Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Detected Viruses on My Computer


  • Please log in to reply
14 replies to this topic

#1 therpizz

therpizz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 May 2017 - 05:36 PM

Hello,

 

Please help! Just ran a scan on Avira and it detected 6 viruses/trojans on my computer. I am running on Windows XP (yes, I am aware that this operating system is outdated). I am not very tech-savvy so I do not know what to do. Any help would be greatly appreciated! Thank you very much! I will attach the report from Avira below:

 


Free Antivirus
Report file date: Wednesday, May 24, 2017  15:16


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Microsoft Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : Compaq_Administrator
Computer name   : COMPAQ

Version information:
build.dat       : 15.0.19.164    92923 Bytes   8/18/2016 15:52:00
AVSCAN.EXE      : 15.0.19.163  1271904 Bytes   8/18/2016 23:52:01
AVSCANRC.DLL    : 15.0.19.153    56992 Bytes   8/18/2016 23:52:01
LUKE.DLL        : 15.0.19.153    68864 Bytes   8/18/2016 23:52:04
AVSCPLR.DLL     : 15.0.19.163   132760 Bytes   8/18/2016 23:52:01
REPAIR.DLL      : 15.0.19.163   678624 Bytes   8/18/2016 23:52:01
repair.rdf      : 1.0.19.32    1723833 Bytes    5/3/2017 19:04:38
AVREG.DLL       : 15.0.19.163   354168 Bytes   8/18/2016 23:52:01
avlode.dll      : 15.0.19.163   735304 Bytes   8/18/2016 23:52:00
avlode.rdf      : 14.0.5.42     101832 Bytes    5/3/2017 19:04:34
XBV00003.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:04
XBV00004.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00005.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00006.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00007.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00008.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00009.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00010.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00011.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00012.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00013.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:05
XBV00014.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00015.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00016.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00017.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00018.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00019.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00020.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00021.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00022.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00023.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:06
XBV00024.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:07
XBV00025.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:07
XBV00026.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:07
XBV00027.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:07
XBV00028.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:07
XBV00029.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:07
XBV00030.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00031.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00032.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00033.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00034.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00035.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00036.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00037.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00038.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00039.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00040.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:08
XBV00041.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:09
XBV00110.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00111.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00112.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00113.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00114.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00115.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00116.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00117.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:47
XBV00118.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00119.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00120.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00121.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00122.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00123.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00124.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00125.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:48
XBV00126.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00127.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00128.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00129.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00130.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00131.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00132.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00133.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:49
XBV00134.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00135.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00136.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00137.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00138.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00139.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00140.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:50
XBV00141.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:51
XBV00142.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:51
XBV00143.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:51
XBV00144.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:51
XBV00145.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:51
XBV00146.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:51
XBV00147.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00148.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00149.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00150.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00151.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00152.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00153.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00154.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:52
XBV00155.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00156.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00157.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00158.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00159.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00160.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00161.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00162.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:53
XBV00163.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:54
XBV00164.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:54
XBV00165.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:54
XBV00166.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:54
XBV00167.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:54
XBV00168.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00169.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00170.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00171.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00172.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00173.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00174.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:55
XBV00175.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00176.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00177.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00178.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00179.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00180.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00181.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00182.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00183.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:56
XBV00184.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:57
XBV00185.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:57
XBV00186.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:57
XBV00187.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:57
XBV00188.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:58
XBV00189.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:58
XBV00190.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:58
XBV00191.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:58
XBV00192.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:58
XBV00193.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:59
XBV00194.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:59
XBV00195.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:59
XBV00196.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:59
XBV00197.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:59
XBV00198.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:14:59
XBV00199.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:00
XBV00200.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:00
XBV00201.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:00
XBV00202.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:00
XBV00203.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:00
XBV00204.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:00
XBV00205.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:01
