrow.sys
    symc810.sys
    aic78xx.sys
    dac960nt.sys
    ql10wnt.sys
    amsint.sys
    asc.sys
    asc3550.sys
    mraid35x.sys
    i2omp.sys
    ini910u.sys
    ql1240.sys
    aic78u2.sys
    symc8xx.sys
    sym_hi.sys
    sym_u3.sys
    ABP480N5.SYS
    asc3350p.sys
    cd20xrnt.sys
    ultra.sys
    adpu160m.sys
    dpti2o.sys
    ql1080.sys
    ql1280.sys
    ql12160.sys
    perc2.sys
    perc2hib.sys
    hpn.sys
    cbidf2k.sys
    dac2w2k.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    drvmcdb.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    sisagp.sys
    viaagp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    agp440.sys
    alim1541.sys
    amdagp.sys
    agpCPQ.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\drivers\sscdbhk5.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\stac97.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    \SystemRoot\system32\DRIVERS\HSF_DP.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\iwca.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\wanatw4.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\omci.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\i2omgmt.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\drivers\ssrtln.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\tcpip6.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\drivers\ip6fw.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\drvnddm.sys
    \SystemRoot\system32\dla\tfsndres.sys
    \SystemRoot\system32\dla\tfsnifs.sys
    \SystemRoot\system32\dla\tfsnopio.sys
    \SystemRoot\system32\dla\tfsnpool.sys
    \SystemRoot\system32\dla\tfsnboio.sys
    \SystemRoot\system32\dla\tfsncofs.sys
    \SystemRoot\system32\dla\tfsndrct.sys
    \SystemRoot\system32\dla\tfsnudf.sys
    \SystemRoot\system32\dla\tfsnudfa.sys
    \SystemRoot\system32\DRIVERS\AegisP.sys
    \SystemRoot\system32\DRIVERS\mdc8021x.sys
    \SystemRoot\system32\DRIVERS\s24trans.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\ASCTRM.SYS
    \??\C:\WINDOWS\system32\Drivers\BASFND.sys
    \SystemRoot\system32\DRIVERS\dsunidrv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \??\C:\DOCUME~1\GMAN~1\LOCALS~1\Temp\mbr.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\SYSTEM32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff87776ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff87789d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.03.28.03
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff87776ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87775cb8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff87776ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff87789d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe142d800, 0xffffffff87776ab8, 0xffffffff86545040
    Lower DeviceData: 0xffffffffe12c5058, 0xffffffff87789d98, 0xffffffff865ead38
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\TOSDVD.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\TSBVCAP.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\MCD.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\RAWWAN.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\CINEMST2.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\CPQDAP01.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\del5422.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\RIO8DRV.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\RIODRV.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ROOTMDM.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\FADXP32.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hpoipr07.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NIKEDRV.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\PARVDM.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\SMCLIB.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_INS_8600.mrk" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ACPIEC.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\FSVGA.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\GM.DLS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\GMREADME.TXT" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\FAD.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fad9x.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\VDMINDVD.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WS2IFSL.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ATMEPVC.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ATMUNI.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NWLNKNB.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NWLNKSPX.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\OPRGHDLR.SYS" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: D0F4738C

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 96390 Numsec = 111121605
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 111217995 Numsec = 5976180

