Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Agent/GEN-DNSHack


  • This topic is locked This topic is locked
6 replies to this topic

#1 FlowTech

FlowTech

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 04 March 2014 - 03:41 PM

I have tried solutions from www.bleepingcomputer.com/forums/t/285245/rootkitagentgen-dnshack to no avail. I used DeFogger successfully. MBR.exe did not show an issue. Ran ComboFix but rootkit persists.

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Administrator at 14:35:08 on 2014-03-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1976.1381 [GMT -5:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {BDFA3AA8-E77D-44F4-9182-81A70281F5D9}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: BHO_Startup Class: {3134413B-49B4-425C-98A5-893C1F195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Credential Manager for HP ProtectTools: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
mRun: [zCpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\hp webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\hp webcam" updatewithcreateonce "software\cyberlink\hp webcam\1.0"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://192.168.1.2:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://192.168.1.2:4343/officescan/console/ClientInstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://192.168.1.2/connectcomputer/nshelp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253141506609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253141537812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://192.168.1.2:4343/SMB/console/html/root/AtxEnc.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://cp.virtualadmins.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.250 68.105.28.16 68.105.29.16
TCP: Interfaces\{542E90A5-80B4-4095-BFCC-5F6EDCE28925} : DHCPNameServer = 192.168.2.250 68.105.28.16 68.105.29.16
TCP: Interfaces\{742DC278-BA1A-490E-B654-954879F06E1E} : NameServer = 4.2.2.1,4.2.2.2
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: DeviceNP - DeviceNP.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\c9tu64h8.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-10-1 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-10-1 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-10-1 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-3-10 335376]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-2-26 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-2-26 180248]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-2-26 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-2-26 410784]
S1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-10-1 12528]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Bioscrypt [2004-8-4 14336]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Bioscrypt [2004-8-4 14336]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-2-26 67824]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-3 1185016]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-26 50344]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-26 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-26 701512]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-2-27 4915040]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-9-21 57424]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-8-6 32256]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-16 109568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-26 22856]
S4 0076581253554885mcinstcleanup;McAfee Application Installer Cleanup (0076581253554885);c:\docume~1\admini~1\locals~1\temp\007658~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\007658~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-11-27 185896]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-6-30 222512]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-8-6 349432]
S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2009-2-12 45056]
S4 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-10-1 256544]
S4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-6-30 77824]
S4 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-6-30 777240]
S4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;"c:\program files\trend micro\client server security agent\tmpfw.exe" --> c:\program files\trend micro\client server security agent\TmPfw.exe [?]
.
=============== File Associations ===============
.
ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe"
ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe"
.
=============== Created Last 30 ================
.
2014-03-04 19:17:57    89088    ----a-w-    C:\mbr.exe
2014-03-04 18:48:32    --------    d-----w-    C:\ComboFix
2014-03-03 21:07:37    --------    d-sha-r-    C:\cmdcons
2014-03-03 21:06:14    98816    ----a-w-    c:\windows\sed.exe
2014-03-03 21:06:14    256000    ----a-w-    c:\windows\PEV.exe
2014-03-03 21:06:14    208896    ----a-w-    c:\windows\MBR.exe
2014-03-03 21:04:40    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\Mozilla
2014-03-03 21:04:07    --------    d-----w-    c:\documents and settings\administrator\application data\TeamViewer
2014-02-28 20:35:07    --------    d-----w-    c:\documents and settings\administrator\application data\Malwarebytes
2014-02-28 15:59:00    --------    d-----w-    c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2014-02-28 15:49:04    --------    d-----w-    c:\documents and settings\administrator\application data\AVAST Software
2014-02-28 15:09:33    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-02-28 15:09:33    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-02-28 14:43:35    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-02-28 14:34:54    --------    d--h--w-    c:\windows\system32\GroupPolicy
2014-02-28 13:55:57    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-28 13:55:57    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-27 23:03:22    --------    d-----w-    c:\program files\TeamViewer
2014-02-27 22:53:31    --------    d-----w-    c:\program files\CCleaner
2014-02-27 20:29:29    --------    d-----w-    c:\windows\system32\DDCPickup
2014-02-26 18:01:22    775952    ------w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-26 18:01:22    180248    ------w-    c:\windows\system32\drivers\aswVmm.sys
2014-02-26 18:01:21    67824    ------w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-26 18:01:21    49944    ------w-    c:\windows\system32\drivers\aswRvrt.sys
2014-02-26 18:01:16    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-26 18:00:49    --------    d-----w-    c:\program files\AVAST Software
2014-02-26 17:59:01    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2014-02-26 16:22:56    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-02-26 16:22:54    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-26 16:22:54    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-02-26 15:36:41    --------    d-----w-    c:\windows\pss
.
==================== Find3M  ====================
.
2014-02-28 14:43:25    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-02-05 23:26:52    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26:43    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24:05    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-05 11:26:06    1172992    ----a-w-    c:\windows\system32\msxml3.dll
.
============= FINISH: 14:35:14.87 ===============
 

 

I have also attached a log from ComboFix & MBR.exe.

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 04 March 2014 - 03:56 PM

Hi there,

which program is detecting Rootkit.Agent/GEN-DNSHack? SuperAntiSpyware? Can you please post up the complete log that shows what exactly has been found (file + path).
Also please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 FlowTech

FlowTech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 05 March 2014 - 02:36 PM

It was SAS. However, I am no longer able to see the rootkit in the scan results. It would show up when running SAS in safe mode after performing an AVG rescue disc scan which did remove several infected files. It seems though that everytime I run AVG it always finds the same files as infected. I do not have the scan results for that handy but I can run it again and collect that info if need be. My AV (avast) is still disabled when I boot normally.

