Runtime error when removing malware

streamlined

New Member
Mar 27, 2013
35
I made it to step 4 of Remove ZeroAccess rootkit (Uninstall Guide) dated Oct 12, 2012. While trying to install Malwarebytes Anti-Malware FREE I received these errors: (1) Setup CoCreateInstance failed; code 0x80040154 class not registered. (2) Run-time error '372' Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with your application


Step 1: Kaspersky TDSSKiller ran no problem
Step 2: Combofix ran no problem
Step 3: RogueKiller ran no problem

This laptop is a dell Inspiron 8600 running windows xp. Sorry its old and so am I. Sorry I guess I have more reading to do since I don't know what or how to OTL log
 

Fiery

New Member
Jan 11, 2011
2,012
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>

Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 

streamlined

New Member
Mar 27, 2013
35
Thanks Fiery, sorry for the delay. It was supper time. I tried OTL and it failed to scan.
The error was: Access violation at address 0052DFB7 in module 'OTL.exe' Read of address 00000000.I am unable to provide your request
 

Fiery

New Member
Jan 11, 2011
2,012
Ok, let's try this instead.

Download DDS from here
  • Temporarily disable any script blocker or Anti-Virus/Anti-Malware
  • Double click dds.scr to run the tool (On Vista or Win 7 or Win 8 right click and select Run as administrator)
  • Click the Run button if prompted with an Open File - Security Warning dialog box.
  • A black DOS console should open and run for a moment.
  • Once completed, DDS.txt and attach.txt will be created.
  • Save both reports and attach them in your next reply
 