XBV00206.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:01
XBV00207.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:01
XBV00208.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:01
XBV00209.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:02
XBV00210.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:02
XBV00211.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:02
XBV00212.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:02
XBV00213.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:02
XBV00214.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:02
XBV00215.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:03
XBV00216.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:03
XBV00217.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:03
XBV00218.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:03
XBV00219.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00220.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00221.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00222.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00223.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00224.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00225.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:04
XBV00226.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00227.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00228.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00229.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00230.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00231.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00232.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:05
XBV00233.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:08
XBV00234.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:09
XBV00235.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:09
XBV00236.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:10
XBV00237.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:10
XBV00238.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:11
XBV00239.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:11
XBV00240.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:12
XBV00241.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:12
XBV00242.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:12
XBV00243.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:13
XBV00244.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:13
XBV00245.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:14
XBV00246.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:14
XBV00247.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:14
XBV00248.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:14
XBV00249.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:14
XBV00250.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:15
XBV00251.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:15
XBV00252.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:16
XBV00253.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:16
XBV00254.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:17
XBV00255.VDF    : 8.14.1.166      2048 Bytes   4/25/2017 19:15:17
XBV00000.VDF    : 7.14.1.132  155588096 Bytes   4/25/2017 19:13:59
XBV00001.VDF    : 7.14.1.133      2048 Bytes   4/25/2017 19:14:04
XBV00002.VDF    : 7.14.1.134      2048 Bytes   4/25/2017 19:14:04
XBV00042.VDF    : 8.14.1.166   7377920 Bytes   4/25/2017 19:14:32
XBV00043.VDF    : 8.14.1.186      2048 Bytes   4/25/2017 19:14:32
XBV00044.VDF    : 8.14.1.190      3072 Bytes   4/25/2017 19:14:32
XBV00045.VDF    : 8.14.1.192      2048 Bytes   4/25/2017 19:14:33
XBV00046.VDF    : 8.14.1.194      2048 Bytes   4/25/2017 19:14:33
XBV00047.VDF    : 8.14.1.196      2048 Bytes   4/25/2017 19:14:33
XBV00048.VDF    : 8.14.1.200     22016 Bytes   4/26/2017 19:14:33
XBV00049.VDF    : 8.14.2.40       2048 Bytes   4/26/2017 19:14:33
XBV00050.VDF    : 8.14.2.42       2048 Bytes   4/26/2017 19:14:33
XBV00051.VDF    : 8.14.2.44     135168 Bytes   4/26/2017 19:14:34
XBV00052.VDF    : 8.14.2.46     111616 Bytes   4/26/2017 19:14:34
XBV00053.VDF    : 8.14.2.48      82432 Bytes   4/26/2017 19:14:35
XBV00054.VDF    : 8.14.2.68     122368 Bytes   4/26/2017 19:14:35
XBV00055.VDF    : 8.14.2.112    168960 Bytes   4/27/2017 19:14:36
XBV00056.VDF    : 8.14.2.132     35840 Bytes   4/27/2017 19:14:36
XBV00057.VDF    : 8.14.2.152     23552 Bytes   4/27/2017 19:14:36
XBV00058.VDF    : 8.14.2.154     16384 Bytes   4/27/2017 19:14:37
XBV00059.VDF    : 8.14.2.160     24576 Bytes   4/27/2017 19:14:37
XBV00060.VDF    : 8.14.2.162     14848 Bytes   4/27/2017 19:14:37
XBV00061.VDF    : 8.14.2.164     14336 Bytes   4/27/2017 19:14:37
XBV00062.VDF    : 8.14.2.166     13824 Bytes   4/27/2017 19:14:37
XBV00063.VDF    : 8.14.2.170    100864 Bytes   4/28/2017 19:14:37
XBV00064.VDF    : 8.14.2.190     34304 Bytes   4/28/2017 19:14:38
XBV00065.VDF    : 8.14.2.208      7168 Bytes   4/28/2017 19:14:38
XBV00066.VDF    : 8.14.2.226      2048 Bytes   4/28/2017 19:14:38
XBV00067.VDF    : 8.14.2.244     36352 Bytes   4/28/2017 19:14:38
XBV00068.VDF    : 8.14.3.6       14336 Bytes   4/28/2017 19:14:38
XBV00069.VDF    : 8.14.3.24       7168 Bytes   4/28/2017 19:14:38
XBV00070.VDF    : 8.14.3.42      16896 Bytes   4/28/2017 19:14:39
XBV00071.VDF    : 8.14.3.44      17408 Bytes   4/28/2017 19:14:39
XBV00072.VDF    : 8.14.3.46      14848 Bytes   4/28/2017 19:14:39
XBV00073.VDF    : 8.14.3.52     206336 Bytes   4/29/2017 19:14:40
XBV00074.VDF    : 8.14.3.54      27648 Bytes   4/29/2017 19:14:40
XBV00075.VDF    : 8.14.3.56      16896 Bytes   4/29/2017 19:14:40
XBV00076.VDF    : 8.14.3.58       8192 Bytes   4/29/2017 19:14:40
XBV00077.VDF    : 8.14.3.60     138752 Bytes   4/30/2017 19:14:41
XBV00078.VDF    : 8.14.3.62      11776 Bytes   4/30/2017 19:14:41
XBV00079.VDF    : 8.14.3.66       2048 Bytes   4/30/2017 19:14:41
XBV00080.VDF    : 8.14.3.68      23040 Bytes   4/30/2017 19:14:42
XBV00081.VDF    : 8.14.3.70      14848 Bytes   4/30/2017 19:14:42
XBV00082.VDF    : 8.14.3.72     120832 Bytes    5/1/2017 19:14:42
XBV00083.VDF    : 8.14.3.90       4608 Bytes    5/1/2017 19:14:42
XBV00084.VDF    : 8.14.3.108     15872 Bytes    5/1/2017 19:14:43
XBV00085.VDF    : 8.14.3.126     10752 Bytes    5/1/2017 19:14:43
XBV00086.VDF    : 8.14.3.144      9728 Bytes    5/1/2017 19:14:43
XBV00087.VDF    : 8.14.3.146      6656 Bytes    5/1/2017 19:14:43
XBV00088.VDF    : 8.14.3.148    102912 Bytes    5/2/2017 19:14:43
XBV00089.VDF    : 8.14.3.150      9728 Bytes    5/2/2017 19:14:43
XBV00090.VDF    : 8.14.3.152     10752 Bytes    5/2/2017 19:14:44
XBV00091.VDF    : 8.14.3.154     12800 Bytes    5/2/2017 19:14:44
XBV00092.VDF    : 8.14.3.156     30720 Bytes    5/2/2017 19:14:44
XBV00093.VDF    : 8.14.3.158     31232 Bytes    5/2/2017 19:14:44
XBV00094.VDF    : 8.14.3.160      7168 Bytes    5/2/2017 19:14:44
XBV00095.VDF    : 8.14.3.162     14336 Bytes    5/2/2017 19:14:44
XBV00096.VDF    : 8.14.3.164      2048 Bytes    5/2/2017 19:14:45
XBV00097.VDF    : 8.14.3.166     36352 Bytes    5/2/2017 19:14:45
XBV00098.VDF    : 8.14.3.168      8704 Bytes    5/2/2017 19:14:45
XBV00099.VDF    : 8.14.3.172    110592 Bytes    5/3/2017 19:14:45
XBV00100.VDF    : 8.14.3.174     10752 Bytes    5/3/2017 19:14:45
XBV00101.VDF    : 8.14.3.176      7680 Bytes    5/3/2017 19:14:45
XBV00102.VDF    : 8.14.3.178      7168 Bytes    5/3/2017 19:14:46
XBV00103.VDF    : 8.14.3.180     10752 Bytes    5/3/2017 19:14:46
XBV00104.VDF    : 8.14.3.182     16384 Bytes    5/3/2017 19:14:46
XBV00105.VDF    : 8.14.3.184     24576 Bytes    5/3/2017 19:14:46
XBV00106.VDF    : 8.14.3.186     10240 Bytes    5/3/2017 19:14:46
XBV00107.VDF    : 8.14.3.188     10752 Bytes    5/3/2017 19:14:46
XBV00108.VDF    : 8.14.3.190     14848 Bytes    5/3/2017 19:14:46
XBV00109.VDF    : 8.14.3.194     21504 Bytes    5/3/2017 19:14:46
LOCAL000.VDF    : 8.14.3.194  170144768 Bytes    5/3/2017 19:21:45
Engine version  : 8.3.44.52
AEBB.DLL        : 8.1.3.0        59296 Bytes   8/18/2016 23:51:59
AECORE.DLL      : 8.3.12.8      262328 Bytes    5/3/2017 19:15:17
AECRYPTO.DLL    : 8.2.1.0       129904 Bytes    5/3/2017 19:15:42
AEDROID.DLL     : 8.4.3.392    2746280 Bytes    5/3/2017 19:15:45
AEEMU.DLL       : 8.1.3.8       404328 Bytes   8/18/2016 23:51:59
AEEXP.DLL       : 8.4.4.4       333728 Bytes    5/3/2017 19:15:41
AEGEN.DLL       : 8.1.8.322     678648 Bytes    5/3/2017 19:15:18
AEHELP.DLL      : 8.3.2.12      284584 Bytes    5/3/2017 19:15:19
AEHEUR.DLL      : 8.1.4.2840  11041520 Bytes    5/3/2017 19:15:33
AELIBINF.DLL    : 8.2.1.4        68464 Bytes   8/18/2016 23:51:59
AEMOBILE.DLL    : 8.1.18.4      346872 Bytes    5/3/2017 19:15:46
AEOFFICE.DLL    : 8.3.7.4       614096 Bytes    5/3/2017 19:15:34
AEPACK.DLL      : 8.4.2.58      835856 Bytes    5/3/2017 19:15:35
AERDL.DLL       : 8.2.1.54      813808 Bytes    5/3/2017 19:15:37
AESBX.DLL       : 8.2.22.10    1665568 Bytes    5/3/2017 19:15:40
AESCN.DLL       : 8.3.4.8       152768 Bytes    5/3/2017 19:15:37
AESCRIPT.DLL    : 8.3.2.142     885728 Bytes    5/3/2017 19:15:38
AEVDF.DLL       : 8.3.3.4       142184 Bytes   8/18/2016 23:51:59
AVWINLL.DLL     : 15.0.19.153    29200 Bytes   8/18/2016 23:52:02
AVPREF.DLL      : 15.0.19.153    55456 Bytes   8/18/2016 23:52:01
AVREP.DLL       : 15.0.19.153   223400 Bytes   8/18/2016 23:52:01
AVARKT.DLL      : 15.0.19.153   230544 Bytes   8/18/2016 23:52:00
SQLITE3.DLL     : 15.0.19.153   461264 Bytes   8/18/2016 23:52:05
AVSMTP.DLL      : 15.0.19.153    81712 Bytes   8/18/2016 23:52:02
NETNT.DLL       : 15.0.19.153    18392 Bytes   8/18/2016 23:52:05
CommonImageRc.dll: 15.0.19.153  4307808 Bytes   8/18/2016 23:52:05
CommonTextRc.dll: 15.0.19.153    69376 Bytes   8/18/2016 23:52:05

Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files\Avira\Antivirus\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Skipped files.......................:

Start of the scan: Wednesday, May 24, 2017  15:16

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'plugin-container.exe' - '103' Module(s) have been scanned
Scan process 'firefox.exe' - '158' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '106' Module(s) have been scanned
Scan process 'avcenter.exe' - '114' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '14' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '33' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '31' Module(s) have been scanned
Scan process 'avira_system_speedup.tmp' - '26' Module(s) have been scanned
Scan process 'avira_system_speedup.exe' - '23' Module(s) have been scanned
Scan process 'DiscStreamHub.exe' - '87' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '15' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '63' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '50' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '152' Module(s) have been scanned
Scan process 'ehmsas.exe' - '22' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '30' Module(s) have been scanned
Scan process 'wlan111t.exe' - '43' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '127' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '19' Module(s) have been scanned
Scan process 'ycommon.exe' - '46' Module(s) have been scanned
Scan process 'avgnt.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '65' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'KBD.EXE' - '63' Module(s) have been scanned
Scan process 'DISCover.exe' - '54' Module(s) have been scanned
Scan process 'ybrwicon.exe' - '29' Module(s) have been scanned
Scan process 'MDM.EXE' - '21' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '50' Module(s) have been scanned
Scan process 'ARPWRMSG.EXE' - '14' Module(s) have been scanned
Scan process 'ehtray.exe' - '45' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '16' Module(s) have been scanned
Scan process 'ehSched.exe' - '21' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '44' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '29' Module(s) have been scanned
Scan process 'arservice.exe' - '24' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '58' Module(s) have been scanned
Scan process 'avguard.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '73' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'Explorer.EXE' - '91' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '177' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1854' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe
    [0] Archive type: NSIS
    --> Object
        [DETECTION] Contains patterns of software PUA/OpenCandy.Gen
        [WARNING]   Infected files in archives cannot be repaired
C:\Program Files\Online Services\PeoplePC\BartShel.exe
  [DETECTION] Is the TR/Crypt.ZPACK.Gen7 Trojan
C:\Program Files\Online Services\PeoplePC\Browser\BartShel.exe
  [DETECTION] Is the TR/Crypt.ZPACK.Gen7 Trojan
    [0] Archive type: Runtime Packed
    --> C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller98.exe
        [1] Archive type: RSRC
      --> C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
          [2] Archive type: NSIS
        --> [ProgramFilesDir]/PeoplePC/Toolbar/PPCToolbar.dll
            [DETECTION] Contains virus patterns of Adware ADWARE/Agent.180224.A
            [WARNING]   Infected files in archives cannot be repaired
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/Agent.180224.A
C:\Program Files\Online Services\PeoplePC\ISP5900\System\unPPC.exe
  [DETECTION] Is the TR/Agent.66048.153 Trojan
Begin scan in 'D:\' <PRESARIO_RP>

Beginning disinfection:
C:\Program Files\Online Services\PeoplePC\ISP5900\System\unPPC.exe
  [DETECTION] Is the TR/Agent.66048.153 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5c0ef44d.qua'!
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/Agent.180224.A
  [NOTE]      The file was moved to the quarantine directory under the name '4468da5d.qua'!
C:\Program Files\Online Services\PeoplePC\Browser\BartShel.exe
  [DETECTION] Is the TR/Crypt.ZPACK.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '162880cc.qua'!
C:\Program Files\Online Services\PeoplePC\BartShel.exe
  [DETECTION] Is the TR/Crypt.ZPACK.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '701fccdc.qua'!
C:\Documents and Settings\Compaq_Administrator\Application Data\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe
  [DETECTION] Contains patterns of software PUA/OpenCandy.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '3596e181.qua'!


End of the scan: Wednesday, May 24, 2017  20:39
Used time:  4:18:30 Hour(s)

The scan has been done completely.