 

Here are the results from FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 02
Ran by Administrator (administrator) on NFECLAP on 05-03-2014 14:26:30
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Bioscrypt Inc.) c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [zCpqset] - C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [81920 2008-12-11] ()
HKLM\...\Run: [HPCam_Menu] - c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-26] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\ackpbsc: c:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
Winlogon\Notify\DeviceNP: C:\WINDOWS\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\OneCard: c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll => C:\WINDOWS\system32\APSHook.dll [76560 2009-01-27] (Bioscrypt Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: BHO_Startup Class - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://192.168.1.2:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://192.168.1.2:4343/officescan/console/ClientInstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://192.168.1.2/connectcomputer/nshelp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253141506609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253141537812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://192.168.1.2:4343/SMB/console/html/root/AtxEnc.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://cp.virtualadmins.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.250 68.105.28.16 68.105.29.16
Tcpip\..\Interfaces\{742DC278-BA1A-490E-B654-954879F06E1E}: [NameServer]4.2.2.1,4.2.2.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9tu64h8.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-28]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-28]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-26]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S4 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [185896 2007-11-27] (ActivIdentity)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [186640 2009-01-27] (Bioscrypt Inc.)
S2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [149776 2009-01-27] (Bioscrypt Inc.)
S2 ATService; c:\Program Files\Fingerprint Sensor\AtService.exe [1185016 2008-10-03] (AuthenTec, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-26] (AVAST Software)
S4 FLCDLOCK; c:\WINDOWS\system32\flcdlock.exe [349432 2008-08-06] (Hewlett-Packard Ltd)
S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-02-12] (Hewlett-Packard Development Company, L.P)
S4 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2008-10-01] (SafeBoot International)
S4 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-01-14] (Hewlett-Packard)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-28] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-13] (Microsoft Corporation)
S2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-13] (Microsoft Corporation)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
S4 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S4 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2164088 2008-08-06] (RealVNC Ltd.)
S4 0076581253554885mcinstcleanup; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\007658~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S4 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [X]
S4 TmPfw; "C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe" [X]

==================== Drivers (Whitelisted) ====================

S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-26] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-02-26] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-26] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-26] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-26] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-02-26] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DAMDrv; C:\WINDOWS\System32\DRIVERS\DAMDrv.sys [32256 2008-08-06] (Hewlett-Packard Development Company L.P.)
R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-03-04] (Intel Corporation)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S1 RsvLock; C:\WINDOWS\system32\Drivers\RsvLock.sys [12528 2008-10-01] (SafeBoot International)
R0 SafeBoot; C:\WINDOWS\system32\Drivers\SafeBoot.sys [109216 2008-10-01] (SafeBoot International)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SbAlg; C:\WINDOWS\system32\Drivers\SbAlg.sys [51408 2008-10-01] (SafeBoot N.V.)
R0 SbFsLock; C:\WINDOWS\system32\Drivers\SbFsLock.sys [12960 2008-10-01] (SafeBoot International)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
S3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1765168 2009-03-26] ()
S2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [67664 2010-08-20] (Trend Micro Inc.)
R3 tmcfw; C:\WINDOWS\System32\DRIVERS\TM_CFW.sys [335376 2009-03-10] (Trend Micro Inc.)
S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [177232 2010-08-20] (Trend Micro Inc.)
S2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [57424 2010-08-20] (Trend Micro Inc.)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2008-11-23] (Marvell)
R3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 14:23 - 2014-03-05 14:23 - 00023962 _____ () C:\ComboFix.txt
2014-03-05 14:17 - 2014-03-05 14:23 - 00000000 ____D () C:\ComboFix
2014-03-05 14:09 - 2014-03-05 14:09 - 00000000 _____ () C:\Documents and Settings\Administrator\defogger_reenable
2014-03-05 12:16 - 2014-03-05 12:16 - 00000260 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_enable.log
2014-03-04 16:32 - 2014-03-04 16:33 - 00000000 ____D () C:\FRST
2014-03-04 15:39 - 2014-03-04 15:39 - 00000991 _____ () C:\Documents and Settings\Administrator\Desktop\mbr.log
2014-03-04 14:39 - 2014-03-04 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tdsskiller
2014-03-04 14:35 - 2014-03-04 14:35 - 00033722 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-04 14:35 - 2014-03-04 14:35 - 00013332 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-04 14:34 - 2014-03-04 14:34 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-03-04 14:21 - 2014-03-05 14:12 - 00000952 _____ () C:\mbr.log
2014-03-04 14:21 - 2014-03-04 14:21 - 00000047 _____ () C:\Documents and Settings\Administrator\Desktop\dirlook.bat
2014-03-04 14:19 - 2014-03-05 14:09 - 00000488 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_disable.log
2014-03-04 14:17 - 2014-03-04 14:17 - 00089088 _____ () C:\mbr.exe
2014-03-04 14:17 - 2014-03-04 14:17 - 00050477 _____ () C:\Documents and Settings\Administrator\Desktop\Defogger.exe
2014-03-04 10:53 - 2014-03-05 11:40 - 00032090 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-04 10:53 - 2014-03-05 11:40 - 00000275 _____ () C:\WINDOWS\wiadebug.log
2014-03-04 10:53 - 2014-03-05 11:40 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-04 10:53 - 2014-03-04 10:53 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-03 16:13 - 2014-03-05 12:17 - 00026394 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-03 16:12 - 2014-03-04 13:54 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 16:07 - 2014-03-03 16:07 - 00000000 _RSHD () C:\cmdcons
2014-03-03 16:07 - 2014-02-27 21:41 - 00000211 _____ () C:\Boot.bak
2014-03-03 16:07 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-03 16:06 - 2014-03-05 14:23 - 00000000 ____D () C:\Qoobox
2014-03-03 16:06 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-03 16:06 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-03 16:06 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-03 16:06 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-03 16:06 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-03 16:06 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-03 16:06 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-03 16:06 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-03 16:06 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-03 16:05 - 2014-03-05 14:13 - 05187267 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2014-03-03 16:05 - 2014-03-04 13:54 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-03 16:04 - 2014-03-03 16:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-03-03 16:04 - 2014-03-03 16:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TeamViewer
2014-03-03 16:04 - 2014-03-03 16:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-02-28 16:26 - 2014-03-05 13:41 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-28 15:35 - 2014-02-28 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-28 13:09 - 2014-02-28 13:09 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-02-28 10:59 - 2014-02-28 10:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-02-28 10:57 - 2014-02-28 10:58 - 00002528 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-02-28 10:49 - 2014-02-28 10:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-02-28 10:46 - 2014-02-28 10:49 - 00001813 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-02-28 10:09 - 2014-02-28 15:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-28 10:09 - 2014-02-28 10:09 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-28 10:09 - 2014-02-28 10:09 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-02-28 10:09 - 2014-02-28 10:09 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-28 10:09 - 2014-02-28 10:09 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\SUPERAntiSpyware.com
2014-02-28 10:09 - 2014-02-28 10:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-02-28 10:09 - 2014-02-28 10:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-02-28 10:06 - 2014-02-28 10:06 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-28 10:06 - 2014-02-28 10:06 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-02-28 10:06 - 2014-02-28 10:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-28 10:06 - 2014-02-28 10:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-28 10:06 - 2014-02-28 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-02-28 09:57 - 2014-02-28 09:58 - 00002528 _____ () C:\Documents and Settings\lcutt\Desktop\Rkill.txt
2014-02-28 09:57 - 2014-02-28 09:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-02-28 09:51 - 2014-03-05 09:51 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-02-28 09:51 - 2014-02-28 09:51 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-02-28 09:51 - 2014-02-28 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-02-28 09:43 - 2014-02-28 09:43 - 90578216 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\avast_free_antivirus_setup.exe
2014-02-28 09:43 - 2014-02-28 09:43 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-28 09:43 - 2014-02-28 09:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-28 09:43 - 2014-02-28 09:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-28 09:43 - 2014-02-28 09:43 - 00000000 ____D () C:\Documents and Settings\lcutt\Local Settings\Application Data\Sun
2014-02-28 09:43 - 2014-02-28 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-28 09:34 - 2014-02-28 09:34 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-02-28 08:55 - 2014-03-05 11:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-28 08:55 - 2014-03-04 14:34 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-28 08:55 - 2014-03-04 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-27 18:03 - 2014-02-27 18:03 - 00000815 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-02-27 18:03 - 2014-02-27 18:03 - 00000000 ____D () C:\Program Files\TeamViewer
2014-02-27 18:03 - 2014-02-27 18:03 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\TeamViewer
2014-02-27 18:03 - 2014-02-27 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-02-27 17:53 - 2014-02-28 09:06 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-02-27 17:53 - 2014-02-28 09:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-02-27 15:29 - 2014-02-27 15:29 - 00000000 ____D () C:\WINDOWS\system32\DDCPickup
2014-02-27 15:08 - 2010-05-12 03:11 - 00000000 ____D () C:\Documents and Settings\lcutt\Desktop\32bit
2014-02-27 14:50 - 2014-02-27 14:50 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\AVAST Software
2014-02-26 13:01 - 2014-02-26 13:01 - 00775952 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00410784 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00270240 ____N (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-26 13:01 - 2014-02-26 13:01 - 00180248 ____N () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00067824 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00057672 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00054832 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00049944 ____N () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-26 13:00 - 2014-02-26 13:00 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-26 12:59 - 2014-02-26 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-02-26 12:37 - 2014-02-26 12:37 - 00000000 ____D () C:\Documents and Settings\lcutt\log
2014-02-26 11:23 - 2014-02-26 11:23 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\Malwarebytes
2014-02-26 11:22 - 2014-02-26 11:22 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 11:22 - 2014-02-26 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-26 11:22 - 2014-02-26 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-26 11:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-26 10:36 - 2014-02-26 10:40 - 00000000 ____D () C:\WINDOWS\pss

