GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

AdChoices popup malware and a couple viruses

View previous topic View next topic Go down

AdChoices popup malware and a couple viruses

Post by RebelSnipe on Thu Jan 02, 2014 4:41 pm

Hi - Thank you for helping us troubled soles!

A few days ago I started getting AdChoices pop up windows appearing in the lower left corner of my IE windows.  As I've been trying to figure out how to make them stop my AVG detected two viruses on two separate occasions (PSW.Generic12.URP and IDP.Trojan.6EE8C244)

I had already run Malwarebytes (1.75.0.1300) but then decided I was in over my head.  The Malwarebytes took over 3.5 hours to run.  Since I had just run it today, I didn't repeat running it after running AdwCleaner (per your forum instructions.)  I will include the output from the run I did perform today.  If you need me to run it again after the AdwCleaner just let me know.

Also, I have (had) Reveal Key Logger installed on this computer (to keep an eye on the kids.)  I noticed that Malwarebytes found it (I told it to ignore it) but when I ran AdwCleaner it removed it.  Is this an ok key logger to have running?  Do you recommend a different one?  Is it ok to re-install after we figure out the malware / viruses?  

THANK YOU!!

# AdwCleaner v3.016 - Report created 02/01/2014 at 15:11:56
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Bauers - BAUERS-SUNROOM
# Running from : C:\Users\Bauers\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\rvlkl
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Users\Bauers\AppData\LocalLow\AVG Security Toolbar
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk
File Deleted : C:\Users\Bauers\AppData\Roaming\Mozilla\Firefox\Profiles\05lourv9.default\searchplugins\search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v4.0 (en-US)

[ File : C:\Users\Bauers\AppData\Roaming\Mozilla\Firefox\Profiles\05lourv9.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [4214 octets] - [02/01/2014 15:02:59]
AdwCleaner[S0].txt - [4349 octets] - [02/01/2014 15:11:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4409 octets] ##########



Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2014.01.01.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bauers :: BAUERS-SUNROOM [administrator]

1/2/2014 9:49:56 AM
mbam-log-2014-01-02 (09-49-56).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 530017
Time elapsed: 3 hour(s), 34 minute(s), 59 second(s)

Memory Processes Detected: 1
C:\Program Files\rkfree\rvlkl.exe (Keylogger.Logixoft) -> 1624 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files\rkfree\rvlkl.exe (Keylogger.Logixoft) -> No action taken.
C:\Users\Bauers\Downloads\rkfree_setup.exe (Keylogger.Logixoft) -> No action taken.
C:\Users\Bauers\AppData\Local\Temp\~tmp2455866091908323541.tmp (Malware.Packer.FFS) -> Quarantined and deleted successfully.
C:\Users\Bauers\AppData\Local\Temp\vxxile.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Bauers\AppData\Local\Temp\1dsve2wefd.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Users\Bauers\AppData\Local\Temp\2dsve2wefd.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)



Results of screen317's Security Check version 0.99.78  
Windows Vista Service Pack 2 x86 (UAC is disabled!)  
Internet Explorer 9  
Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013  
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0  
Malwarebytes Anti-Malware version 1.75.0.1300  
Java(TM) 6 Update 26  
Java 7 Update 9  
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 4.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 22 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by Superdave on Thu Jan 02, 2014 9:10 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I have (had) Reveal Key Logger installed on this computer (to keep an eye on the kids.) I noticed that Malwarebytes found it (I told it to ignore it) but when I ran AdwCleaner it removed it. Is this an ok key logger to have running? Do you recommend a different one? Is it ok to re-install after we figure out the malware / viruses?
There are a lot of key logger detectors on the net but a lot of them come with unwanted baggage
You need to run MBAM again, make sure that all the infections have a checkmark and click on Remove infections. You will note that it found some key loggers.
Here's a scanner that I use.


Download [You must be registered and logged in to see this link.] to your desktop.

* Double click CKScanner.exe and click Search For Files
* After a very short time, when the cursor hourglass disappears, click Save List To File
* A message box will verify the file saved.
* There will now be a file called CKFiles.txt on your desktop.
* Copy and paste the contents of CKFiles.txt in your next reply.
*********************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************
Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

********************************
Please defrag your hard drive soon. If you need help, please let me know. (SSD means Solid State Drive.)