  12234 Scanned directories
 636796 Files were scanned
      6 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      5 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 636790 Files not concerned
  19680 Archives were scanned
      2 Warnings
      5 Notes
 502597 Objects were scanned with rootkit scan
      0 Hidden objects were found

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 PM

Posted 27 May 2017 - 08:01 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 12:49 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Malwarebytes      
Avira Antivirus   
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 101  
 Java version 32-bit out of Date!
 Adobe Flash Player     21.0.0.242  
 Adobe Reader XI  
 Mozilla Firefox (51.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
 


Edited by therpizz, 31 May 2017 - 12:50 PM.


#4 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 12:50 PM

Farbar Service Scanner Version: 27-01-2016
Ran by Compaq_Administrator (administrator) on 31-05-2017 at 10:39:09
Running from "C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****



#5 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 12:57 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Compaq_Administrator (administrator) on 31-05-2017 at 10:55:36
Running from "C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: ER922AA-ABA SR1834NX NA660 Manufacturer: Compaq Presario 061
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter = Wireless Network Connection 4 (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : COMPAQ

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-17-31-23-BE-FF



Ethernet adapter Wireless Network Connection 4:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter #4

        Physical Address. . . . . . . . . : 00-14-6C-5E-76-9F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.107

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : Wednesday, May 31, 2017 10:05:36 AM

        Lease Expires . . . . . . . . . . : Thursday, June 01, 2017 10:05:36 AM

Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Address:  172.217.5.78



Pinging google.com [172.217.5.78] with 32 bytes of data:



Reply from 172.217.5.78: bytes=32 time=53ms TTL=53

Reply from 172.217.5.78: bytes=32 time=56ms TTL=53



Ping statistics for 172.217.5.78:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 53ms, Maximum = 56ms, Average = 54ms

Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.38.111, 98.139.181.135, 98.138.252.222



Pinging yahoo.com [206.190.38.111] with 32 bytes of data:



Reply from 206.190.38.111: bytes=32 time=66ms TTL=49

Reply from 206.190.38.111: bytes=32 time=65ms TTL=49



Ping statistics for 206.190.38.111:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 65ms, Maximum = 66ms, Average = 65ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 23 be ff ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x10004 ...00 14 6c 5e 76 9f ...... NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter #4 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.107      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0    192.168.1.107   192.168.1.107      20
      192.168.1.0    255.255.255.0    192.168.1.107   192.168.1.107      25
    192.168.1.107  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.1.255  255.255.255.255    192.168.1.107   192.168.1.107      25
        224.0.0.0        240.0.0.0    192.168.1.107   192.168.1.107      25
  255.255.255.255  255.255.255.255    192.168.1.107               2      1
  255.255.255.255  255.255.255.255    192.168.1.107   192.168.1.107      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Program Files\Avira\Antivirus\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/31/2017 10:28:50 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 51.0.1.6234, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/26/2017 01:58:50 PM) (Source: Application Error) (User: )
Description: Faulting application mbamservice.exe, version 3.1.0.479, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (05/26/2017 10:29:57 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2017 10:29:57 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2017 10:27:33 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2017 10:27:32 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/24/2017 06:48:21 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).

Error: (05/24/2017 06:47:42 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).

Error: (05/24/2017 06:44:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).

Error: (05/24/2017 06:44:06 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2324
No Callstack,
 CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}


System errors:
=============
Error: (05/31/2017 10:26:05 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/31/2017 10:25:56 AM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/31/2017 10:25:33 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/31/2017 10:04:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (05/26/2017 07:59:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
iaStor
IntelIde
ViaIde

Error: (05/26/2017 05:34:02 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (05/26/2017 05:34:02 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (05/26/2017 05:32:44 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/26/2017 05:32:43 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/26/2017 02:02:51 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/31/2017 10:28:50 AM) (Source: Application Hang)(User: )
Description: firefox.exe51.0.1.6234hungapp0.0.0.000000000

Error: (05/26/2017 01:58:50 PM) (Source: Application Error)(User: )
Description: mbamservice.exe3.1.0.479ntdll.dll5.1.2600.605500019af2

Error: (05/26/2017 10:29:57 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2017 10:29:57 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2017 10:27:33 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2017 10:27:32 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/24/2017 06:48:21 PM) (Source: VSS)(User: )
Description: 0x800704220x800423f4RemovableStorageManagerOpenNtmsSessionW

Error: (05/24/2017 06:47:42 PM) (Source: VSS)(User: )
Description: 0x800704220x800423f4RemovableStorageManagerOpenNtmsSessionW

Error: (05/24/2017 06:44:11 PM) (Source: VSS)(User: )
Description: 0x800704220x800423f4RemovableStorageManagerOpenNtmsSessionW