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 60011642880 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "c:\Documents and Settings\Administrator.USER123\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\Coach\AdpData.acd" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\Coach\runlog.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\AOL.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\AOLDiag.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\aoltpspd.ph" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\appdata.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\axph.ph" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\compver.bin" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\goto.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\gotoko.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ph.ph" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\shellrestart.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\trayicon.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\version.inf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\waol.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\storage\aoltpspd.bin" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\51434298-11BE-D2EC-67E5-29112DDBE29D.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\GTek\gtny\counter.cfg" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\GTek\gtny\gtuser.cfg" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\BOOKMRK.DBF" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Yahoo!\YOP\yop.html" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\AdobeUM\AcRdB7_1_0.sta" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Apple Computer\Preferences\com.apple.MobileDeviceCrashCopy.plist" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Apple Computer\Preferences\com.apple.WindowsContactsSync.plist" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Organizer\assets.yos" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Organizer\layouts.db" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Organizer\thumbnailSel.db" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Viewer\assets.yos" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Viewer\layouts.db" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Viewer\thumbnailSel.db" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Microsoft\Media Player\0073ABEA.wpl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\MPEG Streamclip\Preferences" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Sonic\RecordNow!\playlist.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Application Data\Yahoo!\Browser\Q32BtwWkblWpt^tNYjmsKA--.yba" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
    Read File: File "c:\Program Files\Outlook Express\MSOE.TXT" is compressed (flags = 1)
    Read File: File "c:\Program Files\Windows Media Player\NPDRMV2.ZIP" is compressed (flags = 1)
    Read File: File "c:\Temp\BoiseNetWiz.txt" is compressed (flags = 1)
    Read File: File "c:\Temp\hponicifs01.log" is compressed (flags = 1)
    Read File: File "c:\Temp\hponiscan01.log" is compressed (flags = 1)
    Read File: File "c:\Temp\QuickStartGuide.html" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\AddPort.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\DSOUND.VXD" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\PERFFILT.H" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\PERFWCI.H" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\PSCRIPT.SEP" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\results.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\View Channels.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CMOS.RAM" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\coh.cache" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\$NCSP$.INF" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\PCL.SEP" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\registersld.bat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\PERFCI.H" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\PRODSPEC.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\zonedoff.reg" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\zonedon.reg" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\Settings.stg" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\L_EXCEPT.NLS" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\DRIVERS\ETC\NETWORKS" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\OOBE\msobe.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\OOBE\OBEIP.DUN" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\OOBE\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\OOBE\REG.ISP" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\OOBE\MIGIP.DUN" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\OOBE\MIGRATE.ISP" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\NTUSER.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\NTUSER.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\NTUSER.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\VB.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\VBADDIN.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\EXPLORER.SCF" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\CMSETACL.LOG" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\cdPlayer.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Hposcv07.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\install.dat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\wininit.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\wsnk.his" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\wsnk.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\xpsp1hfm.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\mp10oem.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\nsreg.dat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\MSCORCFG\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmydoc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcprf.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcrsc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocvw.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ASSEMBLY\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Debug\mrt.log.old" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Downloaded Program Files\ATTInternetInstaller.inf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\WINDOWS.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\WINHLP32.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\CIADMIN.HTM" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\CONF.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\CONNECT.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\NOCONTNT.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\MSHEARTS.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\MSNAUTH.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\RATINGS.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\UPDATE.CNT" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Installer\iProData\VERFILE.TIC" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\L_EXCEPT.NLP" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Web\BULLET.GIF" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\PowerDVD\UserName.xml" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\History\History.IE5\INDEX.DAT" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\DESKTOP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\HP\Digital Imaging\DataFile.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\PowerDVD\UserName.xml" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
    Infected: HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary --> [Adware.MyWaySearch]
    Infected: HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary.1 --> [Adware.MyWaySearch]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================
     
  18. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-28 06:02 . 2013-03-28 06:02 -------- d-----w- c:\program files\7-Zip
    2013-03-28 00:37 . 2013-03-28 00:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-03-27 20:29 . 2013-03-27 20:29 -------- d-----w- c:\documents and settings\G Man\Application Data\Malwarebytes
    2013-03-27 20:28 . 2013-03-27 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-03-27 20:28 . 2013-03-28 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-03-27 20:28 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-21 19:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
    2013-03-21 19:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-14 01:51 . 2012-04-09 00:55 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-14 01:51 . 2011-06-24 02:23 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-12 00:32 . 2008-08-28 08:26 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2004-08-04 11:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 20:05 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55 . 2004-08-04 11:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:16 . 1980-01-01 06:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36 . 1980-01-01 06:00 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2004-08-04 11:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2004-08-04 11:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2004-08-04 11:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2013-03-08 07:07 . 2013-03-08 07:07 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-28 26112]
    "nwiz"="nwiz.exe" [2004-10-26 921600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
    "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
    "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-10-08 53248]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-09-07 385024]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-05-17 528384]
    "bacstray"="BacsTray.exe" [2003-05-15 98304]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]
    "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - [N/A]
    America Online 9.0 Tray Icon.lnk - [N/A]
    Digital Line Detect.lnk - [N/A]
    Hawking Wireless Utility.lnk - [N/A]
    HP Digital Imaging Monitor.lnk - [N/A]
    Microsoft Find Fast.lnk - [N/A]
    SBC Self Support Tool.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [4/19/2012 4:50 AM 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\SYSTEM32\DRIVERS\avglogx.sys [9/21/2012 4:46 AM 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 4:48 AM 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [12/23/2011 1:32 PM 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/8/2010 5:12 AM 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [11/12/2010 2:19 PM 164832]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904]
    S2 RPakIO;RPakIO; [x]
    S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\SYSTEM32\DRIVERS\ZD1211BU.sys [2/6/2008 10:49 AM 402432]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - MBAMSwissArmy
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:51]
    .
    2013-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 19:48]
    .
    2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 19:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
    FF - ProfilePath - c:\documents and settings\G Man\Application Data\Mozilla\Firefox\Profiles\gdf3hr6x.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-27 23:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1404)
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    - - - - - - - > 'explorer.exe'(308)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
     
  19. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
    • Click delete
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt

    Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select Run as Administrator to start
    • Wait until Prescan has finished, then click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • Click delete and wait until it saids deleting finished
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
      Exit/Close RogueKiller+
     
  20. streamlined

    streamlined New Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    35
    Likes Received:
    0
    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\G Man\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Viewpoint

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Viewpoint
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\Software\Viewpoint

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : C:\Documents and Settings\G Man\Application Data\Mozilla\Firefox\Profiles\gdf3hr6x.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3422 octets] - [28/03/2013 08:31:49]
    AdwCleaner[S1].txt - [3427 octets] - [28/03/2013 08:33:59]

    ########## EOF - C:\AdwCleaner[S1].txt - [3487 octets] ##########
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.