1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Slow running computer with AVG

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by bgc, May 31, 2014.

  1. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    You can reboot if you wish.
     
  2. bgc

    bgc Established Techie7 Member

    I started the fis 20 min ago. How long does it take? Should it still be fixing?
     
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Be patient.
     
  4. bgc

    bgc Established Techie7 Member

    Still fixing. Going on 12 hours - should I start over? If so, I assume: close FRST, eject USB drive and reboot. Thanks
     
  5. bgc

    bgc Established Techie7 Member

    I shutdown and restarted the Bad computer and FRST Fix completed in less than 30 seconds. Upon restart Bad Computer is no longer plagued with the 60 second system shutdown message, I am able to connect to the internet (pages load slow), log below:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
    Ran by SYSTEM at 2014-06-09 15:53:52 Run:1
    Running from G:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    Replace: C:\WINDOWS\ERDNT\cache\rpcss.dll C:\WINDOWS\system32\rpcss.dll
    Replace: C:\WINDOWS\ERDNT\cache\rpcss.dll C:\WINDOWS\system32\dllcache\rpcss.dll
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
    S4 hpt3xx; No ImagePath
    S4 IntelIde; No ImagePath
    S1 RCHelp;
    2014-05-29 17:42 - 2014-05-29 17:42 - 00000000 ____S () C:\Windows\System32\ycwd.fdq
    2014-06-01 00:20 - 2014-06-01 00:20 - 00000000 ____S () C:\Windows\System32\yayzdr.wml
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install
    C:\Program Files\Google\Desktop\Install
    C:\Documents and Settings\Administrator\temp.reg

    *****************

    C:\WINDOWS\system32\rpcss.dll => Moved successfully.
    C:\WINDOWS\ERDNT\cache\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll
    C:\WINDOWS\system32\dllcache\rpcss.dll => Moved successfully.
    C:\WINDOWS\ERDNT\cache\rpcss.dll copied successfully to C:\WINDOWS\system32\dllcache\rpcss.dll
    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
    hpt3xx => Service deleted successfully.
    IntelIde => Service deleted successfully.
    RCHelp => Service deleted successfully.
    C:\Windows\System32\ycwd.fdq => Moved successfully.
    C:\Windows\System32\yayzdr.wml => Moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
    C:\Program Files\Google\Desktop\Install => Moved successfully.
    C:\Documents and Settings\Administrator\temp.reg => Moved successfully.

    ==== End of Fixlog ====
     
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Good news :)

    Go ahead with my reply #2 (RogueKiller and MBAR).
     
  7. bgc

    bgc Established Techie7 Member

    RogueKiller log:

    RogueKiller V9.0.0.0 [May 29 2014] by Adlice Software

    mail : http://www.adlice.com/contact/

    Feedback : http://forum.adlice.com

    Website : http://www.adlice.com/softwares/roguekiller/

    Blog : http://www.adlice.com



    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : Administrator [Admin rights]

    Mode : Remove -- Date : 06/09/2014 20:58:39



    ¤¤¤ Bad processes : 1 ¤¤¤

    [SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe[-] -> KILLED [TermProc]



    ¤¤¤ Registry Entries : 3 ¤¤¤

    [PUM.Https] HKEY_USERS\RK_User2_ON_E_0A6B\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED

    [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED



    ¤¤¤ Scheduled tasks : 0 ¤¤¤



    ¤¤¤ Files : 0 ¤¤¤



    ¤¤¤ HOSTS File : 1 ¤¤¤

    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost



    ¤¤¤ Antirootkit : 0 ¤¤¤



    ¤¤¤ Web browsers : 0 ¤¤¤



    ¤¤¤ MBR Check : ¤¤¤

    +++++ PhysicalDrive0: IC35L040AVVA07-0 +++++

    --- User ---

    [MBR] bd2e9fa4fd90b70758e7a99657819470

    [BSP] e01f99d5765f6241f822e573367e0a3c : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 MB

    User = LL1 ... OK

    User = LL2 ... OK



    +++++ PhysicalDrive1: Maxtor 6E020L0 +++++

    --- User ---

    [MBR] e34df00094bdbcf773f5ea5c166a9743

    [BSP] ec9041d2d2bc9ad4aee35304ff79bb86 : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19877 MB

    User = LL1 ... OK

    User = LL2 ... OK



    +++++ PhysicalDrive2: HP Photosmart C3140 USB Device +++++

    Error reading User MBR! ([15] The device is not ready. )

    --- LL1 ---

    [MBR] NOT VALID

    Error reading LL2 MBR! ([32] The request is not supported. )



    +++++ PhysicalDrive3: Generic Ultra HS-SD/MMC USB Device +++++

    Error reading User MBR! ([15] The device is not ready. )

    --- LL1 ---

    [MBR] NOT VALID

    Error reading LL2 MBR! ([32] The request is not supported. )





    ============================================

    RKreport_SCN_06092014_203937.log



    MBAR log:

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.06.09.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: HOMESALE [administrator]

    6/9/2014 9:53:54 PM
    mbar-log-2014-06-09 (21-53-54).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 246552
    Time elapsed: 33 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    System Log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.391000 GHz
    Memory total: 1072680960, free: 224219136