streamlined

New Member
Mar 27, 2013
35
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2005 7:25:41 PM
System Uptime: 3/27/2013 8:21:07 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 0D5689
Processor: Intel(R) Pentium(R) M processor 1.40GHz | Microprocessor | 1397/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 25.746 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1609: 1/10/2013 8:24:46 PM - System Checkpoint
RP1610: 1/11/2013 11:20:16 PM - System Checkpoint
RP1611: 1/12/2013 6:09:21 PM - Restore Operation
RP1612: 1/12/2013 6:19:28 PM - Restore Operation
RP1613: 1/12/2013 6:32:14 PM - Software Distribution Service 3.0
RP1614: 1/12/2013 8:06:59 PM - Restore Operation
RP1615: 1/12/2013 8:10:40 PM - Restore Operation
RP1616: 1/12/2013 9:18:33 PM - Restore Operation
RP1617: 1/12/2013 9:25:14 PM - Restore Operation
RP1618: 1/13/2013 9:13:25 AM - Software Distribution Service 3.0
RP1619: 1/13/2013 9:33:41 AM - Installed Windows Internet Explorer 8.
RP1620: 1/14/2013 12:18:32 AM - Installed Windows Internet Explorer 8.
RP1621: 1/14/2013 1:01:23 AM - Software Distribution Service 3.0
RP1622: 1/15/2013 9:22:17 AM - Software Distribution Service 3.0
RP1623: 1/16/2013 10:35:15 AM - System Checkpoint
RP1624: 1/17/2013 8:03:55 PM - System Checkpoint
RP1625: 1/19/2013 12:30:04 AM - System Checkpoint
RP1626: 1/22/2013 5:50:55 PM - System Checkpoint
RP1627: 1/23/2013 6:04:43 PM - System Checkpoint
RP1628: 1/25/2013 8:39:08 PM - System Checkpoint
RP1629: 1/26/2013 9:16:12 PM - System Checkpoint
RP1630: 1/29/2013 11:13:58 PM - System Checkpoint
RP1631: 2/2/2013 12:52:30 AM - System Checkpoint
RP1632: 2/5/2013 6:36:40 PM - System Checkpoint
RP1633: 2/9/2013 12:48:12 AM - System Checkpoint
RP1634: 2/10/2013 1:30:37 AM - System Checkpoint
RP1635: 2/14/2013 11:31:40 AM - System Checkpoint
RP1636: 2/15/2013 12:13:34 AM - Software Distribution Service 3.0
RP1637: 2/15/2013 3:00:11 PM - Software Distribution Service 3.0
RP1638: 2/15/2013 11:46:08 PM - Software Distribution Service 3.0
RP1639: 2/16/2013 8:24:31 PM - Software Distribution Service 3.0
RP1640: 2/17/2013 12:47:22 AM - Software Distribution Service 3.0
RP1641: 2/17/2013 7:36:07 PM - Software Distribution Service 3.0
RP1642: 2/17/2013 7:52:13 PM - Software Distribution Service 3.0
RP1643: 2/18/2013 7:57:43 PM - System Checkpoint
RP1644: 2/19/2013 12:23:52 AM - Software Distribution Service 3.0
RP1645: 2/20/2013 8:51:16 AM - Software Distribution Service 3.0
RP1646: 2/21/2013 12:27:47 AM - Software Distribution Service 3.0
RP1647: 2/21/2013 2:44:02 PM - Software Distribution Service 3.0
RP1648: 2/22/2013 3:00:18 AM - Software Distribution Service 3.0
RP1649: 2/22/2013 10:11:44 AM - Software Distribution Service 3.0
RP1650: 2/23/2013 1:29:45 AM - Software Distribution Service 3.0
RP1651: 2/24/2013 12:48:03 AM - Software Distribution Service 3.0
RP1652: 2/25/2013 5:37:38 PM - System Checkpoint
RP1653: 2/25/2013 6:04:59 PM - Software Distribution Service 3.0
RP1654: 2/26/2013 9:03:43 AM - Software Distribution Service 3.0
RP1655: 2/27/2013 12:21:46 AM - Software Distribution Service 3.0
RP1656: 2/28/2013 1:36:52 AM - System Checkpoint
RP1657: 2/28/2013 3:00:17 AM - Software Distribution Service 3.0
RP1658: 3/1/2013 12:05:53 AM - Software Distribution Service 3.0
RP1659: 3/2/2013 1:31:13 PM - System Checkpoint
RP1660: 3/3/2013 3:00:17 AM - Software Distribution Service 3.0
RP1661: 3/4/2013 9:10:35 AM - Software Distribution Service 3.0
RP1662: 3/4/2013 8:07:17 PM - Software Distribution Service 3.0
RP1663: 3/5/2013 10:15:25 AM - Software Distribution Service 3.0
RP1664: 3/5/2013 11:12:40 AM - Software Distribution Service 3.0
RP1665: 3/6/2013 12:20:54 AM - Software Distribution Service 3.0
RP1666: 3/6/2013 3:23:25 PM - Software Distribution Service 3.0
RP1667: 3/6/2013 3:35:58 PM - Software Distribution Service 3.0
RP1668: 3/7/2013 11:18:53 PM - Software Distribution Service 3.0
RP1669: 3/9/2013 12:36:01 AM - Software Distribution Service 3.0
RP1670: 3/9/2013 2:10:42 AM - Software Distribution Service 3.0
RP1671: 3/10/2013 3:13:55 PM - Software Distribution Service 3.0
RP1672: 3/11/2013 12:35:40 AM - Software Distribution Service 3.0
RP1673: 3/12/2013 12:42:01 AM - System Checkpoint
RP1674: 3/12/2013 1:06:47 AM - Software Distribution Service 3.0
RP1675: 3/12/2013 12:45:20 PM - Software Distribution Service 3.0
RP1676: 3/13/2013 7:18:49 PM - System Checkpoint
RP1677: 3/14/2013 12:09:58 AM - Software Distribution Service 3.0
RP1678: 3/15/2013 4:38:34 PM - Software Distribution Service 3.0
RP1679: 3/17/2013 4:04:42 PM - Software Distribution Service 3.0
RP1680: 3/18/2013 3:00:17 AM - Software Distribution Service 3.0
RP1681: 3/18/2013 10:47:56 PM - Software Distribution Service 3.0
RP1682: 3/20/2013 1:24:21 AM - System Checkpoint
RP1683: 3/20/2013 3:00:17 AM - Software Distribution Service 3.0
RP1684: 3/21/2013 3:00:16 AM - Software Distribution Service 3.0
RP1685: 3/22/2013 11:56:45 AM - Software Distribution Service 3.0
RP1686: 3/23/2013 5:48:21 PM - Software Distribution Service 3.0
RP1687: 3/24/2013 11:11:46 AM - Software Distribution Service 3.0
RP1688: 3/25/2013 3:00:17 AM - Software Distribution Service 3.0
RP1689: 3/26/2013 3:45:14 PM - Software Distribution Service 3.0
RP1690: 3/26/2013 4:11:22 PM - Software Distribution Service 3.0
RP1691: 3/26/2013 6:52:29 PM - Software Distribution Service 3.0
RP1692: 3/26/2013 6:58:30 PM - Software Distribution Service 3.0
RP1693: 3/27/2013 12:27:42 PM - Software Distribution Service 3.0
RP1694: 3/27/2013 8:20:16 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2Wire Wireless Client
7500_7600_7700_Help
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.1.0
Advanced Font Viewer 2.61
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! High Speed Internet Home Networking Installer
AVG 2013
Banctec Service Agreement
Bonjour
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Broadcom Advanced Control Suite
BroadJump Client Foundation
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i560
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ClipCollect 1.43
Conexant D480 MDC V.9x Modem
Consumer Complete Care Services Agreement
DataLinkII
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
Dell System Restore
DellConnect
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
DocumentViewer
DocumentViewerQFolder
Easy-WebPrint
eSupportQFolder
Etomi (remove only)
Garmin Communicator Plugin
Google Earth Plug-in
Google Update Helper
Hawking Hi-Gain Wireless-G USB Dish Adapter
History Cleaner - Free Version
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
hp officejet g series
hp officejet g series - 2
HP Officejet Pro All-In-One Series
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
iTunes
Java 7 Update 7
Java Auto Updater
L7600
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.70.0.1100
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word 97
Microsoft Works 4.5
Microsoft Works Setup Launcher
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
NVIDIA Drivers
P2P Identity Secure for Kazaa – iMesh – Morpheus Version 2.5
PanoStandAlone
Photo Click
PL-2303 USB-to-Serial
PowerDVD 5.1
ProductContext
QuickSet
QuickTime
RacePak DataLinkII
RealPlayer Basic
Safari
SBC Self Support Tool
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
SLD CODEC PACK 1.5.3
SolutionCenter
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Status
StuffIt Standard
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB971029)
WebFldrs XP
WebReg
Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
3/27/2013 5:40:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
3/27/2013 5:40:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/26/2013 6:23:02 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/26/2013 6:23:02 PM, error: Service Control Manager [7000] - The RPakIO service failed to start due to the following error: The system cannot find the file specified.
3/26/2013 4:11:29 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).
3/25/2013 8:00:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================