Error: (05/24/2017 06:44:06 PM) (Source: MSDTC Client)(User: )
Description: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2324
No Callstack,
 CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AstroPop Deluxe from Compaq (remove only) (HKLM\...\997DD523-B925-4C73-970B-C201E8F781AD) (Version:  - WildTangent)
AT&T Yahoo! Applications (HKLM\...\Yahoo! Applications) (Version:  - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5166 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.17-050813a1-029703C-HP - )
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony from Compaq (remove only) (HKLM\...\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6) (Version:  - WildTangent)
BufferChm (HKLM\...\{4041C245-7099-4C96-9738-5EBC23827B3C}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe from Compaq (remove only) (HKLM\...\9448DE42-C017-4A3E-A0BB-C50BF673E9E0) (Version:  - WildTangent)
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CP_AtenaShokunin1Config (HKLM\...\{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (HKLM\...\{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (HKLM\...\{4DA4012B-39AF-48c2-B23B-A4D570D233A6}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (HKLM\...\{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (HKLM\...\{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (HKLM\...\{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (HKLM\...\{23B35809-5E4A-4F14-8332-1CDEDDFAC089}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (HKLM\...\{B57F2FF0-5A25-4332-B503-4592B370C02F}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (HKLM\...\{494D17B5-3369-4905-8C4B-80C972C5E0FF}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (HKLM\...\{54F0998F-73C8-4b51-8286-FE903C231BED}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (HKLM\...\{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Crystal Maze from Compaq (remove only) (HKLM\...\C43D84CD-EBFC-48D3-A330-7868C8AD415A) (Version:  - WildTangent)
CueTour (HKLM\...\{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Destinations (HKLM\...\{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Easy Internet Sign-up (HKLM\...\{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
FATE from Compaq (remove only) (HKLM\...\85CF9BF3-1057-468C-962D-31BAABC6AC72) (Version:  - WildTangent)
FrostWire 4.21.8 (HKLM\...\FrostWire) (Version: 4.21.8.0 - FrostWire Team)
FrostWire 5.2.11 (HKLM\...\FrostWire 5) (Version: 5.2.11.0 - FrostWire Team)
FullDPAppQFolder (HKLM\...\{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{3BA95526-6AE0-4B87-A62D-17187EF565FC}) (Version: 2.0.5.1 - Hewlett-Packard Company)
HP DigitalMedia Archive (HKLM\...\{F80239D8-7811-4D5E-B033-0D0BBFE32920}) (Version: 2.0 - Hewlett-Packard)
HP DVD Play 1.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Game Console and games (HKLM\...\HP Game Console) (Version:  - WildTangent)
HP Games 3.43.97 (HKLM\...\DISCover) (Version: 3.43.97 - )
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Rhapsody (HKLM\...\HP Rhapsody) (Version:  - )
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version:  - )
HpSdpAppCoreApp (HKLM\...\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
Insaniquarium Deluxe from Compaq (remove only) (HKLM\...\5AF1DD17-7B06-45EF-8592-2E524E458BAB) (Version:  - WildTangent)
InstantShareAlert (HKLM\...\{069730C2-755A-485B-A205-27A1AAFA836A}) (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (HKLM\...\{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.101.13 - Oracle Corporation) Hidden
Lexibox Deluxe from Compaq (remove only) (HKLM\...\F05A08BF-E600-4FBD-A53A-3D47296B1275) (Version:  - WildTangent)
LightScribe  1.4.62.1 (HKLM\...\{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}) (Version: 1.4.62.1 - http://www.lightscribe.com) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter (HKLM\...\{51123D42-6B9C-4B93-900C-29F9EC5963C9}) (Version:  - )
OpenOffice.org 2.4 (HKLM\...\{F87A8E11-02A4-4875-A3A5-5961081B0E4E}) (Version: 2.4.9286 - OpenOffice.org)
OptionalContentQFolder (HKLM\...\{36D620AD-EEBA-4973-BA86-0C9AE6396620}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PhotoGallery (HKLM\...\{869C3062-4745-4949-B6C9-98AF24D89030}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Polar Bowler from Compaq (remove only) (HKLM\...\05E21449-3BA3-42BF-BBDA-95205F4EA40A) (Version:  - WildTangent)
Polar Golfer from Compaq (remove only) (HKLM\...\3330A279-CC39-4A17-AE19-DA464B26AD9A) (Version:  - WildTangent)
PS2 (HKLM\...\PS2) (Version:  - )
Puzzle Express from Compaq (remove only) (HKLM\...\E1A0F769-A43A-4DDB-9F73-12791E453557) (Version:  - WildTangent)
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.1.29 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RandMap (HKLM\...\{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )
Ricochet Lost Worlds from Compaq (remove only) (HKLM\...\52AEBC18-F252-4B0C-B3E1-724537D9F873) (Version:  - WildTangent)
SBC Yahoo! DSL Activation (HKLM\...\SBC Yahoo! DSL Activation) (Version:  - )
SCRABBLE from Compaq (remove only) (HKLM\...\FA6A73EB-40AB-4B58-851D-3892B3C10EF6) (Version:  - WildTangent)
Shared C Run-time for x86 (HKLM\...\{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}) (Version: 10.0.0 - McAfee) Hidden
Shooting Stars Pool from Compaq (remove only) (HKLM\...\045C89A0-CA37-443C-8826-F750227DE69C) (Version:  - WildTangent)
Shrek 2 Ogre Bowler from Compaq (remove only) (HKLM\...\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9) (Version:  - WildTangent)
SkinsHP1 (HKLM\...\{2A548002-9042-4083-A270-B67473DE1073}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Slingo Deluxe from Compaq (remove only) (HKLM\...\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9) (Version:  - WildTangent)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (HKLM\...\{79F8E1D4-36C1-439C-95FA-F695050B5B07}) (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Super Granny from Compaq (remove only) (HKLM\...\DE87FA96-7840-420C-86F9-33F3B7B3CED1) (Version:  - WildTangent)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tradewinds from Compaq (remove only) (HKLM\...\66195170-D19D-46C5-8FB7-8A4630071ADC) (Version:  - WildTangent)
Unload (HKLM\...\{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}) (Version: 6.0.0 - Hewlett-Packard) Hidden
Update for Windows Internet Explorer 8 (KB968220) (HKLM\...\KB968220-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (HKLM\...\KB913800) (Version:  - Microsoft Corporation)
Update for Windows Media Player 10 (KB926251) (HKLM\...\KB926251) (Version:  - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Viewpoint Manager (Remove Only) (HKLM\...\Viewpoint Manager) (Version:  - )
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Zuma Deluxe from Compaq (remove only) (HKLM\...\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D) (Version:  - WildTangent)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 958.48 MB
Available physical RAM: 431 MB
Total Virtual: 2312.59 MB
Available Virtual: 1354.77 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:224.95 GB) (Free:204.93 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:7.91 GB) (Free:0.53 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPAQ

Administrator            ASPNET                   Compaq_Administrator     
Guest                    HelpAssistant            SUPPORT_388945a0         
SUPPORT_fddfa904         

========================= Restore Points ==================================

29-11-2017 21:49:19 System Checkpoint
19-02-2017 21:51:17 System Checkpoint
20-02-2017 00:20:53 Software Distribution Service 3.0
05-03-2017 21:30:38 System Checkpoint
15-03-2017 20:34:38 System Checkpoint
05-04-2017 20:34:35 System Checkpoint
26-04-2017 20:46:40 System Checkpoint
03-05-2017 20:34:42 System Checkpoint
24-05-2017 20:37:23 System Checkpoint
27-05-2017 01:37:22 System Checkpoint

**** End of log ****
 



#6 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 01:01 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/26/17
Scan Time: 2:10 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2027
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: COMPAQ\Compaq_Administrator