    Downloaded database version: v2014.06.03.06
    Downloaded database version: v2014.06.02.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    06/03/2014 12:52:37
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\System32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    aic78xx.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    MpFilter.sys
    DRVMCDB.SYS
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    agp440.sys
    \SystemRoot\System32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\usbuhci.sys
    \SystemRoot\System32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\System32\DRIVERS\e1000325.sys
    \SystemRoot\System32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\System32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\DRIVERS\serial.sys
    \SystemRoot\System32\DRIVERS\serenum.sys
    \SystemRoot\System32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\DLACDBHM.SYS
    \SystemRoot\System32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\redbook.sys
    \SystemRoot\System32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\aeaudio.sys
    \SystemRoot\System32\DRIVERS\audstub.sys
    \SystemRoot\System32\DRIVERS\rasl2tp.sys
    \SystemRoot\System32\DRIVERS\ndistapi.sys
    \SystemRoot\System32\DRIVERS\ndiswan.sys
    \SystemRoot\System32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\DRIVERS\raspptp.sys
    \SystemRoot\System32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\ptilink.sys
    \SystemRoot\System32\DRIVERS\raspti.sys
    \SystemRoot\System32\DRIVERS\rdpdr.sys
    \SystemRoot\System32\DRIVERS\termdd.sys
    \SystemRoot\System32\DRIVERS\mouclass.sys
    \SystemRoot\System32\DRIVERS\swenum.sys
    \SystemRoot\System32\DRIVERS\update.sys
    \SystemRoot\System32\DRIVERS\omci.sys
    \SystemRoot\System32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\DRIVERS\usbhub.sys
    \SystemRoot\System32\DRIVERS\USBD.SYS
    \SystemRoot\System32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_N.SYS
    \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\System32\DRIVERS\msgpc.sys
    \SystemRoot\System32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\System32\DRIVERS\wanarp.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbios.sys
    \SystemRoot\System32\DRIVERS\rdbss.sys
    \SystemRoot\System32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\System32\DRIVERS\hidusb.sys
    \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\System32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\system32\DRIVERS\avgdiskx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\ati3d1ag.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\Drivers\DRVNDDM.SYS
    \SystemRoot\System32\DLA\DLADResN.SYS
    \SystemRoot\System32\DLA\DLAIFS_M.SYS
    \SystemRoot\System32\DLA\DLAOPIOM.SYS
    \SystemRoot\System32\DLA\DLAPoolM.SYS
    \SystemRoot\System32\DLA\DLABOIOM.SYS
    \SystemRoot\System32\DLA\DLAUDFAM.SYS
    \SystemRoot\System32\DLA\DLAUDF_M.SYS
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\System32\Drivers\Aspi32.SYS
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR8
    Upper Device Object: 0xffffffff8721bab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006d\
    Lower Device Object: 0xffffffff85f4d950
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff870b4030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000066\
    Lower Device Object: 0xffffffff872ba570
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff87388ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
    Lower Device Object: 0xffffffff8738ab00
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8734aab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
    Lower Device Object: 0xffffffff87367b00
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8734aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff873ce900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8734aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff87367b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smsens.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\smsens.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A727A727

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 78156162
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 40020664320 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff87388ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8734b930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff87388ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8738ab00, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C0FFC0FF

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 40708647
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 20847697920 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff870b4030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86c29020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff870b4030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86c4e020, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff872ba570, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff8721bab8, DeviceName: \Device\Harddisk3\DR8\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86c58020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8721bab8, DeviceName: \Device\Harddisk3\DR8\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86744020, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff85f4d950, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Backup file found for a file C:\WINDOWS\system32\rpcss.dll
    Infected: C:\WINDOWS\system32\rpcss.dll --> [Trojan.Zekos.PatchedXP3]
    Infected: C:\RECYCLER\S-1-5-18\$a2b98490b48dc789d11cd189a2a3f686\@ --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-21-63185453-221474574-1068240499-500\$a2b98490b48dc789d11cd189a2a3f686\@ --> [Trojan.Siredef.C]
    Read File: File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$a2b98490b48dc789d11cd189a2a3f686\U --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-21-63185453-221474574-1068240499-500\$a2b98490b48dc789d11cd189a2a3f686\U --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$a2b98490b48dc789d11cd189a2a3f686\L --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-21-63185453-221474574-1068240499-500\$a2b98490b48dc789d11cd189a2a3f686\L --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$a2b98490b48dc789d11cd189a2a3f686 --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-21-63185453-221474574-1068240499-500\$a2b98490b48dc789d11cd189a2a3f686 --> [Trojan.Siredef.C]
    Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\❤≸⋙ --> [Trojan.0Access]
    Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
    Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
    Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686} --> [Trojan.0Access]
    Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\@ --> [Trojan.0Access]
    Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686} --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛ --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686} --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\@ --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u\00000001.@ --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u\00000002.@ --> [Trojan.0Access]
    Infected: c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u\80000001.@ --> [Trojan.0Access]
    Infected: C:\Program Files\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686} --> [Trojan.0Access]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.391000 GHz
    Memory total: 1072680960, free: 601870336

    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.391000 GHz
    Memory total: 1072680960, free: 623517696

    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.391000 GHz
    Memory total: 1072680960, free: 619667456

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.391000 GHz
    Memory total: 1072680960, free: 264364032