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by RebelSnipe on Fri Jan 03, 2014 10:25 am

Thanks Dave.

I ran CKScanner
ran JRT
updated Java
removed old Java versions
updated Adobe Reader
ran defrag
re-ran MalwareBytes

I opened IE and AdChoices malware still creating pop-ups. Below are the logs. Any additional advice would be greatly appreciated!

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\bauers\music\itunes\itunes music\compilations\relapse\18 crack a bottle.m4a
c:\users\bauers\music\itunes\mobile applications\crackle 2.0.0.ipa
scanner sequence 3.AA.11.OHAPDZ
----- EOF -----


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Bauers on Thu 01/02/2014 at 21:07:58.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1B1885D6-9330-4435-8382-ED9D2752A914}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted the following from C:\Users\Bauers\AppData\Roaming\mozilla\firefox\profiles\05lourv9.default\prefs.js

user_pref("keyword.URL", "hxxp://search.avg.com/route/?d=4cbcea1e&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/02/2014 at 21:12:19.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2014.01.03.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bauers :: BAUERS-SUNROOM [administrator]

1/2/2014 9:52:46 PM
mbam-log-2014-01-02 (21-52-46).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 510458
Time elapsed: 2 hour(s), 56 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\rkfree\rvlkl.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.
C:\Users\Bauers\AppData\Local\Temp\1dsve2wefd.exe (Trojan.Ransom.ED) -> Quarantined and deleted successfully.
C:\Users\Bauers\Downloads\rkfree_setup.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.
C:\Users\Bauers\AppData\Local\Temp\2dsve2wefd.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)

RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by Superdave on Fri Jan 03, 2014 3:15 pm

Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by RebelSnipe on Fri Jan 03, 2014 8:11 pm

Thanks SuperDave.

I backed up my computer before running the Rootkit Beta (as instructed.)
Makes me a little nervous that I just "shared" the infection with my back up device? (portable hard drive.)

ran Malwarebytes Anti-Rootkit Beta v1.07.0.1008
"Congratulations, no cleanup is required!
Scan Finished: No malware found!"

I did open IE and the AdChoices malware is still active.

Here are the two files you requested:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
[You must be registered and logged in to see this link.]

Database version: v2014.01.03.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bauers :: BAUERS-SUNROOM [administrator]

1/3/2014 6:40:05 PM
mbar-log-2014-01-03 (18-40-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 222352
Time elapsed: 23 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.210000 GHz
Memory total: 3084656640, free: 953675776