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 180147
Threats Detected: 161
Threats Quarantined: 161
Time Elapsed: 5 hr, 31 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 62
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WTVis.WTVisReceiver, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WTVis.WTVisReceiver.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}\InprocServer32, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WTVis.WTVisSender, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WTVis.WTVisSender.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}\InprocServer32, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WT3D.WT, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WT3D.WT.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{05EF74A5-E109-11D2-A566-444553540000}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{0E7AE465-EE8D-11D2-A566-444553540000}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{16410859-886F-4579-BC1F-330A139D0F0F}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{399A8818-2000-436C-9A55-0016E5E3D227}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{52889E01-CB46-11D2-96BC-00104B242E64}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{5C49CBD2-8ED7-439B-8668-32149F84A235}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{6E6CF8E5-D795-11D2-A566-444553540000}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{79884200-3ADE-11D3-AC39-00105A2057FA}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{810E95C2-F908-4E02-9B28-B92C3A778D0D}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{B57613B6-EF02-4D96-99C6-70C9A2014A14}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{BDB9B021-CAFF-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{BDB9B022-CAFF-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1DA7AB8-54FC-4971-9AFB-1BCB9AFC3AA2}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{C3A156D4-503F-4779-A673-657308D94FAF}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{D72AC8E7-F41D-11D2-A566-444553540000}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{DE3E540A-F0F2-4761-99BE-AFC6DC427E30}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{EA6F254D-1A8C-4518-8FE0-E9B94FD134ED}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{EC914A5C-7C4B-4AC8-8C86-C10FF5C0D23D}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{F10493C1-D0B6-11D2-A566-444553540000}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AA3A-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AA3E-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AA40-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AA44-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AA46-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AA50-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WDMHHost.WTHoster, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WDMHHost.WTHoster.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\TYPELIB\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F44B498-8FD4-4A1E-852C-170156ED27C0}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\InprocServer32, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WT.WTMultiplayer, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\WT.WTMultiplayer.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\TYPELIB\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB2BC32-56E9-4349-B125-CB2561A06626}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\INTERFACE\{A73F5102-3782-4945-BF97-889F9B6DC9A5}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\InprocServer32, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, HKLM\SOFTWARE\CLASSES\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32, Quarantined, [1272], [391143],1.0.2027

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 26
PUP.Optional.VisiCoupons, C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\VISI_COUPON, Quarantined, [12750], [244561],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\install, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\install, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\wtwebdriver, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\wtupdater, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\updater, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\WT, Quarantined, [1272], [391143],1.0.2027

File: 73
PUP.Optional.OpenCandy, C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\.FROSTWIRE5\UPDATES\FROSTWIRE-5.7.6.WINDOWS.COC.PREMIUM.EXE, Quarantined, [522], [297667],1.0.2027
PUP.Optional.VisiCoupons, C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\VISI_COUPON\MERCHANTS.DAT2, Quarantined, [12750], [244561],1.0.2027
PUP.Optional.VisiCoupons, C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\visi_coupon\merchants.dat, Quarantined, [12750], [244561],1.0.2027
PUP.Optional.OpenCandy, C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1170\A0255927.EXE, Quarantined, [522], [297667],1.0.2027
Adware.WildTangent, C:\WINDOWS\WT\UPDATER\WCMDMGRL.EXE, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\updater\wcmdmgr.exe, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\updater\wt.ini, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\sound.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\jdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\rdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver\wildtangent.jar, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\wtupdater\appinfo.dat, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\data.wts, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\webdriver.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wt3d.dll, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wt3d.ini, Quarantined, [1272], [391143],1.0.2027
Adware.WildTangent, C:\WINDOWS\wt\wtvh.dll, Quarantined, [1272], [391143],1.0.2027

Physical Sector: 0
(No malicious items detected)


(end)



#7 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 01:45 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 1005035520, free: 442761216

Downloaded database version: v2017.05.31.07
Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.05.19.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     05/31/2017 11:08:57
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\aracpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\arpolicy.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\WINDOWS\system32\drivers\mbae.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WG11TND5.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\DNINDIS5.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.05.31.07
  rootkit: v2017.05.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff860fcab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861c7290, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff860fcab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86176f18, DeviceName: \Device\00000068\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86189940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 471748662
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 471764790  Numsec = 16627275
    Partition is bootable
    Partition file system is FAT32