    Could not load protection driver
    Downloaded database version: v2014.06.09.11
    =======================================
    Initializing...
    ------------ Kernel report ------------
    06/09/2014 21:12:10
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\System32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    aic78xx.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    MpFilter.sys
    DRVMCDB.SYS
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    agp440.sys
    \SystemRoot\System32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\usbuhci.sys
    \SystemRoot\System32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\System32\DRIVERS\e1000325.sys
    \SystemRoot\System32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\System32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\DRIVERS\serial.sys
    \SystemRoot\System32\DRIVERS\serenum.sys
    \SystemRoot\System32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\DLACDBHM.SYS
    \SystemRoot\System32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\redbook.sys
    \SystemRoot\System32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\aeaudio.sys
    \SystemRoot\System32\DRIVERS\audstub.sys
    \SystemRoot\System32\DRIVERS\rasl2tp.sys
    \SystemRoot\System32\DRIVERS\ndistapi.sys
    \SystemRoot\System32\DRIVERS\ndiswan.sys
    \SystemRoot\System32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\DRIVERS\raspptp.sys
    \SystemRoot\System32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\ptilink.sys
    \SystemRoot\System32\DRIVERS\raspti.sys
    \SystemRoot\System32\DRIVERS\rdpdr.sys
    \SystemRoot\System32\DRIVERS\termdd.sys
    \SystemRoot\System32\DRIVERS\mouclass.sys
    \SystemRoot\System32\DRIVERS\swenum.sys
    \SystemRoot\System32\DRIVERS\update.sys
    \SystemRoot\System32\DRIVERS\omci.sys
    \SystemRoot\System32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\DRIVERS\usbhub.sys
    \SystemRoot\System32\DRIVERS\USBD.SYS
    \SystemRoot\System32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_N.SYS
    \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\System32\DRIVERS\msgpc.sys
    \SystemRoot\System32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\System32\DRIVERS\ipnat.sys
    \SystemRoot\System32\DRIVERS\wanarp.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbios.sys
    \SystemRoot\System32\DRIVERS\rdbss.sys
    \SystemRoot\System32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\DRIVERS\hidusb.sys
    \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\System32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\system32\DRIVERS\avgdiskx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\ati3d1ag.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\Drivers\DRVNDDM.SYS
    \SystemRoot\System32\DLA\DLADResN.SYS
    \SystemRoot\System32\DLA\DLAIFS_M.SYS
    \SystemRoot\System32\DLA\DLAOPIOM.SYS
    \SystemRoot\System32\DLA\DLAPoolM.SYS
    \SystemRoot\System32\DLA\DLABOIOM.SYS
    \SystemRoot\System32\DLA\DLAUDFAM.SYS
    \SystemRoot\System32\DLA\DLAUDF_M.SYS
    \SystemRoot\System32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\System32\Drivers\Aspi32.SYS
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6AE30B4F-D330-4AD2-BD01-93C621D22A4F}\MpKslb16a3719.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\rpcss.dll-k.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\rpcss.dll-u.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\rpcss.dll-r.mbam...
    Removing C:\RECYCLER\S-1-5-18\$a2b98490b48dc789d11cd189a2a3f686\@...
    Removing C:\RECYCLER\S-1-5-21-63185453-221474574-1068240499-500\$a2b98490b48dc789d11cd189a2a3f686\@...
    Removing C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\@...
    Removing c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\@...
    Removing c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u\00000001.@...
    Removing c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u\00000002.@...
    Removing c:\program files\google\desktop\install\{a2b98490-b48d-c789-d11c-d189a2a3f686}\ \ \‮ﯹ๛\{a2b98490-b48d-c789-d11c-d189a2a3f686}\u\80000001.@...
    Removal finished
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR5
    Upper Device Object: 0xffffffff87274ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000066\
    Lower Device Object: 0xffffffff86d42558
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff86d3c030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000065\
    Lower Device Object: 0xffffffff86d4a6f0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff87388ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
    Lower Device Object: 0xffffffff8738ab00
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8734aab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
    Lower Device Object: 0xffffffff87367b00
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8734aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff873ce900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8734aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff87367b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smsens.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\smsens.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A727A727

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 78156162
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 40020664320 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff87388ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8734b930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff87388ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8738ab00, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C0FFC0FF

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 40708647
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 20847697920 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff86d3c030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87219e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86d3c030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86d4b200, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff86d4a6f0, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff87274ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8721b5c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff87274ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86d6a020, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff86d42558, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Read File: File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.391000 GHz
    Memory total: 1072680960, free: 625029120