==================== One Month Modified Files and Folders =======

2014-03-05 14:23 - 2014-03-05 14:23 - 00023962 _____ () C:\ComboFix.txt
2014-03-05 14:23 - 2014-03-05 14:17 - 00000000 ____D () C:\ComboFix
2014-03-05 14:23 - 2014-03-03 16:06 - 00000000 ____D () C:\Qoobox
2014-03-05 14:22 - 2004-08-07 00:53 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-05 14:13 - 2014-03-03 16:05 - 05187267 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2014-03-05 14:12 - 2014-03-04 14:21 - 00000952 _____ () C:\mbr.log
2014-03-05 14:09 - 2014-03-05 14:09 - 00000000 _____ () C:\Documents and Settings\Administrator\defogger_reenable
2014-03-05 14:09 - 2014-03-04 14:19 - 00000488 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_disable.log
2014-03-05 14:09 - 2009-06-30 04:53 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-05 13:41 - 2014-02-28 16:26 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-05 13:39 - 2004-08-07 08:19 - 00001158 ____C () C:\WINDOWS\system32\wpa.dbl
2014-03-05 12:17 - 2014-03-03 16:13 - 00026394 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-05 12:17 - 2004-08-07 08:19 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-05 12:16 - 2014-03-05 12:16 - 00000260 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_enable.log
2014-03-05 11:40 - 2014-03-04 10:53 - 00032090 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-05 11:40 - 2014-03-04 10:53 - 00000275 _____ () C:\WINDOWS\wiadebug.log
2014-03-05 11:40 - 2014-03-04 10:53 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-05 11:40 - 2004-08-07 08:19 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-03-05 11:39 - 2009-10-21 08:37 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{8135863C-B916-4E7C-8A2C-611549E8601D}.job
2014-03-05 11:38 - 2014-02-28 08:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-05 11:19 - 2009-06-30 04:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-05 10:45 - 2010-03-12 15:43 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 09:51 - 2014-02-28 09:51 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-05 09:34 - 2010-03-12 15:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 17:08 - 2009-06-30 04:57 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-04 16:33 - 2014-03-04 16:32 - 00000000 ____D () C:\FRST
2014-03-04 15:39 - 2014-03-04 15:39 - 00000991 _____ () C:\Documents and Settings\Administrator\Desktop\mbr.log
2014-03-04 14:39 - 2014-03-04 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tdsskiller
2014-03-04 14:35 - 2014-03-04 14:35 - 00033722 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-04 14:35 - 2014-03-04 14:35 - 00013332 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-04 14:34 - 2014-03-04 14:34 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-03-04 14:34 - 2014-02-28 08:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-04 14:34 - 2014-02-28 08:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-04 14:21 - 2014-03-04 14:21 - 00000047 _____ () C:\Documents and Settings\Administrator\Desktop\dirlook.bat
2014-03-04 14:17 - 2014-03-04 14:17 - 00089088 _____ () C:\mbr.exe
2014-03-04 14:17 - 2014-03-04 14:17 - 00050477 _____ () C:\Documents and Settings\Administrator\Desktop\Defogger.exe
2014-03-04 13:54 - 2014-03-03 16:12 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-04 13:54 - 2014-03-03 16:05 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-04 13:54 - 2004-08-07 08:19 - 43515904 _____ () C:\WINDOWS\system32\config\software.bak
2014-03-04 13:54 - 2004-08-07 08:19 - 05767168 _____ () C:\WINDOWS\system32\config\system.bak
2014-03-04 13:54 - 2004-08-07 08:19 - 00307200 _____ () C:\WINDOWS\system32\config\default.bak
2014-03-04 13:54 - 2004-08-07 08:19 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-03-04 13:54 - 2004-08-07 08:19 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-03-04 10:53 - 2014-03-04 10:53 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:12 - 2014-03-03 16:12 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 16:07 - 2014-03-03 16:07 - 00000000 _RSHD () C:\cmdcons
2014-03-03 16:07 - 2004-08-07 07:57 - 00000327 __RSH () C:\boot.ini
2014-03-03 16:04 - 2014-03-03 16:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-03-03 16:04 - 2014-03-03 16:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TeamViewer
2014-03-03 16:04 - 2014-03-03 16:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-02-28 15:35 - 2014-02-28 15:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-28 15:34 - 2014-02-28 10:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-28 13:32 - 2009-09-21 13:15 - 00000000 ____D () C:\Program Files\Lytec 2009
2014-02-28 13:09 - 2014-02-28 13:09 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-02-28 10:59 - 2014-02-28 10:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-02-28 10:58 - 2014-02-28 10:57 - 00002528 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-02-28 10:49 - 2014-02-28 10:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-02-28 10:49 - 2014-02-28 10:46 - 00001813 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-02-28 10:49 - 2009-10-20 15:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-02-28 10:46 - 2010-06-02 12:27 - 00000178 __SHC () C:\Documents and Settings\lcutt\ntuser.ini
2014-02-28 10:46 - 2010-06-02 12:27 - 00000000 ____D () C:\Documents and Settings\lcutt
2014-02-28 10:09 - 2014-02-28 10:09 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-28 10:09 - 2014-02-28 10:09 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-02-28 10:09 - 2014-02-28 10:09 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-28 10:09 - 2014-02-28 10:09 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\SUPERAntiSpyware.com
2014-02-28 10:09 - 2014-02-28 10:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-02-28 10:09 - 2014-02-28 10:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-02-28 10:09 - 2010-10-22 08:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-28 10:09 - 2009-09-16 12:49 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-28 10:09 - 2009-06-30 05:09 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-02-28 10:08 - 2010-06-17 06:56 - 00000000 ____D () C:\Documents and Settings\lcutt\Local Settings\Application Data\Adobe
2014-02-28 10:08 - 2009-10-21 12:39 - 00000000 ____D () C:\Program Files\Adobe
2014-02-28 10:08 - 2009-10-21 12:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-02-28 10:06 - 2014-02-28 10:06 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-28 10:06 - 2014-02-28 10:06 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-02-28 10:06 - 2014-02-28 10:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-28 10:06 - 2014-02-28 10:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-28 10:06 - 2014-02-28 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-02-28 10:06 - 2010-06-02 13:35 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\Adobe
2014-02-28 10:06 - 2009-10-21 12:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-02-28 10:03 - 2004-08-07 08:03 - 00001507 ____C () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-02-28 09:58 - 2014-02-28 09:57 - 00002528 _____ () C:\Documents and Settings\lcutt\Desktop\Rkill.txt
2014-02-28 09:57 - 2014-02-28 09:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-02-28 09:51 - 2014-02-28 09:51 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-02-28 09:51 - 2014-02-28 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-02-28 09:50 - 2009-06-30 04:53 - 00000000 ____D () C:\WINDOWS\security
2014-02-28 09:46 - 2011-05-12 14:52 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-28 09:46 - 2011-05-12 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-02-28 09:43 - 2014-02-28 09:43 - 90578216 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\avast_free_antivirus_setup.exe
2014-02-28 09:43 - 2014-02-28 09:43 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-28 09:43 - 2014-02-28 09:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-28 09:43 - 2014-02-28 09:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-28 09:43 - 2014-02-28 09:43 - 00000000 ____D () C:\Documents and Settings\lcutt\Local Settings\Application Data\Sun
2014-02-28 09:43 - 2014-02-28 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-28 09:43 - 2011-09-15 10:36 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-28 09:43 - 2011-09-15 10:36 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-28 09:43 - 2011-04-26 11:45 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-02-28 09:43 - 2011-04-26 11:45 - 00000000 ____D () C:\Program Files\Java
2014-02-28 09:34 - 2014-02-28 09:34 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-02-28 09:31 - 2009-06-30 06:05 - 00091000 ____C () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-28 09:06 - 2014-02-27 17:53 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-02-28 09:06 - 2014-02-27 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-28 08:52 - 2004-08-07 08:07 - 00338648 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-27 21:41 - 2014-03-03 16:07 - 00000211 _____ () C:\Boot.bak
2014-02-27 21:41 - 2004-08-07 08:03 - 00000617 _____ () C:\WINDOWS\win.ini
2014-02-27 18:03 - 2014-02-27 18:03 - 00000815 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-02-27 18:03 - 2014-02-27 18:03 - 00000000 ____D () C:\Program Files\TeamViewer
2014-02-27 18:03 - 2014-02-27 18:03 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\TeamViewer
2014-02-27 18:03 - 2014-02-27 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
2014-02-27 17:55 - 2010-09-23 10:30 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-27 17:55 - 2009-06-30 05:56 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-02-27 17:43 - 2009-10-21 08:09 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-27 17:38 - 2009-09-21 13:07 - 00000031 _____ () C:\tmuninst.ini
2014-02-27 15:32 - 2004-08-07 08:14 - 00542396 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-27 15:29 - 2014-02-27 15:29 - 00000000 ____D () C:\WINDOWS\system32\DDCPickup
2014-02-27 15:15 - 2009-10-14 08:52 - 00200756 ____C () C:\WINDOWS\system32\TmInstall.log
2014-02-27 14:50 - 2014-02-27 14:50 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\AVAST Software
2014-02-27 14:28 - 2009-06-30 04:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-26 13:46 - 2013-07-27 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-26 13:42 - 2009-09-16 12:48 - 85946576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-26 13:01 - 2014-02-26 13:01 - 00775952 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00410784 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00270240 ____N (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-26 13:01 - 2014-02-26 13:01 - 00180248 ____N () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00067824 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00057672 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00054832 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00049944 ____N () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-02-26 13:01 - 2014-02-26 13:01 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-26 13:00 - 2014-02-26 13:00 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-26 12:59 - 2014-02-26 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-02-26 12:37 - 2014-02-26 12:37 - 00000000 ____D () C:\Documents and Settings\lcutt\log
2014-02-26 12:12 - 2011-03-23 15:55 - 00000268 ____H () C:\sqmdata08.sqm
2014-02-26 12:12 - 2011-03-23 15:55 - 00000244 ____H () C:\sqmnoopt08.sqm
2014-02-26 11:23 - 2014-02-26 11:23 - 00000000 ____D () C:\Documents and Settings\lcutt\Application Data\Malwarebytes
2014-02-26 11:22 - 2014-02-26 11:22 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 11:22 - 2014-02-26 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-26 11:22 - 2014-02-26 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-26 10:50 - 2009-06-30 05:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PDFC