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85e68ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bdc2e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e68ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dea980, DeviceName: \Device\00000070\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85e64ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bed720, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e64ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dea6f0, DeviceName: \Device\00000071\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff85e64540, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85ddf700, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e64540, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85c07ea0, DeviceName: \Device\00000072\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85be3ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85bdfe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85be3ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e6c030, DeviceName: \Device\00000073\, DriverName: \Driver\usbstor\
------------ End ----------
File "C:\Program Files\Common Files\System\directdb.dll" is compressed (flags = 1)
File "C:\Program Files\Common Files\System\wab32.dll" is compressed (flags = 1)
File "C:\Program Files\Common Files\System\wab32res.dll" is compressed (flags = 1)
File "C:\Program Files\Common Files\System\ado\msader15.dll" is compressed (flags = 1)
File "C:\Program Files\Common Files\System\ado\msador15.dll" is compressed (flags = 1)
File "C:\Program Files\Common Files\System\ado\msadrh15.dll" is compressed (flags = 1)
File "C:\Program Files\Internet Explorer\hmmapi.dll" is compressed (flags = 1)
File "C:\Program Files\Internet Explorer\iedw.exe" is compressed (flags = 1)
File "C:\Program Files\Internet Explorer\iexplore.exe.mui" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\wmm2ae.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\WMM2ERES.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\WMM2EXT.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\wmm2filt.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\wmm2fxa.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\wmm2fxb.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\wmm2res.dll" is compressed (flags = 1)
File "C:\Program Files\Movie Maker\wmm2res2.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\callcont.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\cb32.exe" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\conf.exe" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\confmrsl.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\dcap32.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\h323cc.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\mst120.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\mst123.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nac.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmas.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmasnt.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmchat.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmcom.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmft.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmoldwb.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\nmwb.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\rrcm.dll" is compressed (flags = 1)
File "C:\Program Files\NetMeeting\wb32.exe" is compressed (flags = 1)
File "C:\Program Files\Outlook Express\msoeres.dll" is compressed (flags = 1)
File "C:\Program Files\Outlook Express\oeimport.dll" is compressed (flags = 1)
File "C:\Program Files\Outlook Express\oemig50.exe" is compressed (flags = 1)
File "C:\Program Files\Outlook Express\oemiglib.dll" is compressed (flags = 1)
File "C:\Program Files\Outlook Express\wabimp.dll" is compressed (flags = 1)
File "C:\Program Files\Outlook Express\wabmig.exe" is compressed (flags = 1)
File "C:\Program Files\Windows Media Player\custsat.dll" is compressed (flags = 1)
File "C:\Program Files\Windows Media Player\migrate.exe" is compressed (flags = 1)
File "C:\Program Files\Windows Media Player\mpvis.dll" is compressed (flags = 1)
File "C:\Program Files\Windows Media Player\setup_wm.exe" is compressed (flags = 1)
File "C:\Program Files\Windows Media Player\wmpband.dll" is compressed (flags = 1)
File "C:\Program Files\Windows NT\dialer.exe" is compressed (flags = 1)
File "C:\Program Files\Windows NT\htrn_jis.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\Com\comadmin.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\Com\comrepl.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\Com\comrereg.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\Com\mtsadmin.tlb" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\default.sav" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software.sav" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\etc\services" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\msobcomm.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\msobdl.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\msobmain.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\msobshel.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\msobweb.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\msoobe.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\oobe\oobebaln.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\cmdevtgprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\dsprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\evntrprv.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\fwdprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\krnlprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\mofcomp.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\mofd.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\msiprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\policman.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\scrcons.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\tmplprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\trnsprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\updprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\viewprov.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wbemads.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wbemads.tlb" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wbemcntl.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wbemtest.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wbemupgd.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\winmgmt.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\winmgmtr.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmiadap.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmiapres.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmiaprpl.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmic.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\unsecapp.exe" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wbemperf.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmicookr.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmidcprv.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmimsg.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmipdskq.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmipicmp.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmipiprt.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmipjobj.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmipsess.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\wmitimep.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\wbem\smtpcons.dll" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2861189_20131018_064358648-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2861189_20131018_064358648.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB958483_20131017_052512561-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB958483_20131017_052512561.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB977354_20131018_065437804-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB977354_20131018_065437804.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20131018_064413664-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20131018_064413664-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20131018_064413664-Msi1.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB982168_20131018_064413664.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2604111_20131018_070331289-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2604111_20131018_070331289.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2736416_20131018_065511258-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2736416_20131018_065511258.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2840629_20131018_065829148-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2840629_20131018_065829148.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2861697_20131018_064639320-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB2861697_20131018_064639320.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2742596_20131018_070645757-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2742596_20131018_070645757.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2789643_20131018_063517023-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2789643_20131018_063517023.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2833940_20131018_064701367-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2833940_20131018_064701367.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2844285_20131018_064158023-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2844285_20131018_064158023.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2863239_20131018_070111586-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2863239_20131018_070111586-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB958484_20131017_052544248.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB963707_20131018_065205851-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB963707_20131018_065205851.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2729450_20131018_063905039.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2863239_20131018_070111586.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2832411_20131018_064119851.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.5-KB958484_20131017_052544248-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2604092_20131018_065845523-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2604092_20131018_065845523.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2656352_20131018_064926586-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2656352_20131018_064926586.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2729450_20131018_063905039-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB958481_20131017_052302264-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB958481_20131017_052302264.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB976576_20131018_065221398-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB976576_20131018_065221398-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 2.0-KB976576_20131018_065221398.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2756918_20131018_070351320-Msi0.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2756918_20131018_070351320-Msi1.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2756918_20131018_070351320-Msi1.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2756918_20131018_070351320.html" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Microsoft .NET Framework 3.0-KB2832411_20131018_064119851-Msi0.txt" is compressed (flags = 1)
File "C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Favorites\Desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Favorites\MSN.com.url" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Favorites\Radio Station Guide.url" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Recent\Desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\amipro.sam" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\excel.xls" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\excel4.xls" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\lotus.wk4" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\powerpnt.ppt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\presenta.shw" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\quattro.wb2" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\sndrec.wav" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\winword.doc" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpd" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpg" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\HPBWSetup.exe.fe2aa224.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c95982a.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\PostInstallExecuter.exe.2c6c3c60.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL52.tmp.fc211826.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\1033.MST" is compressed (flags = 1)
File "C:\WINDOWS\hh.exe" is compressed (flags = 1)
File "C:\WINDOWS\TASKMAN.EXE" is compressed (flags = 1)
File "C:\WINDOWS\twain.dll" is compressed (flags = 1)
File "C:\WINDOWS\twain_32.dll" is compressed (flags = 1)
File "C:\WINDOWS\twunk_16.exe" is compressed (flags = 1)
File "C:\WINDOWS\twunk_32.exe" is compressed (flags = 1)
File "C:\WINDOWS\vmmreg32.dll" is compressed (flags = 1)
File "C:\WINDOWS\winhlp32.exe" is compressed (flags = 1)
File "C:\WINDOWS\kb913800.exe" is compressed (flags = 1)
File "C:\WINDOWS\notepad.exe" is compressed (flags = 1)
File "C:\WINDOWS\slrundll.exe" is compressed (flags = 1)
File "C:\WINDOWS\AppPatch\aclua.dll" is compressed (flags = 1)
File "C:\WINDOWS\AppPatch\acspecfc.dll" is compressed (flags = 1)
File "C:\WINDOWS\AppPatch\acxtrnal.dll" is compressed (flags = 1)
File "C:\WINDOWS\AppPatch\apphelp.sdb" is compressed (flags = 1)
File "C:\WINDOWS\AppPatch\apph_sp.sdb" is compressed (flags = 1)
File "C:\WINDOWS\AppPatch\msimain.sdb" is compressed (flags = 1)
File "C:\WINDOWS\Help\apps.chm" is compressed (flags = 1)
File "C:\WINDOWS\Help\bnts.dll" is compressed (flags = 1)
File "C:\WINDOWS\Help\sniffpol.dll" is compressed (flags = 1)
File "C:\WINDOWS\Help\sstub.dll" is compressed (flags = 1)
File "C:\WINDOWS\Help\tshoot.dll" is compressed (flags = 1)
File "C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe" is compressed (flags = 1)
File "C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe" is compressed (flags = 1)
File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe" is compressed (flags = 1)
File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" is compressed (flags = 1)
File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
File "C:\WINDOWS\system\MCISEQ.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\AVICAP.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\AVIFILE.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\COMMDLG.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\KEYBOARD.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\LZEXPAND.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\MCIAVI.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\MCIWAVE.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\MMSYSTEM.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\MMTASK.TSK" is compressed (flags = 1)
File "C:\WINDOWS\system\MOUSE.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\MSVIDEO.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\OLECLI.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\OLESVR.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\SHELL.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\SOUND.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\stdole.tlb" is compressed (flags = 1)
File "C:\WINDOWS\system\SYSTEM.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\TAPI.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\TIMER.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\VER.DLL" is compressed (flags = 1)
File "C:\WINDOWS\system\VGA.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\WFWNET.DRV" is compressed (flags = 1)
File "C:\WINDOWS\system\winspool.drv" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Address Book\Administrator.wab" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Address Book\Administrator.wab~" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\04AFA8793E5CDC4A81C6CD4554A30707" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0897206B35294097C3660E62BCDB227C" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\1C18D43083B2A916E87365408C3FA2F3" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\207B9FD92391B9B2A60A89B4C965D5DF" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B681B8816EE79EAEAA5CA7DA9EC0DC58" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C85D71887265E283EC5EBF46764A2A28" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\D41693DAFE5DEF0C36959FF1FCEF5C96" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\D4F348B882DF3F205ECCB6243795CB3A" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\D83C2E51E34C33C16825E6DC8397F21B" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\72466EE3B2BB63A32E591E54A2E5ACDC" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74547E1981B533FEA41563CC9558DBD0" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E5EB299D44EE4AEFB9505C10194994EC" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F03FBEED31BB9347A2DDFF031058505F" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A008D953E44E20C38D3C35C11A37E6CA" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7735880A01E3F94F763761958A7A8191" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E48DDEA3BF68DF580551FA0F27950B54" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3C19F8F5C2A69BEC912EF5B953293907" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3D9E65141D5E56E5DA3512419A66AD51" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\4DB1DABDF57ED9997FE8DCC77E93C04F" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\526CE89193F110F750D34080932D5D62" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\52FE9FFE4780FF24EC690DB2F1D013CE" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\04AFA8793E5CDC4A81C6CD4554A30707" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0897206B35294097C3660E62BCDB227C" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\1C18D43083B2A916E87365408C3FA2F3" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\207B9FD92391B9B2A60A89B4C965D5DF" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B681B8816EE79EAEAA5CA7DA9EC0DC58" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C85D71887265E283EC5EBF46764A2A28" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\D41693DAFE5DEF0C36959FF1FCEF5C96" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\D4F348B882DF3F205ECCB6243795CB3A" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\D83C2E51E34C33C16825E6DC8397F21B" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\72466EE3B2BB63A32E591E54A2E5ACDC" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74547E1981B533FEA41563CC9558DBD0" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E5EB299D44EE4AEFB9505C10194994EC" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F03FBEED31BB9347A2DDFF031058505F" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A008D953E44E20C38D3C35C11A37E6CA" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7735880A01E3F94F763761958A7A8191" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E48DDEA3BF68DF580551FA0F27950B54" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C19F8F5C2A69BEC912EF5B953293907" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3D9E65141D5E56E5DA3512419A66AD51" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\4DB1DABDF57ED9997FE8DCC77E93C04F" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\526CE89193F110F750D34080932D5D62" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\52FE9FFE4780FF24EC690DB2F1D013CE" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-527237240-179605362-725345543-500\55be0262-9a67-40b8-89b6-8248defbb222" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-527237240-179605362-725345543-500\Preferred" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Real\rnadmin\rnsystem.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log" is compressed (flags = 1)
File "C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFO5.OCX" is compressed (flags = 1)
File "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe" is compressed (flags = 1)
File "C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-471764790-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#8 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 01:54 PM