    Could not load protection driver
    Initializing...
    =======================================
    ------------ Kernel report ------------
    06/09/2014 21:53:31
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\System32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    aic78xx.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    MpFilter.sys
    DRVMCDB.SYS
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    agp440.sys
    \SystemRoot\System32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\usbuhci.sys
    \SystemRoot\System32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\System32\DRIVERS\e1000325.sys
    \SystemRoot\System32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\System32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\DRIVERS\serial.sys
    \SystemRoot\System32\DRIVERS\serenum.sys
    \SystemRoot\System32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\DLACDBHM.SYS
    \SystemRoot\System32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\redbook.sys
    \SystemRoot\System32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\aeaudio.sys
    \SystemRoot\System32\DRIVERS\audstub.sys
    \SystemRoot\System32\DRIVERS\rasl2tp.sys
    \SystemRoot\System32\DRIVERS\ndistapi.sys
    \SystemRoot\System32\DRIVERS\ndiswan.sys
    \SystemRoot\System32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\DRIVERS\raspptp.sys
    \SystemRoot\System32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\ptilink.sys
    \SystemRoot\System32\DRIVERS\raspti.sys
    \SystemRoot\System32\DRIVERS\rdpdr.sys
    \SystemRoot\System32\DRIVERS\termdd.sys
    \SystemRoot\System32\DRIVERS\mouclass.sys
    \SystemRoot\System32\DRIVERS\swenum.sys
    \SystemRoot\System32\DRIVERS\update.sys
    \SystemRoot\System32\DRIVERS\omci.sys
    \SystemRoot\System32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\DRIVERS\usbhub.sys
    \SystemRoot\System32\DRIVERS\USBD.SYS
    \SystemRoot\System32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_N.SYS
    \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\System32\DRIVERS\msgpc.sys
    \SystemRoot\System32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\System32\DRIVERS\ipnat.sys
    \SystemRoot\System32\DRIVERS\wanarp.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbios.sys
    \SystemRoot\System32\DRIVERS\rdbss.sys
    \SystemRoot\System32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\System32\DRIVERS\hidusb.sys
    \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\System32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
    \SystemRoot\system32\DRIVERS\avgdiskx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\ati3d1ag.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\Drivers\DRVNDDM.SYS
    \SystemRoot\System32\DLA\DLADResN.SYS
    \SystemRoot\System32\DLA\DLAIFS_M.SYS
    \SystemRoot\System32\DLA\DLAOPIOM.SYS
    \SystemRoot\System32\DLA\DLAPoolM.SYS
    \SystemRoot\System32\DLA\DLABOIOM.SYS
    \SystemRoot\System32\DLA\DLAUDFAM.SYS
    \SystemRoot\System32\DLA\DLAUDF_M.SYS
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\System32\Drivers\Aspi32.SYS
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR5
    Upper Device Object: 0xffffffff871ec030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000066\
    Lower Device Object: 0xffffffff870d3558
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff870c4030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000065\
    Lower Device Object: 0xffffffff871d5ea0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8737cab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
    Lower Device Object: 0xffffffff873cab00
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff87361ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
    Lower Device Object: 0xffffffff87363b00
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff87361ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87362900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff87361ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff87363b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smsens.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\smsens.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A727A727

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 78156162
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 40020664320 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8737cab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8738f930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8737cab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff873cab00, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C0FFC0FF

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 40708647
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 20847697920 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff870c4030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff872c3e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff870c4030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff870cb680, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff871d5ea0, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff871ec030, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff872cea88, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff871ec030, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff870cded0, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff870d3558, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Read File: File "c:\documents and settings\all users\application data\avg2014\chjw\24285c9f285c7232.dat:3cdbf64e-62f1-4f3b-b889-7c04926e4c6e" is sparse (flags = 32768)
    Read File: File "c:\documents and settings\all users\application data\avg2014\chjw\24285c9f285c7232.dat:40109906-fac1-4f02-b225-f61bb53f2524" is sparse (flags = 32768)
    Read File: File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. bgc

    bgc Established Techie7 Member

    Combofix Log:

    ComboFix 14-06-10.01 - Administrator 06/10/2014 17:07:20.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.626 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\My Documents\~WRL0078.tmp
    c:\documents and settings\Administrator\My Documents\~WRL0128.tmp
    c:\documents and settings\Administrator\My Documents\~WRL0391.tmp
    c:\documents and settings\Administrator\My Documents\~WRL0415.tmp
    c:\documents and settings\Administrator\My Documents\~WRL0734.tmp
    c:\documents and settings\Administrator\My Documents\~WRL0903.tmp
    c:\documents and settings\Administrator\My Documents\~WRL1258.tmp
    c:\documents and settings\Administrator\My Documents\~WRL1390.tmp
    c:\documents and settings\Administrator\My Documents\~WRL2696.tmp
    c:\documents and settings\Administrator\My Documents\~WRL2769.tmp
    c:\documents and settings\Administrator\My Documents\~WRL3081.tmp
    c:\documents and settings\Administrator\My Documents\~WRL3085.tmp
    c:\documents and settings\Administrator\My Documents\~WRL3237.tmp
    c:\documents and settings\Administrator\My Documents\~WRL3285.tmp
    c:\documents and settings\Administrator\My Documents\~WRL3315.tmp
    c:\documents and settings\Administrator\My Documents\~WRL3838.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-05-11 to 2014-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2014-06-09 23:37 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6AE30B4F-D330-4AD2-BD01-93C621D22A4F}\mpengine.dll
    2014-06-05 04:04 . 2014-06-09 19:53 -------- d-----w- C:\FRST
    2014-06-03 19:52 . 2014-06-10 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-06-03 19:52 . 2014-06-10 04:53 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-06-03 19:48 . 2014-06-03 21:24 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-06-01 03:46 . 2014-06-10 03:34 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-06-01 03:46 . 2014-06-01 03:46 -------- d-----w- C:\Documents
    2014-06-01 03:46 . 2014-06-01 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-18 22:02 . 2013-09-02 17:28 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-03-31 23:11 . 2013-08-01 23:08 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-03-31 23:11 . 2013-08-21 05:54 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2014-03-28 05:15 . 2013-09-02 17:39 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2014-03-28 05:14 . 2013-09-26 03:57 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2014-03-28 05:04 . 2013-09-02 17:28 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-03-28 05:04 . 2013-09-02 17:28 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2014-03-28 05:03 . 2013-09-09 05:12 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2014-03-28 05:03 . 2013-09-11 05:11 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
    "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-02-01 26264]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/2/2013 10:28 AM 150296]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/2/2013 10:28 AM 238872]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/8/2013 10:12 PM 28440]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 8:57 PM 123160]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/2/2013 10:28 AM 199960]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 10:11 PM 22296]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/2/2013 10:39 AM 193304]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 4:08 PM 211224]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [3/27/2014 10:10 PM 291912]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [4/18/2014 3:22 PM 3645456]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/3/2014 12:48 PM 52312]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-06-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
    .
    2014-06-10 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2004-11-01 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://duckduckgo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {DA684E88-66C9-4CD4-9AD1-0E643D8F3107} - hxxp://eoscount.com/eoscount_xp.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ybkd31d.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AVG-Secure-Search-Update_1113a - c:\documents and settings\Administrator\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-06-10 17:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-63185453-221474574-1068240499-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,ac,8c,cd,bf,80,75,41,8c,bc,39,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,67,e7,dd,d3,af,c5,44,a6,b6,90,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,ac,8c,cd,bf,80,75,41,8c,bc,39,\
    .
    Completion time: 2014-06-10 17:20:45
    ComboFix-quarantined-files.txt 2014-06-11 00:20
    .
    Pre-Run: 18,172,104,704 bytes free
    Post-Run: 18,582,761,472 bytes free
    .
    - - End Of File - - F33BF06FBAE790FD144F90041B1B48B0
    8F558EB6672622401DA993E1E865C861
     