Downloaded database version: v2014.01.03.07
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/03/2014 18:39:56
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\wrjjd.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\PCTCore.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8e307ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000051\
Lower Device Object: 0xffffffff8d465928
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8e307ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8e3077b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8e307ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8e204588, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xffffffff8c67b668, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8d465928, DeviceName: \Device\00000051\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\drivers\103C_HP_CPC_FJ373AA-ABA SR5501P_YC_0Pres_Q3CR824_E83NAv3PrA2_49_IIVY8_SOEMMB_V2.00_B5.14_T080502_WUH1_L409_M894_J160_7AMD_8Athlon 64 X2 Dual Core_92.2_#_N10DE03EF_Z14F12F20_G10DE03D0.MRK" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\103C_HP_CPC_FJ373AA-ABA SR5501P_YC_0Pres_Q3CR824_E83NAv3PrA2_49_IIVY8_SOEMMB_V2.00_B5.14_T080502_WUH1_L409_M894_J160_7AMD_8Athlon 64 X2 Dual Core_92.2_#_N10DE03EF_Z14F12F20_G10DE03D0.MRK" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\adp94xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adp94xx.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\adpahci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adpahci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\adpu320.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adpu320.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\AMDAGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\AMDAGP.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\arc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\arc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\arcsas.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\arcsas.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\avgidsdriverx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\avgidsdriverx.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\avgidsshimx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\avgidsshimx.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\avgrkx86.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\avgrkx86.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\blbdrive.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\blbdrive.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BrFiltLo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BrFiltLo.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BrFiltUp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BrFiltUp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BrSerId.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BrSerId.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BrSerWdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BrSerWdm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BrUsbMdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BrUsbMdm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BrUsbSer.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BrUsbSer.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\compbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\compbatt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\djsvs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\djsvs.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\E1G60I32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\E1G60I32.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\elxstor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\elxstor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\GAGP30KX.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\GAGP30KX.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\GEARAspiWDM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\GEARAspiWDM.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\HpCISSs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HpCISSs.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\HSFProf.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HSFProf.cty" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\HSXHWBS2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HSXHWBS2.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\HSX_CNXT.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HSX_CNXT.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\HSX_DP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HSX_DP.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\i2omgmt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\i2omgmt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\i2omp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\i2omp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\iaStorV.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\iaStorV.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\iirsp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\iirsp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\IPMIDrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\IPMIDrv.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\iteatapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\iteatapi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\iteraid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\iteraid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\lsi_fc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\lsi_fc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\lsi_sas.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\lsi_sas.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\lsi_scsi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\lsi_scsi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\LVAFT.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\LVAFT.cfg" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\lvrs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\lvrs.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\lvuvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\lvuvc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mbam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mbam.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mbamchameleon.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mbamchameleon.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\MBAMSwissArmy.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\MBAMSwissArmy.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\megasas.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\megasas.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mpio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mpio.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\Mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\Mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msahci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msahci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msdsm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msdsm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\crcdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\crcdisk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\MegaSR.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\MegaSR.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ntrigdigi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntrigdigi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\SYMEVENT.INF" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SYMEVENT.INF" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nfrd960.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nfrd960.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvlddmkm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvmfdx32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvmfdx32.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvphy.bin" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvphy.bin" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvraid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvraid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvrd32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvrd32.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvsmu.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvsmu.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvstor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvstor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\nvstor32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvstor32.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\NV_AGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NV_AGP.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\rcmirror.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rcmirror.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\rdpdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\RTKVHDA.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\RTKVHDA.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serscan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serscan.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\SilvrLnk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SilvrLnk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\SISAGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SISAGP.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sisraid2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sisraid2.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sisraid4.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sisraid4.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\SYMEVENT.CAT" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SYMEVENT.CAT" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbaapl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbaapl.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vgapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vgapnp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\VIAAGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\VIAAGP.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\viac7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\viac7.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vsmraid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vsmraid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wd.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\XAudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\XAudio.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\tiehdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tiehdusb.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\UAGP35.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\UAGP35.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ULIAGPKX.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ULIAGPKX.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\uliahci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uliahci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ulsata.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ulsata.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ulsata2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ulsata2.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\PCTAppEvent.cat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\PCTAppEvent.cat" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\PCTAppEvent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\PCTAppEvent.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pctcore.cat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pctcore.cat" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\PCTCore.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\PCTCore.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pctgntdi.cat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pctgntdi.cat" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pctgntdi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pctgntdi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pctplsg.cat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pctplsg.cat" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pctplsg.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pctplsg.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pctwfpfilter.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pctwfpfilter.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pxhelp20.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pxhelp20.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ql2300.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql2300.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ql40xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ql40xx.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 292334742
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 292334805 Numsec = 20241900