Attached is the last part of your instructions. Thank you very, very much for your help!

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/31/2017 11:48:17 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * c:\windows\system\hpsysdrv.exe (PID: 5616) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled

 * MSDTC [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1 localhost

Program finished at: 05/31/2017 11:50:34 AM
Execution time: 0 hours(s), 2 minute(s), and 17 seconds(s)
 



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 PM

Posted 31 May 2017 - 02:13 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 03:31 PM

# AdwCleaner v6.047 - Logfile created 31/05/2017 at 13:15:10
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Compaq_Administrator - COMPAQ
# Running from : C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Program Files\Viewpoint
[-] Folder deleted: C:\Program Files\Yahoo!\Companion
[-] Folder deleted: C:\Program Files\Common Files\Viewpoint


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl.5
[-] Key deleted: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-5577497
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C875948-9C60-4381-9248-0DF180542D53}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key deleted: HKU\.DEFAULT\Software\Viewpoint
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-470977777-3204525014-584974407-1008\Software\Viewpoint
[-] Key deleted: HKU\S-1-5-21-470977777-3204525014-584974407-1008\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-470977777-3204525014-584974407-1008\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-470977777-3204525014-584974407-1008\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Viewpoint
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\Viewpoint
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Yahoo\YFriendsBar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Toolbar
[-] Key deleted: HKU\S-1-5-21-470977777-3204525014-584974407-1008\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12503 Bytes] - [31/05/2017 13:15:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [12091 Bytes] - [31/05/2017 12:47:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [12109 Bytes] - [31/05/2017 13:07:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [12183 Bytes] - [31/05/2017 13:09:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12799 Bytes] ##########
 



#11 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 03:35 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Microsoft Windows XP x86
Ran by Compaq_Administrator (Administrator) on Wed 05/31/2017 at 13:32:34.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\hot deals (Folder)
Successfully deleted: C:\Documents and Settings\Compaq_Administrator\Application Data\visi_coupon (Folder)
Successfully deleted: C:\Documents and Settings\Compaq_Administrator\Application Data\yahoocouponaddon (Folder)
Successfully deleted: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\viewpoint (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FB5HE3O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GYOMJM4J (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H299H9VJ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UIMRTCQY (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\registry mechanic (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FB5HE3O1 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GYOMJM4J (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H299H9VJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UIMRTCQY (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/31/2017 at 13:34:00.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 May 2017 - 06:37 PM

I scanned my computer with Sophos Virus Removal Tool but there were no threats found.

 

Is there anything else I should do?

 

Thanks!



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 PM

Posted 31 May 2017 - 07:16 PM

Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

 

=========================================

 

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 therpizz

therpizz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 07 June 2017 - 07:08 PM

My computer seems to be running like normal again. Thank you so much! You are truly a life-saver! I will keep the tips and suggestions in mind.



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 PM

Posted 07 June 2017 - 08:21 PM

Way to go!! p4193510.gif
Good luck and stay safe :)
 


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users