2014-02-26 10:40 - 2014-02-26 10:36 - 00000000 ____D () C:\WINDOWS\pss
2014-02-26 10:34 - 2009-09-25 09:10 - 00000000 ____D () C:\Program Files\Yahoo!
2014-02-26 10:18 - 2010-06-02 13:34 - 00000000 ____D () C:\Documents and Settings\lcutt\Local Settings\Application Data\Google
2014-02-26 10:18 - 2009-10-20 14:10 - 00000000 ____D () C:\Program Files\Google
2014-02-26 10:18 - 2009-10-20 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-02-25 16:33 - 2011-03-22 02:15 - 00000268 ____H () C:\sqmdata07.sqm
2014-02-25 16:33 - 2011-03-22 02:15 - 00000244 ____H () C:\sqmnoopt07.sqm
2014-02-06 03:54 - 2004-08-04 03:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 03:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 07:13 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2010-06-17 06:29 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2009-09-16 12:49 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2009-09-16 12:49 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2009-09-16 12:49 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2009-09-16 12:49 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2009-09-16 12:49 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2009-09-16 12:49 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2009-07-18 11:05 - 06021120 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2009-06-26 11:50 - 01216000 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2009-06-26 11:50 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00105984 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 03:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 03:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-04 03:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 02
Ran by Administrator at 2014-03-04 16:33:38
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {BDFA3AA8-E77D-44F4-9182-81A70281F5D9}
FW: Trend Micro Personal Firewall (Disabled) {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
ActivClient 6.1 x86 (Version: 6.1.100 - ActivIdentity) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIO_Scan (Version: 100.0.206.000 - Hewlett-Packard) Hidden
AuthenTec Fingerprint System (Version: 8.0.200.33 - AuthenTec, Inc.) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
BIOS Configuration for HP ProtectTools (HKLM\...\{BB662A7E-DFF6-47C9-BBD2-430079EA8E74}) (Version: 4.00 C1 - Hewlett-Packard)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C7200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C7200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Credential Manager for HP ProtectTools (Version: 4.0.14.1259.36 - Hewlett-Packard Company) Hidden
Crystal Reports 10 Support Files (HKLM\...\{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}) (Version: 1.00.0000 -  )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 3.0.0.12 - Hewlett-Packard)
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Drive Encryption for HP ProtectTools (Version: 4.0.14 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.3 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.0.0.570 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{0CCCD5BF-FDDD-4D31-8E3F-CEA3FD196B26}) (Version: 1.10 D1 - Hewlett-Packard)
HP Common Access Service Library (Version: 2.0.6.1 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0003 - HPQ)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP JavaCard for HP ProtectTools (Version: 04.00.10.0006 - Hewlett-Packard) Hidden
HP Mobile Broadband Setup Utility (HKLM\...\{4F2AF17E-94F0-4F22-943D-216CE46AC502}) (Version: 1.000.17.0 - Hewlett-Packard Development Company)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager (Version: 4.00 J6 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.00.10.0006 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 N1 - Hewlett-Packard)
HP QuickLook 2 (HKLM\...\HP QuickLook 2_is1) (Version: 2.0.0.12 - Hewlett-Packard)
HP Software Setup 5.00.A.9 (HKLM\...\{70CEFEBA-F757-4DBE-8A21-027C326137CE}) (Version: 5.00.A.9 - Hewlett-Packard Company)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0136 (HKLM\...\{AC0AA40D-8899-449C-A059-548C8AC5FB6D}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.6 - Hewlett-Packard)
HP Webcam (HKLM\...\InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}) (Version: 1.0.2710 - CyberLink Corp.)
HP Webcam (Version: 1.0.2710 - CyberLink Corp.) Hidden
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50004.1 - Sonix)
HP Wireless Assistant (HKLM\...\{E40CE35C-27F5-4EBF-82F9-13238BCA3572}) (Version: 3.50.5.1 - Hewlett-Packard)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.143 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5-B0.143 - InterVideo Inc.) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KONICA MINOLTA bizhub C353 Series (HKLM\...\KONICA MINOLTA bizhub C353 Series Installer) (Version:  - )
KONICA MINOLTA TWAIN Ver.3 (HKLM\...\{616E8966-0574-4E9E-A9CD-9CB819EBC162}) (Version: 3.00.0001 - KONICA MINOLTA)
LightScribe System Software (HKLM\...\{3BA904CF-8B75-41AF-A5D2-F18A511536CA}) (Version: 1.17.151.0 - LightScribe)
Lytec Professional 2009 (HKLM\...\Lytec Professional 2009) (Version:  - )
Lytec Professional 2010 (HKLM\...\Lytec Professional 2010) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
Network (Version: 110.0.180.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 100.0.170.000 - Hewlett-Packard) Hidden
PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.57 - PDF Complete, Inc.)
PS_AIO_02_ProductContext (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Revenue Management (HKLM\...\{bbde49b1-7c49-4b71-b048-605431a07710}) (Version: 2010.1.2.211 - Mckesson Corp)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7240 - Analog Devices)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VNC Enterprise Edition E4.4.3 (HKLM\...\RealVNC_is1) (Version: E4.4.3 (r14632) - RealVNC Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

01-12-2013 02:06:59 System Checkpoint
02-12-2013 03:06:59 System Checkpoint
03-12-2013 04:06:59 System Checkpoint
04-12-2013 05:06:59 System Checkpoint
05-12-2013 06:06:59 System Checkpoint
06-12-2013 07:06:59 System Checkpoint
07-12-2013 08:06:59 System Checkpoint
08-12-2013 09:06:59 System Checkpoint
09-12-2013 10:06:59 System Checkpoint
10-12-2013 11:06:59 System Checkpoint
11-12-2013 12:06:59 System Checkpoint
12-12-2013 08:00:19 Software Distribution Service 3.0
13-12-2013 14:14:29 System Checkpoint
13-12-2013 21:49:20 Software Distribution Service 3.0
16-12-2013 14:57:44 System Checkpoint
17-12-2013 15:08:05 System Checkpoint
18-12-2013 15:08:20 System Checkpoint
19-12-2013 16:08:04 System Checkpoint
20-12-2013 17:09:09 System Checkpoint
21-12-2013 18:08:04 System Checkpoint
22-12-2013 19:08:04 System Checkpoint
26-12-2013 17:37:43 System Checkpoint
27-12-2013 18:23:58 System Checkpoint
28-12-2013 19:22:53 System Checkpoint
29-12-2013 20:22:53 System Checkpoint
02-01-2014 14:11:15 System Checkpoint
03-01-2014 14:55:13 System Checkpoint
06-01-2014 13:58:05 System Checkpoint
07-01-2014 14:09:05 System Checkpoint
08-01-2014 15:09:04 System Checkpoint
09-01-2014 16:09:05 System Checkpoint
10-01-2014 16:10:10 System Checkpoint
11-01-2014 17:09:05 System Checkpoint
12-01-2014 18:09:05 System Checkpoint
13-01-2014 19:34:39 System Checkpoint
15-01-2014 13:30:21 System Checkpoint
15-01-2014 21:54:49 Software Distribution Service 3.0
16-01-2014 22:18:36 System Checkpoint
17-01-2014 22:31:36 System Checkpoint
18-01-2014 23:18:35 System Checkpoint
20-01-2014 00:18:35 System Checkpoint
21-01-2014 01:18:35 System Checkpoint
22-01-2014 02:18:36 System Checkpoint
23-01-2014 03:18:36 System Checkpoint
24-01-2014 04:18:35 System Checkpoint
27-01-2014 14:32:33 System Checkpoint
29-01-2014 16:52:59 System Checkpoint
30-01-2014 19:48:54 System Checkpoint
31-01-2014 19:51:41 System Checkpoint
01-02-2014 20:46:14 System Checkpoint
02-02-2014 21:46:14 System Checkpoint
04-02-2014 22:15:35 System Checkpoint
05-02-2014 22:46:14 System Checkpoint
06-02-2014 22:57:28 System Checkpoint
07-02-2014 23:46:14 System Checkpoint
09-02-2014 00:46:15 System Checkpoint
10-02-2014 01:46:14 System Checkpoint
11-02-2014 02:46:14 System Checkpoint
12-02-2014 13:39:44 System Checkpoint
26-02-2014 17:07:57 System Checkpoint
26-02-2014 18:00:49 avast! antivirus system restore point
26-02-2014 18:35:10 avast! antivirus system restore point
26-02-2014 18:37:50 Software Distribution Service 3.0
27-02-2014 19:39:10 System Checkpoint
28-02-2014 14:43:21 Installed Java 7 Update 51
28-02-2014 14:44:45 Removed Java™ 6 Update 26
28-02-2014 14:50:46 avast! antivirus system restore point
28-02-2014 15:08:09 Software Distribution Service 3.0
04-03-2014 16:15:45 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 03:00 - 2014-03-04 13:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8135863C-B916-4E7C-8A2C-611549E8601D}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2007-11-27 19:41 - 2007-11-27 19:41 - 00114688 _____ () C:\WINDOWS\system32\aicext.dll
2014-02-26 13:01 - 2014-02-26 13:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupreg: AccelerometerSysTrayApplet => C:\WINDOWS\System32\accelerometerST.exe
MSCONFIG\startupreg: accrdsub => "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CognizanceTS => rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
MSCONFIG\startupreg: File Sanitizer => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HP Mobile Broadband => c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MsmqIntCert => regsvr32 /s mqrt.dll
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: PDF Complete => C:\Program Files\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: PTHOSTTR => c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: SoundMAX => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6700
Description: Officejet 6700
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 01:55:56 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/04/2014 01:37:17 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/04/2014 10:53:41 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (03/04/2014 10:53:39 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/03/2014 02:59:08 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/03/2014 09:31:34 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (03/03/2014 09:31:32 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/03/2014 09:11:48 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (03/03/2014 09:11:45 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (02/28/2014 04:26:04 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (03/04/2014 03:35:33 PM) (Source: DCOM) (User: NFECLAP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/04/2014 03:20:50 PM) (Source: DCOM) (User: NFECLAP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/04/2014 02:21:01 PM) (Source: DCOM) (User: NFECLAP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/04/2014 02:18:09 PM) (Source: DCOM) (User: NFECLAP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/04/2014 02:08:00 PM) (Source: DCOM) (User: NFECLAP)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/04/2014 01:58:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/04/2014 01:57:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSP
aswTdi
aswVmm
Fips
intelppm
RsvLock
SASDIFSV
SASKUTIL