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Read File: File "C:\ProgramData\AVG2013\chjw\949ca48c9ca46a86.dat" is compressed (flags = 1)
Read File: File "c:\programdata\avg2013\chjw\64f4fcdff4fcb500.dat:1b1c765c-1d52-441d-bc9e-8d288eb0fa41" is compressed (flags = 32769)
Read File: File "c:\programdata\avg2013\chjw\64f4fcdff4fcb500.dat:1b1c765c-1d52-441d-bc9e-8d288eb0fa41" is sparse (flags = 32769)
Read File: File "C:\Users\Bauers\AppData\Roaming\Apple Computer\Logs\asl.090948_03Jan14.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Roaming\Dropbox\config.dbx" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Roaming\Dropbox\deleted.dbx" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Roaming\Dropbox\filecache.dbx" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Roaming\Dropbox\notifications.dbx" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Roaming\Dropbox\photo.dbx" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Roaming\Apple Computer\Logs\asl.090943_03Jan14.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Akamai\Logs\debug.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgcfg.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgcore.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgdecider.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgual.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgui.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgidpagentmonitor.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\avgmsgdisp.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\krnlapi.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Avg2013\log\lng.log" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT" is compressed (flags = 1)
Read File: File "C:\Users\Bauers\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" is compressed (flags = 1)
Read File: File "C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat" is compressed (flags = 1)
Read File: File "C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgadvisor.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcfg.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcfg.log.1" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgchjw.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwdsvc.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwdsvc_idp_SYSTEM.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\commonpriv.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgemc.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpagent.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsecapi.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgss.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgtdi.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcsl.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgldr.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmf.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmsgdisp.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\krnlapi.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\lng.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwd.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpdrv.log" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpeh.log" is compressed (flags = 1)
Read File: File "C:\Windows\WindowsUpdate.log" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\01888bc537416c66b9586f31ba52c58aa3c56f39.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\01888bc537416c66b9586f31ba52c58aa3c56f39.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\018efb987cc8dcd6582dcc03fda3e6e6d1539201.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\018efb987cc8dcd6582dcc03fda3e6e6d1539201.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\8441a8488d02aff6a0a5823396a0ae4f23d6ce1d.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\8441a8488d02aff6a0a5823396a0ae4f23d6ce1d.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\846e25220fa4b1a301feefb4dd65079bc4e6d3a6.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\846e25220fa4b1a301feefb4dd65079bc4e6d3a6.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\846f5898986d45da243ce0fe8f0ab7521dba54dc.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\846f5898986d45da243ce0fe8f0ab7521dba54dc.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\84708d620f82fe9ace6df25cd3b568a5ade2e19a.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\84708d620f82fe9ace6df25cd3b568a5ade2e19a.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab7a25946320509a9c12cc59f08ea13f9e885d02.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab7a25946320509a9c12cc59f08ea13f9e885d02.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab87282de0140e137b7d143d6a98a3fe35ce9811.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab87282de0140e137b7d143d6a98a3fe35ce9811.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab8873aa698d8f4c11414588c523e25395e53bc8.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab8873aa698d8f4c11414588c523e25395e53bc8.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab919561ba69c678ca7ab03aa0e60be2536e49cb.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ab919561ba69c678ca7ab03aa0e60be2536e49cb.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\dfe4c6e9dff6f0c1b7617f83587344cf81026348.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\dfefbef984cce15b00aa83056c65829452490a3e.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\dfefbef984cce15b00aa83056c65829452490a3e.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e00b12d3014f55b88589aaf6ad896488cdda56b6.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e00b12d3014f55b88589aaf6ad896488cdda56b6.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e01173409d8b8e50e05033ff15a2d55ac9eba6db.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e01173409d8b8e50e05033ff15a2d55ac9eba6db.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e01cd20e11d56846743d6f2acf9e717d97a50ee6.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\fb13c827725325d229f18b4d3786d024a1f4b13b.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\fb602ebf0a13f9a3fda381d33423e862420800d7.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\bb5cb1d1670cfdd0968f4b63c2b2990b4a1b0aa3.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\bb5cb1d1670cfdd0968f4b63c2b2990b4a1b0aa3.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\bb67f8d8665c30a20387c23fb95b44d7f4a5b203.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\bb67f8d8665c30a20387c23fb95b44d7f4a5b203.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ea8e4a9d913485051edc10adfda869c82d586beb.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\ea8e4a9d913485051edc10adfda869c82d586beb.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\eaa96cdacbad9f2b50759df13a231b9e3d0bc4d0.