I hope this is what you were looking for
 

streamlined

New Member
Mar 27, 2013
35
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by at 20:54:17 on 2013-03-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\etomi\plugins\RazaWebHook.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: <No Name>: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [nwiz] "nwiz.exe" /installquiet
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Motive SmartBridge] "c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [bacstray] "BacsTray.exe"
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [BJCFD] "c:\program files\broadjump\client foundation\CFD.exe"
mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194630862701
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{131DB1F6-5184-4D54-B400-3B7762D6B9CA} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\g man\application data\mozilla\firefox\profiles\gdf3hr6x.default\
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 164832]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
S2 RPakIO;RPakIO; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-27 40776]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2008-2-6 402432]
.
=============== Created Last 30 ================
.
2013-03-28 01:01:35 -------- d-sha-r- C:\cmdcons
2013-03-28 00:58:53 98816 ----a-w- c:\windows\sed.exe
2013-03-28 00:58:53 256000 ----a-w- c:\windows\PEV.exe
2013-03-28 00:58:53 208896 ----a-w- c:\windows\MBR.exe
2013-03-28 00:37:11 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-27 20:29:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-27 20:29:20 -------- d-----w- c:\documents and settings\g man\application data\Malwarebytes
2013-03-27 20:28:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-27 20:28:25 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 20:28:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-21 19:04:36 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 19:04:36 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M ====================
.
2013-03-14 01:51:18 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 01:51:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 20:55:45.92 ===============


Better?
 

streamlined

New Member
Mar 27, 2013
35
Fiery said:
There should be another log called DDS.txt

How would I zip that whole thing so it would be smaller? Am I posting info that compromises my computers safety? I read the attach thing and I still don't really get it. Sorry for my ignorance.
 

Fiery

New Member
Jan 11, 2011
2,012
streamlined said:
How would I zip that whole thing so it would be smaller? Am I posting info that compromises my computers safety? I read the attach thing and I still don't really get it. Sorry for my ignorance.


Nothing in your log contains personal or computer information. These logs are formatted specifically for internet forum uses :)

Upload a File to Virustotal
Please visit www.Virustotal.com
  • Click the Choose file... button
  • Navigate to the file c:\windows\system32\quartz.dll
  • Click the Open button
  • Click the Scan It button
  • Copy and paste the results back here.
 

streamlined

New Member
Mar 27, 2013
35
Antivirus Result Update
Agnitum - 20130328
AhnLab-V3 - 20130327
AntiVir - 20130328
Antiy-AVL - 20130328
Avast - 20130328
AVG - 20130328
BitDefender - 20130328
ByteHero - 20130322
CAT-QuickHeal - 20130328
ClamAV - 20130328
Commtouch - 20130327
Comodo - 20130328
DrWeb - 20130328
Emsisoft - 20130328
eSafe - 20130324
ESET-NOD32 - 20130327
F-Prot - 20130327
F-Secure - 20130328
Fortinet - 20130328
GData - 20130328
Ikarus - 20130328
Jiangmin - 20130326
K7AntiVirus - 20130327
Kaspersky - 20130328
Kingsoft - 20130325
Malwarebytes - 20130328
McAfee - 20130328
McAfee-GW-Edition - 20130328
Microsoft - 20130328
MicroWorld-eScan - 20130328
NANO-Antivirus - 20130328
Norman - 20130327
nProtect - 20130327
Panda - 20130327
PCTools - 20130328
Rising - 20130328
Sophos - 20130328
SUPERAntiSpyware - 20130328
Symantec - 20130328
TheHacker - 20130327
TotalDefense - 20130327
TrendMicro - 20130328
TrendMicro-HouseCall - 20130328
VBA32 - 20130327
VIPRE - 20130328
ViRobot - 20130328
 

Fiery

New Member
Jan 11, 2011
2,012
Ok, I know you have ran Combofix before, please run it again after MBAR. Delete the old copy Combofix

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

<>* IMPORTANT !!! Save ComboFix to your Desktop as ComboFix.exe</>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
<li>As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's ly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.</li>
<li>Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.</li>
</ul>
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

<img src="http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif" alt="Posted Image" />
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

<img src="http://img.photobucket.com/albums/v706/ried7/whatnext.png" alt="Posted Image" />
Click on <>Yes</>, to continue scanning for malware.

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
 
Last edited by a moderator:

streamlined

New Member
Mar 27, 2013
35
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.28.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: [administrator]

3/27/2013 11:25:24 PM
mbar-log-2013-03-27 (23-25-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27478
Time elapsed: 14 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

streamlined

New Member
Mar 27, 2013
35
(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 1072930816, free: 527466496

------------ Kernel report ------------
03/27/2013 23:08:05
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
intelide.sys
toside.sys
viaide.sys
cmdide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
agp440.sys
alim1541.sys
amdagp.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\w29n51.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\stac97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWICH.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\iwca.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\omci.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\mdc8021x.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\??\C:\WINDOWS\system32\Drivers\BASFND.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\DOCUME~1\GMAN~1\LOCALS~1\Temp\mbr.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\SYSTEM32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87776ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff87789d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.28.03
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87776ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87775cb8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87776ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87789d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe142d800, 0xffffffff87776ab8, 0xffffffff86545040
Lower DeviceData: 0xffffffffe12c5058, 0xffffffff87789d98, 0xffffffff865ead38
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\TOSDVD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\TSBVCAP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MCD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\RAWWAN.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\CINEMST2.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\CPQDAP01.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\del5422.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\RIO8DRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\RIODRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ROOTMDM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\FADXP32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hpoipr07.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NIKEDRV.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\PARVDM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SMCLIB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_INS_8600.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ACPIEC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\FSVGA.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\GM.DLS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\GMREADME.TXT" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\FAD.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fad9x.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\VDMINDVD.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WS2IFSL.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ATMEPVC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ATMUNI.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NWLNKNB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NWLNKSPX.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\OPRGHDLR.SYS" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 96327

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 96390 Numsec = 111121605
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 111217995 Numsec = 5976180

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 60011642880 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\Administrator.USER123\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\Coach\AdpData.acd" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\Coach\runlog.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\AOL.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\AOLDiag.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\aoltpspd.ph" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\appdata.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\axph.ph" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\compver.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\goto.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\gotoko.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ph.ph" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\shellrestart.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\trayicon.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\version.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\waol.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\storage\aoltpspd.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\51434298-11BE-D2EC-67E5-29112DDBE29D.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\GTek\gtny\counter.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\GTek\gtny\gtuser.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\BOOKMRK.DBF" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Yahoo!\YOP\yop.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\AdobeUM\AcRdB7_1_0.sta" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Apple Computer\Preferences\com.apple.MobileDeviceCrashCopy.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Apple Computer\Preferences\com.apple.WindowsContactsSync.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Organizer\assets.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Organizer\layouts.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Organizer\thumbnailSel.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Viewer\assets.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Viewer\layouts.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Costco Photo Viewer\thumbnailSel.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Microsoft\Media Player\0073ABEA.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\MPEG Streamclip\Preferences" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Sonic\RecordNow!\playlist.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Application Data\Yahoo!\Browser\Q32BtwWkblWpt^tNYjmsKA--.yba" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sonic\Update Manager\sumdb.dat" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\MSOE.TXT" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\NPDRMV2.ZIP" is compressed (flags = 1)
Read File: File "c:\Temp\BoiseNetWiz.txt" is compressed (flags = 1)
Read File: File "c:\Temp\hponicifs01.log" is compressed (flags = 1)
Read File: File "c:\Temp\hponiscan01.log" is compressed (flags = 1)
Read File: File "c:\Temp\QuickStartGuide.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\AddPort.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\DSOUND.VXD" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\PERFFILT.H" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\PERFWCI.H" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\PSCRIPT.SEP" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\results.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CMOS.RAM" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\coh.cache" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\$NCSP$.INF" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\PCL.SEP" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\registersld.bat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\spupdwxp.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\PERFCI.H" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\PRODSPEC.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\zonedoff.reg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\zonedon.reg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\Settings.stg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\L_EXCEPT.NLS" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\DRIVERS\ETC\NETWORKS" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\OOBE\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\OOBE\OBEIP.DUN" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\OOBE\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\OOBE\REG.ISP" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\OOBE\MIGIP.DUN" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\OOBE\MIGRATE.ISP" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\NTUSER.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\NTUSER.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\NTUSER.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\VB.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\VBADDIN.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\EXPLORER.SCF" is compressed (flags = 1)
Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\CMSETACL.LOG" is compressed (flags = 1)
Read File: File "c:\WINDOWS\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\cdPlayer.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Hposcv07.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\install.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wininit.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wsnk.his" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wsnk.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\xpsp1hfm.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\mp10oem.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\nsreg.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\MSCORCFG\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqmydoc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcprf.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdcrsc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqdocvw.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ASSEMBLY\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Debug\mrt.log.old" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\ATTInternetInstaller.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\WINDOWS.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\WINHLP32.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\CIADMIN.HTM" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\CONF.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\CONNECT.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\NOCONTNT.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\MSHEARTS.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\MSNAUTH.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\RATINGS.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\UPDATE.CNT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Installer\iProData\VERFILE.TIC" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\L_EXCEPT.NLP" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\BULLET.GIF" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator.USER123\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\PowerDVD\UserName.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\History\History.IE5\INDEX.DAT" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\DESKTOP.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\HP\Digital Imaging\DataFile.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\G Man\Local Settings\Application Data\PowerDVD\UserName.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary --> [Adware.MyWaySearch]
Infected: HKLM\SOFTWARE\CLASSES\MyWaySearchAssistantDE.Auxiliary.1 --> [Adware.MyWaySearch]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
 

streamlined

New Member
Mar 27, 2013
35
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))
.
.
2013-03-28 06:02 . 2013-03-28 06:02 -------- d-----w- c:\program files\7-Zip
2013-03-28 00:37 . 2013-03-28 00:37 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-27 20:29 . 2013-03-27 20:29 -------- d-----w- c:\documents and settings\G Man\Application Data\Malwarebytes
2013-03-27 20:28 . 2013-03-27 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-27 20:28 . 2013-03-28 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-27 20:28 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-21 19:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 19:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 01:51 . 2012-04-09 00:55 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 01:51 . 2011-06-24 02:23 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2008-08-28 08:26 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 11:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-04 11:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 1980-01-01 06:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 1980-01-01 06:00 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 11:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 11:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 11:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-08 07:07 . 2013-03-08 07:07 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-28 26112]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-10-08 53248]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-09-07 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-05-17 528384]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - [N/A]
America Online 9.0 Tray Icon.lnk - [N/A]
Digital Line Detect.lnk - [N/A]
Hawking Wireless Utility.lnk - [N/A]
HP Digital Imaging Monitor.lnk - [N/A]
Microsoft Find Fast.lnk - [N/A]
SBC Self Support Tool.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [4/19/2012 4:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\SYSTEM32\DRIVERS\avglogx.sys [9/21/2012 4:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 4:48 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [12/23/2011 1:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/8/2010 5:12 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [11/12/2010 2:19 PM 164832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904]
S2 RPakIO;RPakIO; [x]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\SYSTEM32\DRIVERS\ZD1211BU.sys [2/6/2008 10:49 AM 402432]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:51]
.
2013-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 19:48]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 19:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
FF - ProfilePath - c:\documents and settings\G Man\Application Data\Mozilla\Firefox\Profiles\gdf3hr6x.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-27 23:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
 

Fiery

New Member
Jan 11, 2011
2,012
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 

streamlined

New Member
Mar 27, 2013
35
***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\G Man\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\G Man\Application Data\Mozilla\Firefox\Profiles\gdf3hr6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3422 octets] - [28/03/2013 08:31:49]
AdwCleaner[S1].txt - [3427 octets] - [28/03/2013 08:33:59]

########## EOF - C:\AdwCleaner[S1].txt - [3487 octets] ##########
 
Top