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    Combofix log looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. bgc

    bgc Established Techie7 Member

    Logs:



    # AdwCleaner v3.212 - Report created 10/06/2014 at 18:25:00

    # Updated 05/06/2014 by Xplode

    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    # Username : Administrator - HOMESALE

    # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.212.exe

    # Option : Clean



    ***** [ Services ] *****





    ***** [ Files / Folders ] *****



    Folder Deleted : C:\Program Files\Conduit

    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit



    ***** [ Shortcuts ] *****





    ***** [ Registry ] *****



    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    Key Deleted : HKCU\Software\AVG SafeGuard toolbar

    Key Deleted : HKCU\Software\Conduit

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

    Key Deleted : HKLM\Software\AVG SafeGuard toolbar

    Key Deleted : HKLM\Software\AVG Security Toolbar

    Key Deleted : HKLM\Software\Conduit



    ***** [ Browsers ] *****



    -\\ Internet Explorer v8.0.6001.18702





    -\\ Mozilla Firefox v29.0.1 (en-US)



    [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ybkd31d.default\prefs.js ]





    *************************



    AdwCleaner[R0].txt - [1706 octets] - [10/06/2014 18:22:24]

    AdwCleaner[S0].txt - [1653 octets] - [10/06/2014 18:25:00]



    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1713 octets] ##########







    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.1.4 (04.06.2014:1)

    OS: Microsoft Windows XP x86

    Ran by Administrator on Tue 06/10/2014 at 18:33:29.01

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









    ~~~ Services







    ~~~ Registry Values



    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL







    ~~~ Registry Keys







    ~~~ Files







    ~~~ Folders











    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Tue 06/10/2014 at 18:43:40.60

    End of JRT log





    OTL logfile created on: 6/10/2014 7:44:07 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


    1022.99 Mb Total Physical Memory | 639.15 Mb Available Physical Memory | 62.48% Memory free

    2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.45% Paging File free

    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]


    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 37.27 Gb Total Space | 17.29 Gb Free Space | 46.40% Space Free | Partition Type: NTFS

    Drive E: | 19.41 Gb Total Space | 9.75 Gb Free Space | 50.22% Space Free | Partition Type: NTFS


    Computer Name: HOMESALE | User Name: Administrator | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


    ========== Processes (SafeList) ==========


    PRC - [2014/06/10 18:20:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe

    PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe

    PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

    PRC - [2012/01/31 17:10:10 | 000,026,264 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe

    PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

    PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE



    ========== Modules (No Company Name) ==========


    MOD - [2013/05/14 03:37:42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll

    MOD - [2013/05/14 03:37:28 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll

    MOD - [2013/05/14 03:37:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll

    MOD - [2013/05/14 03:37:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll

    MOD - [2013/05/14 03:37:06 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

    MOD - [2013/05/14 03:36:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll



    ========== Services (SafeList) ==========


    SRV - [2014/05/28 13:30:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

    SRV - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

    SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

    SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

    SRV - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)

    SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)



    ========== Driver Services (SafeList) ==========


    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)

    DRV - [2014/06/03 14:24:29 | 000,052,312 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

    DRV - [2014/04/18 15:02:04 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

    DRV - [2014/03/31 16:11:58 | 000,211,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

    DRV - [2014/03/31 16:11:50 | 000,108,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

    DRV - [2014/03/27 22:15:18 | 000,193,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

    DRV - [2014/03/27 22:14:40 | 000,123,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)

    DRV - [2014/03/27 22:04:22 | 000,150,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

    DRV - [2014/03/27 22:04:02 | 000,238,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

    DRV - [2014/03/27 22:03:22 | 000,028,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

    DRV - [2014/03/27 22:03:20 | 000,022,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

    DRV - [2007/04/13 03:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)

    DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

    DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

    DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

    DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

    DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

    DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

    DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

    DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

    DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

    DRV - [2004/08/03 22:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

    DRV - [2002/10/15 15:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

    DRV - [2001/12/10 18:29:42 | 000,017,101 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)



    ========== Standard Registry (SafeList) ==========



    ========== Internet Explorer ==========


    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC



    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-63185453-221474574-1068240499-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/

    IE - HKU\S-1-5-21-63185453-221474574-1068240499-500\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-63185453-221474574-1068240499-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

    IE - HKU\S-1-5-21-63185453-221474574-1068240499-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========


    FF - prefs.js..browser.search.update: false

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1

    FF - user.js - File not found


    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


    [2013/02/11 18:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

    [2014/05/28 13:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

    [2014/05/28 13:31:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


    O1 HOSTS File: ([2014/06/10 17:17:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)

    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

    O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)

    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-63185453-221474574-1068240499-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-63185453-221474574-1068240499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-63185453-221474574-1068240499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-21-63185453-221474574-1068240499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)

    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://navigatela.lacity.org/download/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194646323811 (WUWebControl Class)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194646358889 (MUWebControl Class)

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {DA684E88-66C9-4CD4-9AD1-0E643D8F3107} http://eoscount.com/eoscount_xp.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB14E2D-3C89-4C45-B2D2-A7C01379D391}: DhcpNameServer = 192.168.1.1

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2007/11/09 12:40:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2006/02/07 10:01:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


    ========== Files/Folders - Created Within 30 Days ==========


    [2014/06/10 18:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

    [2014/06/10 18:22:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner

    [2014/06/10 18:20:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    [2014/06/10 18:19:06 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe

    [2014/06/10 17:04:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2014/06/10 17:04:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2014/06/10 17:04:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2014/06/10 17:04:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2014/06/10 17:04:22 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2014/06/10 16:52:53 | 005,205,915 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

    [2014/06/04 21:04:26 | 000,000,000 | ---D | C] -- C:\FRST

    [2014/06/03 12:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

    [2014/06/03 12:52:36 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

    [2014/06/03 12:48:37 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

    [2014/06/03 12:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mbar

    [2014/05/31 20:46:52 | 000,000,000 | ---D | C] -- C:\Documents

    [2014/05/31 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller

    [2014/05/28 13:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

    [2014/05/26 18:49:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent


    ========== Files - Modified Within 30 Days ==========


    [2014/06/10 19:41:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003 (2).lnk

    [2014/06/10 18:38:28 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

    [2014/06/10 18:29:52 | 000,000,494 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini

    [2014/06/10 18:29:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2014/06/10 18:28:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

    [2014/06/10 18:28:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2014/06/10 18:20:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    [2014/06/10 18:19:14 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe

    [2014/06/10 18:17:40 | 001,333,465 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.212.exe

    [2014/06/10 17:17:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

    [2014/06/10 16:52:53 | 005,205,915 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

    [2014/06/09 21:53:30 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

    [2014/06/09 20:34:06 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

    [2014/06/03 14:24:29 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

    [2014/06/03 13:51:26 | 000,439,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2014/06/03 13:51:26 | 000,070,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2014/06/03 13:45:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2014/06/03 12:47:38 | 000,000,078 | ---- | M] () -- C:\WINDOWS\System32\hnjycqx.ljm

    [2014/06/03 08:36:26 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2014/05/31 20:42:36 | 004,668,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe

    [2014/05/14 00:55:44 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk


    ========== Files Created - No Company Name ==========


    [2014/06/10 18:17:30 | 001,333,465 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.212.exe

    [2014/06/10 17:04:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2014/06/10 17:04:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2014/06/10 17:04:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2014/06/10 17:04:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2014/06/10 17:04:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2014/05/31 20:46:54 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

    [2014/05/31 20:42:00 | 004,668,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe

    [2014/04/10 12:13:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2013/03/10 20:56:08 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini

    [2012/12/02 14:37:54 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

    [2012/12/02 14:37:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

    [2012/12/02 14:37:10 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

    [2012/04/22 14:31:14 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat

    [2008/12/06 23:37:33 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2008/09/10 07:24:51 | 000,001,092 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol


    ========== ZeroAccess Check ==========


    [2007/11/19 16:50:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both


    ========== LOP Check ==========


    [2012/04/22 14:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012

    [2013/11/02 16:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2014

    [2014/01/25 18:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox

    [2014/01/25 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DropboxMaster

    [2009/09/25 21:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech

    [2012/10/17 00:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Marshall Day Acoustics

    [2012/07/12 19:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle

    [2013/11/02 16:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software

    [2012/05/05 08:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

    [2014/03/28 16:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014

    [2011/12/03 08:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

    [2014/06/10 04:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

    [2014/06/10 18:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

    [2014/05/31 20:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller

    [2008/09/11 15:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos

    [2013/11/26 09:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software


    ========== Purity Check ==========




    ========== Alternate Data Streams ==========


    @Alternate Data Stream - 1650568 bytes -> C:\Documents and Settings\Administrator\Local Settings:init



    < End of report >





    OTL Extras logfile created on: 6/10/2014 7:44:07 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


    1022.99 Mb Total Physical Memory | 639.15 Mb Available Physical Memory | 62.48% Memory free

    2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.45% Paging File free

    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]


    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 37.27 Gb Total Space | 17.29 Gb Free Space | 46.40% Space Free | Partition Type: NTFS

    Drive E: | 19.41 Gb Total Space | 9.75 Gb Free Space | 50.22% Space Free | Partition Type: NTFS


    Computer Name: HOMESALE | User Name: Administrator | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


    ========== Extra Registry (SafeList) ==========



    ========== File Associations ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l


    [HKEY_USERS\S-1-5-21-63185453-221474574-1068240499-500\SOFTWARE\Classes\<extension>]

    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


    ========== Shell Spawning ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    exefile [open] -- "%1" %*

    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [GPStamper] -- "C:\Program Files\GPStamper\gpstamper.exe" "%1" ()

    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


    ========== Security Center Settings ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "AntiVirusDisableNotify" = 0

    "FirewallDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    "AntiVirusOverride" = 0

    "FirewallOverride" = 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


    ========== System Restore Settings ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

    "DisableSR" = 0


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

    "Start" = 0


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

    "Start" = 2


    ========== Firewall Settings ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 0


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


    ========== Authorized Applications List ==========


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)



    ========== HKEY_LOCAL_MACHINE Uninstall List ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA

    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    "{2477B5FC-A1E0-411A-BF19-4D5C81A2603A}" = HP Deskjet 3000 J310 series Basic Device Software

    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5

    "{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005

    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

    "{3A412339-B0AB-4772-8563-3AD05F04D8FC}" = Insul7.0

    "{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client

    "{4FD60DA7-3BC9-4D9A-BC15-9C53D1283709}" = AVG 2014

    "{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Help

    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

    "{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}" = Polaroid Dust and Scratch Removal v1.0.0.15.2e

    "{7F1AD376-F6A0-4C2D-B93B-6FECC45620D2}" = AVG 2014

    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

    "{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver

    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables

    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

    "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

    "{DA6E383F-F09F-4CCF-8F42-1526F4826E52}_is1" = PhotoStamp 4.7.1.0

    "{E23446FB-3D0A-4028-8CDC-27D592727E55}_is1" = GPStamper 4.2.0.6

    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

    "96c7f2a82b0c6a2ce4b0ca95e1002af0" = Sybase Adaptive Server Enterprise PC Client

    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

    "AVG" = AVG 2014

    "Batch Thumbs 1.7" = Batch Thumbs 1.7

    "CCleaner" = CCleaner

    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

    "ie7" = Windows Internet Explorer 7

    "ie8" = Windows Internet Explorer 8

    "Info Center_is1" = Info Center 1.0.0.10

    "InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    "Microsoft Security Client" = Microsoft Security Essentials

    "Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)

    "MozillaMaintenanceService" = Mozilla Maintenance Service

    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

    "Nikon Scan 1.6" = Nikon Scan 1.6

    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

    "WIC" = Windows Imaging Component

    "Windows Media Format Runtime" = Windows Media Format 11 runtime

    "Windows Media Player" = Windows Media Player 11

    "Windows XP Service Pack" = Windows XP Service Pack 3

    "WMFDist11" = Windows Media Format 11 runtime

    "wmp11" = Windows Media Player 11

    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0


    ========== HKEY_USERS Uninstall List ==========


    [HKEY_USERS\S-1-5-21-63185453-221474574-1068240499-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Dropbox" = Dropbox


    ========== Last 20 Event Log Errors ==========


    [ Application Events ]

    Error - 4/28/2014 9:58:42 PM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 4/28/2014 9:58:44 PM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 4/30/2014 10:41:17 AM | Computer Name = HOMESALE | Source = Microsoft Office 11 | ID = 2001

    Description =


    Error - 5/27/2014 2:15:46 AM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application WINWORD.EXE, version 11.0.8350.0, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 5/27/2014 11:39:04 PM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application WINWORD.EXE, version 11.0.8350.0, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 6/3/2014 11:40:59 AM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application WINWORD.EXE, version 11.0.8350.0, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 6/3/2014 11:41:58 AM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application WINWORD.EXE, version 11.0.8350.0, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 6/3/2014 5:31:41 PM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    Error - 6/10/2014 8:12:43 PM | Computer Name = HOMESALE | Source = crypt32 | ID = 131080

    Description = Failed auto update retrieval of third-party root list sequence number

    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

    with error: A connection with the server could not be established


    Error - 6/10/2014 9:13:47 PM | Computer Name = HOMESALE | Source = Application Hang | ID = 1002

    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.


    [ System Events ]

    Error - 6/10/2014 9:21:41 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:21:41 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:14 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:14 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:14 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:14 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:14 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:15 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 9:22:15 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058


    Error - 6/10/2014 10:29:45 PM | Computer Name = HOMESALE | Source = Service Control Manager | ID = 7001

    Description = The Remote Access Connection Manager service depends on the Telephony

    service which failed to start because of the following error: %%1058



    < End of report >
     
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {DA684E88-66C9-4CD4-9AD1-0E643D8F3107} http://eoscount.com/eoscount_xp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 1650568 bytes -> C:\Documents and Settings\Administrator\Local Settings:init
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. bgc

    bgc Established Techie7 Member

    More logs:

    All processes killed
    ========== OTL ==========
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {DA684E88-66C9-4CD4-9AD1-0E643D8F3107}
    C:\WINDOWS\Downloaded Program Files\EOSCount_XP.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA684E88-66C9-4CD4-9AD1-0E643D8F3107}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA684E88-66C9-4CD4-9AD1-0E643D8F3107}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{DA684E88-66C9-4CD4-9AD1-0E643D8F3107}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DA684E88-66C9-4CD4-9AD1-0E643D8F3107}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA684E88-66C9-4CD4-9AD1-0E643D8F3107}\ not found.
    ADS C:\Documents and Settings\Administrator\Local Settings:init deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\FRST\Quarantine\C\WINDOWS\system32\dllcache folder moved successfully.
    Folder move failed. C:\FRST\Quarantine\C\WINDOWS\system32 scheduled to be moved on reboot.
    Folder move failed. C:\FRST\Quarantine\C\WINDOWS scheduled to be moved on reboot.
    C:\FRST\Quarantine\C\Program Files\Google\Desktop\Install folder moved successfully.
    C:\FRST\Quarantine\C\Program Files\Google\Desktop folder moved successfully.
    C:\FRST\Quarantine\C\Program Files\Google folder moved successfully.
    C:\FRST\Quarantine\C\Program Files folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Google folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings\Administrator folder moved successfully.
    C:\FRST\Quarantine\C\Documents and Settings folder moved successfully.
    Folder move failed. C:\FRST\Quarantine\C scheduled to be moved on reboot.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: Administrator
    ->Temp folder emptied: 2188678 bytes
    ->Temporary Internet Files folder emptied: 8169592 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 71890761 bytes
    ->Flash cache emptied: 8773040 bytes
    User: All Users
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes
    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 295046 bytes
    ->Flash cache emptied: 0 bytes
    User: NetworkService
    ->Temp folder emptied: 5178 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 219160 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 0 bytes
    Total Files Cleaned = 87.00 mb
    [EMPTYJAVA]
    User: Administrator
    ->Java cache emptied: 0 bytes
    User: All Users
    User: Default User
    User: LocalService
    User: NetworkService
    ->Java cache emptied: 0 bytes
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: Administrator
    ->Flash cache emptied: 0 bytes
    User: All Users
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: LocalService
    ->Flash cache emptied: 0 bytes
    User: NetworkService
    ->Flash cache emptied: 0 bytes
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 06102014_221112
    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine\C\WINDOWS\system32 not found!
    File\Folder C:\FRST\Quarantine\C\WINDOWS not found!
    File\Folder C:\FRST\Quarantine\C not found!
    File\Folder C:\FRST\Quarantine not found!
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.84
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2014
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    JavaFX 2.1.1
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Reader 8 Adobe Reader out of Date!
    Mozilla Firefox (29.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 6%
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 10-06-2014
    Ran by Administrator (administrator) on 10-06-2014 at 22:34:18
    Running from "C:\Documents and Settings\Administrator\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Other Services:
    ==============
    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    Extra List:
    =======
    Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) Tcpip(4)
    0x0A00000005000000010000000200000003000000040000005600000008000000090000000600000007000000
    IpSec Tag value is correct.
    **** End of log ****


    C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50\532d7cf2-45eeb2c6 Java/Exploit.Agent.QXB trojancleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6\2091c2c6-59394bb2 Java/Exploit.Agent.NOF trojancleaned by deleting - quarantined
    C:\System Volume Information\_restore{989A3549-8FBC-458B-AFFD-C1637E7ADE3D}\RP1373\A0102828.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\System Volume Information\_restore{989A3549-8FBC-458B-AFFD-C1637E7ADE3D}\RP1373\A0102829.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\_OTL\MovedFiles\06102014_221112\C_FRST\Quarantine\C\WINDOWS\system32\rpcss.dll.xBAD Win32/Patched.IB trojan cleaned - quarantined
    C:\_OTL\MovedFiles\06102014_221112\C_FRST\Quarantine\C\WINDOWS\system32\dllcache\rpcss.dll.xBAD Win32/Patched.IB trojan cleaned – quarantined
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Update Firefox to the current 30.0 version.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ======================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  15. bgc

    bgc Established Techie7 Member

    Thanks for you help.

    Computer starts as normal. I found Filehippo caused the computer to run slow. Computer is still slow after removing Filehippo. Bing has become a default screen if a web address is misspelled ie, with Internet Explorer browser: nasa.gov goes to Bing, wwwDOTnasaDOTgov goes to NASA, wwwDOTnasaDOTcom goes to http://feed04.flexxieDOTcom. Firefox browser does not forward to Bing - it goes to NASA.

    As I type this message there as a delay before the word appears on the screen. Should I post logs below or, start new topic?

    Thanks
     
  16. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    What logs would you like to post?

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    You can use ANY browser to download "FixIt" file.
    Make sure you follow ALL steps listed there.
     
  17. bgc

    bgc Established Techie7 Member

    In my first post I wrote that my computer was running painfully slow and posted Malwarebytes and DDS logs. I posted additional logs as the system cleaning progressed. Zekos and whatever else was there is apparently gone and the computer is faster than on May 31. For the past 4-5 days I have noticed the computer is faster but, not as fast as it has been, there is occasionally lag time from typing to appearance on screen and the default to a Bing search page in Internet Explorer when Bing is blocked.

    What log would I like to post?

    Whatever log of an application that might indicate why the computer has the above symptoms. Is there nothing further to check?

    Thanks.
     
  18. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-read my previous reply and reset IE.
     
  19. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    The issue seems to be resolved.
     
  20. bgc

    bgc Established Techie7 Member

    Confirmed. Resolved. Thank you very much.