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\eaa96cdacbad9f2b50759df13a231b9e3d0bc4d0.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\343e349b729d8d6cb07cee2f90450207ab71d876.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\343e349b729d8d6cb07cee2f90450207ab71d876.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\3447d43b151705ff31be96a4a2b0b2223f9217d2.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\3447d43b151705ff31be96a4a2b0b2223f9217d2.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\3449d5bc85ff72d2fd859fafc71013a0ab93327a.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\3449d5bc85ff72d2fd859fafc71013a0ab93327a.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\344d4d2a5d8f926647e5e97105fe29a085cd034a.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\344d4d2a5d8f926647e5e97105fe29a085cd034a.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\1e9f2c37363536c06fca21dceb86da3e5fe8933e.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\1e9f2c37363536c06fca21dceb86da3e5fe8933e.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\2041457d5fe04d39d0ab481178355df6781e6858.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\209ddd1c8c2675e214746c94e938ed2b45cbf102.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\20e80599742e6a8253db7c7d520b42c0fcd1a282.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\21189897d36519e21f911c4773badcbdf4df50f5.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\224c844c99121d5f99d4a75050243985ff468f50.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\236760ab542f91deac410fa2d7bb5dfb91fdbab0.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\53c1d877feb82578452665722a0dca0afcad1416.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\53eb8ef6885161a965aac151317baa3e73e42e8c.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\53eb8ef6885161a965aac151317baa3e73e42e8c.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\53f764cf091e15f427c699f610a1686c96faf7b2.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\53f764cf091e15f427c699f610a1686c96faf7b2.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\5419e01efe0e02722ce94cc114b98126a9b0fde3.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\5419e01efe0e02722ce94cc114b98126a9b0fde3.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4ceaa414481b2c71b09405f57fd8fe5df04fa67b.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4ceaa414481b2c71b09405f57fd8fe5df04fa67b.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4cfb60c673e7578d101c75c5d28f5b1d1511996d.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4cfb60c673e7578d101c75c5d28f5b1d1511996d.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4d11dd8c5797dbdad32c91eeaded6dbfb93c145c.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4d11dd8c5797dbdad32c91eeaded6dbfb93c145c.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\480429c7233f5aa972121ebcacab75542bbb9204.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4821f04ccfbaed57fd085a25c76382b57055a745.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\4821f04ccfbaed57fd085a25c76382b57055a745.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\482f7c1616a933ff101a7a55b2d07338dce291f7.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\482f7c1616a933ff101a7a55b2d07338dce291f7.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\7fcaba84e8c47c0b1da1c3cda55ee97e494d105f.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\7fce4f1fe99bc4fae1c956b7cfeda4d0754bf47d.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\7fce4f1fe99bc4fae1c956b7cfeda4d0754bf47d.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e430e040f3bcb24f0bf130e7cbab770a7e3deb18.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e430e040f3bcb24f0bf130e7cbab770a7e3deb18.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e43349dcf42986a1af873f24edc6bd6f66144440.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e43349dcf42986a1af873f24edc6bd6f66144440.mdinfo" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e443ebf7559e92e1a3c5fc34b2307bd3e2de273a.mddata" is compressed (flags = 1)
Read File: File "c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\e443ebf7559e92e1a3c5fc34b2307bd3e2de273a.mdinfo" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l1.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l1.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l10.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l10.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l11.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l11.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l12.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l12.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l13.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l13.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l14.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l14.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l15.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l15.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l16.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l16.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l17.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l17.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l18.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l18.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l2.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l3.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l3.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l4.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l4.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l5.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l5.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l6.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l6.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l7.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l7.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l8.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l8.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l9.png" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\l9.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\lt0.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\lt1.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\lt2.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\lt3.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\lt4.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\lt5.thl" is compressed (flags = 1)
Read File: File "c:\users\bauers\desktop\m&d 50th anniversary colorado\bauer 50th - bb\std_layout.xml" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by Superdave on Fri Jan 03, 2014 8:45 pm