Error: (03/04/2014 01:57:06 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error:
%%1068

Error: (03/04/2014 01:57:06 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error:
%%1068

Error: (03/04/2014 01:55:55 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain NFEC due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (11/14/2013 03:23:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 54164 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (05/13/2013 03:34:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26059 seconds with 1680 seconds of active time.  This session ended with a crash.

Error: (02/13/2013 03:26:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 149322 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (08/30/2012 03:40:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30588 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (08/09/2012 11:03:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 85814 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (07/25/2012 11:50:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8409 seconds with 480 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 1976.19 MB
Available physical RAM: 1403.23 MB
Total Pagefile: 3871.47 MB
Available Pagefile: 3563.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.87 GB) (Free:208.92 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=232 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1 GB) - (Type=0C)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 05 March 2014 - 04:44 PM

Hi,

I don't see any indication for active malware in your log. Are you experiencing any problems or symptoms?
When you run different scanners in parallel or one after another then chances are high that they are (by mistake) detecting components of the other security programs.

#5 FlowTech

FlowTech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 06 March 2014 - 12:27 PM

Yes, my AV is still disabled when booting normally. The Windows Security Center notifications indicate the Trend Micro AV/firewall is off (which I have uninstalled this stuff since it was outdated and there is no longer a valid subscription for it). Avast is installed, it will start up, but tells you it failed to start and when you try to turn it on or click "Resolve All" it does absolutely nothing. SAS is not finding any issues anymore. I'm going to try MBAM now. It doesn't look like my scans are detecting another AV/anti-malware. All the results do not implicate files from any of those programs directories.

 

Edit:

MBAM scan complete here is the log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.06.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: NFECLAP [administrator]

Protection: Disabled

3/6/2014 12:25:51 PM
MBAM-log-2014-03-06 (13-03-12).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 417407
Time elapsed: 36 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by FlowTech, 06 March 2014 - 01:05 PM.


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 PM

Posted 06 March 2014 - 02:20 PM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#7 FlowTech

FlowTech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 06 March 2014 - 03:26 PM

No malware found.

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.06.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
 :: NFECLAP [administrator]

3/6/2014 3:15:13 PM
mbar-log-2014-03-06 (15-15-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 299393
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2072186880, free: 1606238208

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2072186880, free: 1624109056

Downloaded database version: v2014.03.06.09
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     03/06/2014 15:15:02
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
viaide.sys
aliide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
iaStor.sys
SbAlg.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SbFsLock.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sfaudio.sys
SafeBoot.sys
Mup.sys
hpdskflt.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Iviaspi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\TM_CFW.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89b8b6b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff89af5028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89b8b6b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89b8b488, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89a88658, DeviceName: Unknown, DriverName: \Driver\SafeBoot\
DevicePointer: 0xffffffff89b8b6b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89b8ad58, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff89af7538, DeviceName: \Device\000000a5\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89af5028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SafeBoot\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP ProBook 4710s_YN_0U_QCNU9245RLR_E512500002_46_I3074_SHP_VKBC Version 24.0B_B68PZI Ver. F.03_T090403_WXP2_L409_M2043_J160_7Intel_8Pentium III Xeon_92.09_#090630_N11AB436C_()_XMOBILE_CN10_Z_2F.03_G.MRK" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\103C_HP_NTBK_HP ProBook 4710s_YN_0U_QCNU9245RLR_E512500002_46_I3074_SHP_VKBC Version 24.0B_B68PZI Ver. F.03_T090403_WXP2_L409_M2043_J160_7Intel_8Pentium III Xeon_92.09_#090630_N11AB436C_()_XMOBILE_CN10_Z_2F.03_G.MRK" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\Accelerometer.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\Accelerometer.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ADIHdAud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ADIHdAud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aeaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aeaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGRSM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\AGRSM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdrom.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cmbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cmbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\compbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\compbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\DAMDrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\DAMDrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmusic.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmusic.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\drmkaud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dxapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dxgthk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxgthk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fastfat.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fips.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fips.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fs_rec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fs_rec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hpdskflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hpdskflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HpqKbFiltr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HpqKbFiltr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\http.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\http.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\i8042prt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\iaStor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\iaStor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\igxpmp32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\igxpmp32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\imapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\imapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\IntcHdmi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\IntcHdmi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipsec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipsec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irda.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\irda.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\iviaspi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\iviaspi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\kbdclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ks.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mnmdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mnmdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mssmbios.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mstee.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mstee.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nabtsfec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nabtsfec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndisip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndisip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndisuio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndisuio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndiswan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndiswan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netbios.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbios.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netbt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NETw5x32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NETw5x32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\npfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\npfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\null.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\null.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mouclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rasirda.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasirda.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sfaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\psched.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\psched.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ptilink.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ptilink.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rasacd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasacd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rasl2tp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasl2tp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\raspppoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspppoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspptp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\raspti.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspti.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rdbss.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdbss.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rdpcdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpcdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\redbook.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\redbook.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\regi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\regi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rsvlock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rsvlock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SbAlg.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SbAlg.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SbFsLock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SbFsLock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SbHiber.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SbHiber.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\serscan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serscan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smcirda.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smcirda.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sncduvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sncduvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\snp2uvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\snp2uvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\splitter.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\splitter.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\update.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\update.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbhub.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\videoprt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\videoprt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\msfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\msgpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wanarp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wanarp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wdf01000.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wdf01000.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wdfldr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wdfldr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wdmaud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wdmaud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wstcodec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wstcodec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\yk51x86.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\yk51x86.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\audstub.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\audstub.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\beep.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\beep.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ccdecode.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ccdecode.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\streamip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\streamip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\swmidi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\swmidi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SynTP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SynTP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sysaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sysaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tcpip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\termdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\termdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tmactmon.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tmactmon.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tmcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tmcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tmevtmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tmevtmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\TM_CFW.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\TM_CFW.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 95AA95AA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 486271422
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 486287550  Numsec = 2104515

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Read File: File "C:\Documents and Settings\Administrator\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

++++ EDIT +++++

Removed Avast, installed MSE. Ironically, MSE is working just fine, but Avast will not. Maybe some old registry entries from trend micro was blocking it even after the rootkit was elimated. Not sure, but I am running a full scan now with MSE so it looks like I'm on the way to 100% functionality again. I will update once MSE is done.


Edited by FlowTech, 07 March 2014 - 11:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users