Makes me a little nervous that I just "shared" the infection with my back up device? (portable hard drive.)
There's a very good chance that your backed up material was not infected.
Have you set IE to not allow popups?


I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by RebelSnipe on Sat Jan 04, 2014 9:46 am

Thanks for the additional steps.  

I do have IE set to block pop ups - this isn't a "normal" pop up.  It appears in the low left corner of the main IE browser screen as an overlay hotlink.  I will attach a screen shot so you can see.  (hmmm.... getting error's attaching screen shot - "Could not upload file : exceeded total storage space. (free space : 21)"  Not sure what that means?  Tried shrinking it down so it is less than 21kb?)

I ran the ESET scanner.  It found / deleted 8 items.  I will post the log file below.

I opened IE after ESET scanner completed and the AdChoices malware is still active.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1308395a75080d44ba3821d379e70d95
# engine=16511
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-04 08:27:22
# local_time=2014-01-04 02:27:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 0 75011226 0 0
# compatibility_mode=5892 16776574 100 95 126418209 225431614 0 0
# scanned=295052
# found=8
# cleaned=8
# scan_time=13514
sh=7E4D0FAA648B316BFD941E043180A1414AE3CEDE ft=1 fh=569956ca6e010e15 vn="Win32/Olmarik.AYY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bauers\AppData\Local\Temp\7676.tmp"
sh=14DA9967FA18D665F268072704E2D2757B1EF137 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bauers\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6653ff81-6cdd1eb2"
sh=3DFD21DFB16EBF13DE6469A6315C12C04BCE2E9E ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bauers\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6123f4a5-626f80d5"
sh=2795A09409D3D2B82DF9DC94E19BB0D6B92B0005 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQL trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bauers\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\bf1d166-5003ada4"
sh=3DFD21DFB16EBF13DE6469A6315C12C04BCE2E9E ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bauers\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\21949445-3897eb8d"
sh=2795A09409D3D2B82DF9DC94E19BB0D6B92B0005 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQL trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bauers\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7fcd3738-6ee2a0ec"
sh=F71786C008CBCEFF6186540A39A70E50A9398DB1 ft=1 fh=4be2ce872061d5be vn="Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\Temp\7963.tmp"
sh=F71786C008CBCEFF6186540A39A70E50A9398DB1 ft=1 fh=4be2ce872061d5be vn="Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\Temp\CB79.tmp"

RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by Superdave on Sat Jan 04, 2014 2:49 pm

I receive those ads but they're mainly on free sites such as proboards. I tried to duplicate the pop-up on the CNN site to no avail. Do you get this pop-up on other sites?

Download Combofix from any of the links below, and save it to your DESKTOP.  
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See [You must be registered and logged in to see this link.]for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by RebelSnipe on Sat Jan 04, 2014 4:19 pm

Thanks for the countiual help - I really appreciate it!!

I see the pop ups on any website (including GeekPolice.net : )

That being said, I haven't seen any pop ups since running ComboFix. I normally would see them the first couple web sites I visited. I've only opened 5-6 windows to check but nothing yet.... Do you see something in the ComboFix log that appears to be the malware? ComboFix did not reboot my computer as part of the scan. After it finished and the log file appeared, I let the computer sit for ~ 10 minutes to ensure nothing else was going to happen and then I manually rebooted it.

Here is the output:

ComboFix 14-01-04.03 - Bauers 01/04/2014 14:22:37.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2942.1026 [GMT -6:00]
Running from: c:\users\Bauers\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\COUPon~1.ocx
.
.
((((((((((((((((((((((((( Files Created from 2013-12-04 to 2014-01-04 )))))))))))))))))))))))))))))))
.
.
2014-01-04 20:36 . 2014-01-04 20:36 -------- dc----w- c:\users\Default\AppData\Local\temp
2014-01-04 04:06 . 2014-01-04 04:06 -------- dc----w- c:\program files\ESET
2014-01-04 00:39 . 2014-01-04 01:08 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 00:39 . 2014-01-04 00:39 104664 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 00:38 . 2014-01-04 00:38 74456 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-03 03:31 . 2014-01-03 03:31 -------- dc----w- c:\programdata\Oracle
2014-01-03 03:29 . 2014-01-03 03:29 -------- dc----w- c:\program files\Common Files\Java
2014-01-03 03:29 . 2014-01-03 03:29 94632 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-03 03:07 . 2014-01-03 03:07 -------- dc----w- c:\windows\ERUNT
2014-01-03 00:18 . 2008-07-08 14:45 4984 -c--a-w- c:\windows\system32\drivers\nvphy.bin
2014-01-03 00:11 . 2014-01-03 00:11 -------- dc----w- c:\windows\Migration
2014-01-02 21:14 . 2014-01-02 21:14 -------- dc----w- c:\programdata\rvlkl
2014-01-02 21:02 . 2014-01-02 21:12 -------- dc----w- C:\AdwCleaner
2013-12-21 19:32 . 2013-12-21 19:32 -------- dc----w- c:\program files\iPod
2013-12-21 19:32 . 2013-12-21 19:33 -------- dc----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-12 14:08 . 2013-10-30 00:35 2050560 -c--a-w- c:\windows\system32\win32k.sys
2013-12-12 14:08 . 2013-10-30 02:12 335360 -c--a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 14:08 . 2013-10-30 01:43 130048 -c--a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 14:08 . 2013-10-30 00:43 167936 -c--a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 14:08 . 2013-10-11 02:08 131072 -c--a-w- c:\windows\system32\wshom.ocx
2013-12-12 14:08 . 2013-10-11 00:35 155648 -c--a-w- c:\windows\system32\wscript.exe
2013-12-12 14:08 . 2013-10-11 02:08 36864 -c--a-w- c:\windows\system32\wshcon.dll
2013-12-12 14:08 . 2013-10-11 02:08 172032 -c--a-w- c:\windows\system32\scrrun.dll
2013-12-12 14:08 . 2013-10-11 00:35 135168 -c--a-w- c:\windows\system32\cscript.exe
2013-12-12 14:08 . 2013-10-22 07:19 158208 -c--a-w- c:\windows\system32\imagehlp.dll
2013-12-07 20:02 . 2013-12-07 20:02 -------- dc----w- c:\users\Bauers\AppData\Roaming\RealNetworks
2013-12-07 19:40 . 2013-12-07 19:40 -------- dc----w- c:\program files\RealNetworks
2013-12-07 19:40 . 2013-12-07 19:40 -------- dc----w- c:\programdata\RealNetworks
2013-12-07 19:40 . 2013-12-07 19:40 -------- dc----w- c:\program files\Common Files\xing shared
2013-12-07 19:40 . 2013-12-07 19:40 153736 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-12-07 19:40 . 2013-12-07 19:40 124504 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 22:45 . 2012-05-03 13:30 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 22:45 . 2011-06-07 03:24 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 22:45 . 2013-08-21 00:45 8699272 -c--a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-07 19:39 . 2008-05-10 04:29 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2013-12-07 19:39 . 2008-05-10 04:17 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2013-11-25 07:48 . 2013-11-25 07:48 208184 -c--a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-30 02:13 . 2008-01-21 02:32 1304064 -c--a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-23 07:05 . 2013-10-23 07:05 22328 -c--a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-10-23 07:05 . 2013-10-23 07:05 39224 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-10-11 02:08 . 2013-11-14 00:30 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-14 00:30 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-03-18 17:53 . 2011-03-30 22:36 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Bauers\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Bauers\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Bauers\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Bauers\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\users\Bauers\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-03-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-12-07 295512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Bauers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bauers\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
FF - ProfilePath - c:\users\Bauers\AppData\Roaming\Mozilla\Firefox\Profiles\05lourv9.default\
FF - ExtSQL: 2013-12-07 13:40; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Bauers\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Bauers\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-EFE23139-BF52-4bfc-BDB2-199FDC1E0C70 - c:\program files\heavenward\lightlogger\lightlogger.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-MCODS
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-RealPlayer 16.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2014-01-04 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Bauers\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-04 14:51:36
ComboFix-quarantined-files.txt 2014-01-04 20:51
.
Pre-Run: 11,738,144,768 bytes free
Post-Run: 11,490,766,848 bytes free
.
- - End Of File - - 79C7C70E6E097CE7F9F88A47969783BA
03BA8F890B47C0BE359A4D5A636D214D

RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by RebelSnipe on Sat Jan 04, 2014 4:25 pm

I appreciate your CONTINUAL help also (sheesh.... fingers hit the correct keys, just wrong order Smile

RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by Superdave on Sat Jan 04, 2014 6:17 pm

Do you see something in the ComboFix log that appears to be the malware?
Well, I do see the one that was removed. Everything else looks ok. Let's give it a few days to see how it's running then we can do some cleanup.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by RebelSnipe on Sat Jan 04, 2014 6:38 pm

Sounds like a plan - THANKS!!

Can I reinstall the Reveal keylogger via CNET or do you think that had something to do with the infection? Would you recommend a different keylogger?

Also, should I run something (ComboFix?) against my portable hard drive to ensure it wasn't infected during the backup?


RebelSnipe
Novice
Novice

Status :
Online
Offline

Posts : 29
Joined : 2013-04-23
OS : Windows 7
Points : 13589
# Likes : 0

View user profile

Back to top Go down

Re: AdChoices popup malware and a couple viruses

Post by Superdave on Sat Jan 04, 2014 6:54 pm

Can I reinstall the Reveal keylogger via CNET or do you think that had something to do with the infection? Would you recommend a different keylogger?
I cannot vouch for that program but the fact the MBAM and AdwCleaner found it is a program that runs in the background undetected quite similar to most infections.Did you problems after you downloaded and installed that program? If not, it's probably safe. There are a couple of programs in [You must be registered and logged in to see this link.] that I know are safe.
Also, should I run something (ComboFix?) against my portable hard drive to ensure it wasn't infected during the backup?
Try scanning it with your Av and also ESET bit I'm not sure if ESET will do it. You should also be able to scan it with MBAM.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-01-31
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83151
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum