Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista Internet Defender 2011 & more... help!


  • This topic is locked This topic is locked

#1
Sybarite07

Sybarite07

    Member

  • Member
  • PipPip
  • 18 posts
Hi -

Right... my problems began with a 'Vista Internet Defender 2011' window popping up.
After running system restore the same thing happened again a few days later and furthermore .exe files wouldn't run.
I found a small file to fix the registery (exefix_vista) and ran system restore again, then ran a full scan with MBAM, which found a few infected files and fixed them.
Since then VID 2011 has not reoccured but...

Sophos was alternating between quarantining 'Troj TDL3 Mem-B' and something else that I'm afraid I can't remember as Sophos itself has now packed up,
all seemingly found in random files (false positives?).

Error messages such as 'recovery management hidden partition checker has stopped working', 'microsoft feeds syncronisation has stopped working', 'host processing services for windows has stopped working'.

At first windows restore points 'damaged or deleted during recovery', now just none available.

Browser windows opening randomly.

Is there any hope?
Any help much appreciated
A


Please find OTL.txt as follows

OTL logfile created on: 08/05/2011 11:36:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.05 Gb Total Space | 25.79 Gb Free Space | 23.43% Space Free | Partition Type: NTFS
Drive D: | 110.07 Gb Total Space | 18.48 Gb Free Space | 16.79% Space Free | Partition Type: NTFS
Drive E: | 626.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALEX_LAPTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/05/05 09:16:39 | 000,054,272 | ---- | M] (Arab Team 4 Reverse Engineering) -- C:\Windows\temp\uqtc\setup.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/12/14 12:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/01 03:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/04/01 02:01:58 | 000,793,096 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/07 11:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/23 18:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2011/05/04 11:22:34 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/05/05 09:16:39 | 000,054,272 | ---- | M] (Arab Team 4 Reverse Engineering) [Auto | Stopped] -- C:\Windows\TEMP\uqtc\setup.exe -- (AMService)
SRV - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/03/12 14:31:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/12/14 12:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/03/18 07:04:42 | 001,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/21 13:47:01 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011/03/21 13:46:40 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/03/21 13:46:32 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/03/03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/08/03 18:01:37 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/18 18:03:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/18 18:03:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/02/03 23:51:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/18 23:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/12 02:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/04/24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..network.proxy.http: " snsproxy.nottingham.ac.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:13:02 | 000,000,000 | ---D | M]

[2009/01/17 14:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/05/05 09:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions
[2010/08/21 09:25:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 13:40:44 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/05/03 14:06:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(169)
[2010/07/25 18:02:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2009/02/16 15:52:29 | 000,000,000 | ---D | M] (EBrary Reader Plugin) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2011/05/02 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 15:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 13:42:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 17:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/19 14:38:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AO4WD6IK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [VirginMediaHUB.exe] C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (Virgin Media)
O4 - HKLM..\Run: [wmupdater] C:\Program Files\updater.exe ()
O4 - HKCU..\Run: [{3485E88F-A70B-40B6-71F1-FEF115D60CCB}] C:\Users\Alex\AppData\Roaming\Yban\peub.exe (hwiyedisqynbofdgxsrj)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xyslpqvr.exe (ic#code)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\psbyfqmb\xyslpqvr.exe) - C:\Program Files\psbyfqmb\xyslpqvr.exe (ic#code)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL ()
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 11:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/08 10:30:33 | 000,196,955 | --S- | C] (ic#code) -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xyslpqvr.exe
[2011/05/07 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Zyynys
[2011/05/07 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Yban
[2011/05/07 11:59:57 | 000,196,955 | ---- | C] (ic#code) -- C:\Windows\System32\verclsidmgr.exe
[2011/05/07 11:59:57 | 000,196,955 | ---- | C] (ic#code) -- C:\Windows\Explorermgr.exe
[2011/05/06 13:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\psbyfqmb
[2011/05/04 08:37:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/03 15:22:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{28FB2A81-FF17-43EC-A199-40B68AA6CDC1}
[2011/05/03 15:18:52 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/03 14:36:10 | 000,000,000 | ---D | C] -- C:\Black Isle
[2011/05/01 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/01 20:13:43 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/05/01 20:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/01 11:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/13 17:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 11:37:48 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
[2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/08 11:25:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/08 11:24:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 11:24:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 11:24:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 11:24:15 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 10:18:47 | 318,360,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/07 14:10:02 | 000,196,955 | ---- | M] (ic#code) -- C:\Windows\Explorermgr.exe
[2011/05/07 14:10:01 | 000,196,955 | ---- | M] (ic#code) -- C:\Windows\System32\verclsidmgr.exe
[2011/05/07 12:43:15 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/05/06 18:30:18 | 000,153,600 | ---- | M] () -- C:\Program Files\updater.exe
[2011/05/06 16:50:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/06 13:33:53 | 000,196,955 | --S- | M] (ic#code) -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xyslpqvr.exe
[2011/05/05 08:53:16 | 000,000,942 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/04 11:22:30 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/05/04 11:20:55 | 000,028,912 | ---- | M] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2011/05/04 09:10:54 | 000,000,632 | ---- | M] () -- C:\Users\Alex\Desktop\exefix_vista.zip
[2011/05/04 08:50:35 | 000,008,788 | -HS- | M] () -- C:\ProgramData\d74p7yjp6gw7ndw575n
[2011/05/04 07:45:36 | 000,000,120 | ---- | M] () -- C:\Users\Alex\AppData\Local\Dgigalu.dat
[2011/05/04 07:45:36 | 000,000,000 | ---- | M] () -- C:\Users\Alex\AppData\Local\Olirihoji.bin
[2011/05/01 11:00:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/04/18 23:18:30 | 000,009,376 | -HS- | M] () -- C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 23:18:29 | 000,009,376 | -HS- | M] () -- C:\Users\Alex\AppData\Local\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/17 11:35:05 | 000,185,856 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 17:12:13 | 000,378,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 12:36:20 | 000,597,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/16 12:36:20 | 000,104,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/15 12:16:33 | 000,011,114 | -HS- | M] () -- C:\Users\Alex\AppData\Local\4089681188
[2011/04/15 12:16:33 | 000,011,114 | -HS- | M] () -- C:\ProgramData\4089681188
[2011/04/13 17:12:03 | 020,586,196 | ---- | M] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 15:46:11 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/04 13:40:13 | 000,153,600 | ---- | C] () -- C:\Program Files\updater.exe
[2011/05/04 09:13:58 | 000,000,632 | ---- | C] () -- C:\Users\Alex\Desktop\exefix_vista.zip
[2011/05/04 08:37:54 | 000,008,788 | -HS- | C] () -- C:\ProgramData\d74p7yjp6gw7ndw575n
[2011/05/03 15:22:56 | 000,000,120 | ---- | C] () -- C:\Users\Alex\AppData\Local\Dgigalu.dat
[2011/05/03 15:22:56 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\Olirihoji.bin
[2011/05/02 14:13:06 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 20:13:41 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/05/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/05/01 11:00:23 | 318,360,527 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/18 23:14:44 | 000,009,376 | -HS- | C] () -- C:\Users\Alex\AppData\Local\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/18 23:14:44 | 000,009,376 | -HS- | C] () -- C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe
[2011/04/15 12:14:33 | 000,011,114 | -HS- | C] () -- C:\Users\Alex\AppData\Local\4089681188
[2011/04/15 12:14:33 | 000,011,114 | -HS- | C] () -- C:\ProgramData\4089681188
[2011/04/13 17:11:57 | 020,586,196 | ---- | C] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe
[2011/01/29 14:30:29 | 000,000,112 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Current.prx
[2010/10/02 15:17:54 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/06 09:06:09 | 000,000,760 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\setup_ldm.iss
[2010/04/04 18:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2009/10/21 21:36:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 21:36:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 14:59:26 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2009/07/10 14:59:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2009/07/10 14:59:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2009/07/10 14:59:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2009/07/10 14:59:12 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2009/07/10 14:59:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2009/07/10 14:59:00 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2009/07/10 14:58:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2009/07/10 14:58:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2009/07/10 14:58:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2009/07/10 14:58:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2009/04/06 13:29:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/06 13:29:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/04 11:40:02 | 000,001,204 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2009/02/20 02:22:58 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2009/02/13 00:07:29 | 000,158,720 | ---- | C] () -- C:\Windows\RefUinst.exe
[2008/12/23 09:33:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll
[2008/12/23 09:33:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/12/14 19:01:29 | 000,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2008/12/14 19:01:28 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2008/12/14 19:01:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2008/12/14 18:42:25 | 000,011,254 | ---- | C] () -- C:\Windows\System32\locate.com
[2008/12/14 17:54:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008/12/14 17:54:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008/12/14 17:54:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/12/14 17:54:14 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2008/12/14 17:27:37 | 000,000,691 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\GetValue.vbs
[2008/12/14 17:27:37 | 000,000,035 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SetValue.bat
[2008/12/10 16:29:41 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/10 02:39:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/02 12:02:19 | 000,013,701 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2008/10/03 10:46:40 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2008/09/19 19:55:39 | 000,141,150 | ---- | C] () -- C:\Windows\hpoins14.dat
[2008/09/09 23:24:16 | 000,185,856 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 23:09:20 | 000,000,477 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 20:30:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/05 11:59:57 | 000,006,353 | ---- | C] () -- C:\Windows\UN070618.INI
[2008/07/24 12:03:01 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 11:22:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 11:19:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 11:19:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 11:19:26 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 11:19:26 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 11:17:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/04/30 10:56:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 09:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 09:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 09:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 09:09:01 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/09/20 02:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,378,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,597,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,538 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== LOP Check ==========

[2008/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer
[2008/04/30 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer GameZone Console
[2009/04/22 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2009/02/04 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2011/05/04 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp
[2008/09/07 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\eSobi
[2009/04/27 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2009/08/01 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\JAM Software
[2009/01/26 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Moyea
[2008/09/17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2008/12/02 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PeerNetworking
[2011/03/12 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Polynomial
[2009/06/13 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2008/12/03 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StreamTorrent
[2009/06/14 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab
[2010/04/04 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2011/05/02 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2010/12/11 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virgin Media
[2011/05/07 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Yban
[2011/05/08 11:32:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Zyynys
[2011/05/08 11:21:59 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 11:37:48 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what this does :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
    SRV - File not found [Unknown | Stopped] -- -- (McShield)
    SRV - [2011/05/05 09:16:39 | 000,054,272 | ---- | M] (Arab Team 4 Reverse Engineering) [Auto | Stopped] -- C:\Windows\TEMP\uqtc\setup.exe -- (AMService)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    [2010/05/01 15:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/09 13:42:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [wmupdater] C:\Program Files\updater.exe ()
    O4 - HKCU..\Run: [{3485E88F-A70B-40B6-71F1-FEF115D60CCB}] C:\Users\Alex\AppData\Roaming\Yban\peub.exe (hwiyedisqynbofdgxsrj)
    O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xyslpqvr.exe (ic#code)
    O20 - HKLM Winlogon: UserInit - (C:\Program Files\psbyfqmb\xyslpqvr.exe) - C:\Program Files\psbyfqmb\xyslpqvr.exe (ic#code)
    [2011/05/08 10:30:33 | 000,196,955 | --S- | C] (ic#code) -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xyslpqvr.exe
    [2011/05/07 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Zyynys
    [2011/05/07 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Yban
    [2011/05/07 11:59:57 | 000,196,955 | ---- | C] (ic#code) -- C:\Windows\System32\verclsidmgr.exe
    [2011/05/07 11:59:57 | 000,196,955 | ---- | C] (ic#code) -- C:\Windows\Explorermgr.exe
    [2011/05/06 13:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\psbyfqmb
    [2011/05/07 14:10:02 | 000,196,955 | ---- | M] (ic#code) -- C:\Windows\Explorermgr.exe
    [2011/05/07 14:10:01 | 000,196,955 | ---- | M] (ic#code) -- C:\Windows\System32\verclsidmgr.exe
    [2011/05/06 18:30:18 | 000,153,600 | ---- | M] () -- C:\Program Files\updater.exe
    [2011/05/06 13:33:53 | 000,196,955 | --S- | M] (ic#code) -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xyslpqvr.exe
    [2011/05/04 08:50:35 | 000,008,788 | -HS- | M] () -- C:\ProgramData\d74p7yjp6gw7ndw575n
    [2011/05/04 07:45:36 | 000,000,120 | ---- | M] () -- C:\Users\Alex\AppData\Local\Dgigalu.dat
    [2011/05/04 07:45:36 | 000,000,000 | ---- | M] () -- C:\Users\Alex\AppData\Local\Olirihoji.bin
    [2011/04/18 23:18:30 | 000,009,376 | -HS- | M] () -- C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe
    [2011/04/18 23:18:29 | 000,009,376 | -HS- | M] () -- C:\Users\Alex\AppData\Local\q45f63b3111o63c2hk0htmd5p3j4poe
    [2011/04/15 12:16:33 | 000,011,114 | -HS- | M] () -- C:\Users\Alex\AppData\Local\4089681188
    [2011/04/15 12:16:33 | 000,011,114 | -HS- | M] () -- C:\ProgramData\4089681188
    [2011/05/04 13:40:13 | 000,153,600 | ---- | C] () -- C:\Program Files\updater.exe
    [2011/05/04 09:13:58 | 000,000,632 | ---- | C] () -- C:\Users\Alex\Desktop\exefix_vista.zip
    [2011/05/04 08:37:54 | 000,008,788 | -HS- | C] () -- C:\ProgramData\d74p7yjp6gw7ndw575n
    [2011/05/03 15:22:56 | 000,000,120 | ---- | C] () -- C:\Users\Alex\AppData\Local\Dgigalu.dat
    [2011/05/03 15:22:56 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\Olirihoji.bin
    [2011/04/18 23:14:44 | 000,009,376 | -HS- | C] () -- C:\Users\Alex\AppData\Local\q45f63b3111o63c2hk0htmd5p3j4poe
    [2011/04/18 23:14:44 | 000,009,376 | -HS- | C] () -- C:\ProgramData\q45f63b3111o63c2hk0htmd5p3j4poe
    [2011/04/15 12:14:33 | 000,011,114 | -HS- | C] () -- C:\Users\Alex\AppData\Local\4089681188
    [2011/04/15 12:14:33 | 000,011,114 | -HS- | C] () -- C:\ProgramData\4089681188
    [2011/05/07 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Yban
    [2011/05/08 11:32:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Zyynys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for the quick response :)

Ok, I ran the script in OTL only for windows to say that OTL had stopped working, to get a message on reboot saying x file couldn't be moved and is scheduled to be moved on reboot.Then on opening OTL windows rebooted again... so not sure if OTL has run correctly or not.

Anyway here's the log:


OTL logfile created on: 08/05/2011 13:43:11 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.05 Gb Total Space | 28.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS
Drive D: | 110.07 Gb Total Space | 18.48 Gb Free Space | 16.79% Space Free | Partition Type: NTFS
Drive E: | 626.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALEX_LAPTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/03/21 13:47:20 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/01 03:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/04/01 02:01:58 | 000,793,096 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/07 11:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/23 18:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2011/05/04 11:22:34 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/03/12 14:31:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/03/18 07:04:42 | 001,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/21 13:47:01 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011/03/21 13:46:40 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/03/21 13:46:32 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/03/03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/08/03 18:01:37 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/18 18:03:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/18 18:03:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/02/03 23:51:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/18 23:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/12 02:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/04/24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:13:02 | 000,000,000 | ---D | M]

[2009/01/17 14:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/05/05 09:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions
[2010/08/21 09:25:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 13:40:44 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/05/03 14:06:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(169)
[2010/07/25 18:02:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2009/02/16 15:52:29 | 000,000,000 | ---D | M] (EBrary Reader Plugin) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2011/05/08 13:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/15 17:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/19 14:38:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AO4WD6IK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/08 13:16:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKCU..\Run: [{3485E88F-A70B-40B6-71F1-FEF115D60CCB}] File not found
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL ()
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 13:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media
[2011/05/08 13:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2011/05/08 13:15:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 11:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/04 08:37:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/03 15:22:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{28FB2A81-FF17-43EC-A199-40B68AA6CDC1}
[2011/05/03 15:18:52 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/03 14:36:10 | 000,000,000 | ---D | C] -- C:\Black Isle
[2011/05/01 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/01 20:13:43 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/05/01 20:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/01 11:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/13 17:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 13:27:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/08 13:27:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 13:27:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 13:27:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 13:27:03 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 13:23:35 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
[2011/05/08 13:16:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/08 10:18:47 | 318,360,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/07 12:43:15 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/05/06 16:50:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/05 08:53:16 | 000,000,942 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/04 11:22:30 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/05/04 11:20:55 | 000,028,912 | ---- | M] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2011/05/01 11:00:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/04/17 11:35:05 | 000,185,856 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 17:12:13 | 000,378,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 12:36:20 | 000,597,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/16 12:36:20 | 000,104,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 17:12:03 | 020,586,196 | ---- | M] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 15:46:11 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/02 14:13:06 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 20:13:41 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/05/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/05/01 11:00:23 | 318,360,527 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/13 17:11:57 | 020,586,196 | ---- | C] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe
[2011/01/29 14:30:29 | 000,000,112 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Current.prx
[2010/10/02 15:17:54 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/06 09:06:09 | 000,000,760 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\setup_ldm.iss
[2010/04/04 18:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2009/10/21 21:36:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 21:36:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 14:59:26 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2009/07/10 14:59:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2009/07/10 14:59:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2009/07/10 14:59:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2009/07/10 14:59:12 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2009/07/10 14:59:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2009/07/10 14:59:00 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2009/07/10 14:58:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2009/07/10 14:58:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2009/07/10 14:58:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2009/07/10 14:58:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2009/04/06 13:29:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/06 13:29:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/04 11:40:02 | 000,001,204 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2009/02/20 02:22:58 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2009/02/13 00:07:29 | 000,158,720 | ---- | C] () -- C:\Windows\RefUinst.exe
[2008/12/23 09:33:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll
[2008/12/23 09:33:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/12/14 19:01:29 | 000,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2008/12/14 19:01:28 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2008/12/14 19:01:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2008/12/14 18:42:25 | 000,011,254 | ---- | C] () -- C:\Windows\System32\locate.com
[2008/12/14 17:54:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008/12/14 17:54:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008/12/14 17:54:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/12/14 17:54:14 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2008/12/14 17:27:37 | 000,000,691 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\GetValue.vbs
[2008/12/14 17:27:37 | 000,000,035 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SetValue.bat
[2008/12/10 16:29:41 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/10 02:39:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/02 12:02:19 | 000,013,701 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2008/10/03 10:46:40 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2008/09/19 19:55:39 | 000,141,150 | ---- | C] () -- C:\Windows\hpoins14.dat
[2008/09/09 23:24:16 | 000,185,856 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 23:09:20 | 000,000,477 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 20:30:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/05 11:59:57 | 000,006,353 | ---- | C] () -- C:\Windows\UN070618.INI
[2008/07/24 12:03:01 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 11:22:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 11:19:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 11:19:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 11:19:26 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 11:19:26 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 11:17:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/04/30 10:56:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 09:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 09:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 09:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 09:09:01 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/09/20 02:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,378,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,597,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,538 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== LOP Check ==========

[2008/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer
[2008/04/30 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer GameZone Console
[2009/04/22 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2009/02/04 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2011/05/04 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp
[2008/09/07 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\eSobi
[2009/04/27 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2009/08/01 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\JAM Software
[2009/01/26 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Moyea
[2008/09/17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2008/12/02 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PeerNetworking
[2011/03/12 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Polynomial
[2009/06/13 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2008/12/03 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StreamTorrent
[2009/06/14 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab
[2010/04/04 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2011/05/02 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2011/05/08 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virgin Media
[2011/05/08 13:25:43 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 13:23:35 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >



Should I continue to the next step?

Thank you
A
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please, OTL took a while as your temporary folders were quite full
  • 0

#5
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Will do




Please find TDSSKiller report as follows:

2011/05/08 14:30:49.0794 5296 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 14:30:50.0001 5296 ================================================================================
2011/05/08 14:30:50.0001 5296 SystemInfo:
2011/05/08 14:30:50.0001 5296
2011/05/08 14:30:50.0001 5296 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/08 14:30:50.0001 5296 Product type: Workstation
2011/05/08 14:30:50.0001 5296 ComputerName: ALEX_LAPTOP
2011/05/08 14:30:50.0002 5296 UserName: Alex
2011/05/08 14:30:50.0002 5296 Windows directory: C:\Windows
2011/05/08 14:30:50.0002 5296 System windows directory: C:\Windows
2011/05/08 14:30:50.0002 5296 Processor architecture: Intel x86
2011/05/08 14:30:50.0002 5296 Number of processors: 2
2011/05/08 14:30:50.0002 5296 Page size: 0x1000
2011/05/08 14:30:50.0002 5296 Boot type: Normal boot
2011/05/08 14:30:50.0002 5296 ================================================================================
2011/05/08 14:30:50.0382 5296 Initialize success
2011/05/08 14:31:20.0020 5680 ================================================================================
2011/05/08 14:31:20.0020 5680 Scan started
2011/05/08 14:31:20.0020 5680 Mode: Manual;
2011/05/08 14:31:20.0020 5680 ================================================================================
2011/05/08 14:31:21.0026 5680 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/08 14:31:21.0438 5680 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/08 14:31:21.0572 5680 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/08 14:31:21.0651 5680 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/08 14:31:21.0691 5680 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/08 14:31:21.0826 5680 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/08 14:31:22.0138 5680 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/08 14:31:22.0273 5680 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/08 14:31:22.0349 5680 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/08 14:31:22.0396 5680 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/08 14:31:22.0512 5680 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/08 14:31:22.0594 5680 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/08 14:31:22.0700 5680 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/08 14:31:22.0741 5680 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/08 14:31:22.0883 5680 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/08 14:31:22.0979 5680 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/08 14:31:23.0117 5680 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/08 14:31:23.0222 5680 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/08 14:31:23.0330 5680 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/05/08 14:31:23.0500 5680 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/08 14:31:23.0574 5680 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/08 14:31:23.0703 5680 bfturboh (94a5e2424bc8b94d02f88dea0702246b) C:\Windows\system32\drivers\bfturboh.sys
2011/05/08 14:31:23.0809 5680 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/08 14:31:23.0909 5680 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/08 14:31:23.0993 5680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/08 14:31:24.0077 5680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/08 14:31:24.0192 5680 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/08 14:31:24.0273 5680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/08 14:31:24.0346 5680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/08 14:31:24.0370 5680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/08 14:31:24.0463 5680 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/08 14:31:24.0616 5680 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/08 14:31:24.0692 5680 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/08 14:31:24.0792 5680 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/08 14:31:24.0864 5680 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/08 14:31:25.0060 5680 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/08 14:31:25.0127 5680 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/08 14:31:25.0213 5680 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/08 14:31:25.0262 5680 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/08 14:31:25.0306 5680 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/08 14:31:25.0434 5680 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/08 14:31:25.0604 5680 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/08 14:31:25.0701 5680 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/08 14:31:25.0826 5680 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/08 14:31:25.0915 5680 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/08 14:31:26.0011 5680 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/08 14:31:26.0110 5680 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/08 14:31:26.0206 5680 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/08 14:31:26.0343 5680 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/08 14:31:26.0514 5680 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/08 14:31:26.0721 5680 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/08 14:31:26.0827 5680 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/08 14:31:27.0068 5680 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/08 14:31:27.0233 5680 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/08 14:31:27.0451 5680 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/08 14:31:27.0621 5680 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/08 14:31:27.0711 5680 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/08 14:31:27.0756 5680 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/08 14:31:27.0845 5680 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/08 14:31:27.0984 5680 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/08 14:31:28.0067 5680 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/08 14:31:28.0188 5680 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/08 14:31:28.0301 5680 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/08 14:31:28.0409 5680 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/08 14:31:28.0484 5680 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/08 14:31:28.0577 5680 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/08 14:31:28.0685 5680 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/08 14:31:28.0813 5680 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/08 14:31:28.0982 5680 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/08 14:31:29.0166 5680 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/05/08 14:31:29.0341 5680 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/08 14:31:29.0481 5680 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/08 14:31:29.0629 5680 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/08 14:31:29.0714 5680 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/08 14:31:29.0838 5680 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/08 14:31:29.0938 5680 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/05/08 14:31:30.0174 5680 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/08 14:31:30.0269 5680 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/08 14:31:30.0383 5680 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/08 14:31:30.0476 5680 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/08 14:31:30.0561 5680 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/08 14:31:30.0791 5680 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/08 14:31:30.0937 5680 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/08 14:31:31.0128 5680 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/08 14:31:31.0373 5680 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/08 14:31:31.0648 5680 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/08 14:31:31.0916 5680 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/08 14:31:32.0309 5680 JMCR (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/05/08 14:31:32.0598 5680 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/08 14:31:32.0805 5680 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/08 14:31:32.0964 5680 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/08 14:31:33.0130 5680 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/08 14:31:33.0281 5680 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/05/08 14:31:33.0359 5680 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/08 14:31:33.0458 5680 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/08 14:31:33.0561 5680 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/08 14:31:33.0654 5680 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/08 14:31:33.0801 5680 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/08 14:31:33.0925 5680 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/08 14:31:34.0056 5680 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/08 14:31:34.0199 5680 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/08 14:31:34.0465 5680 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/08 14:31:34.0599 5680 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/08 14:31:34.0719 5680 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/08 14:31:34.0833 5680 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/08 14:31:35.0044 5680 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/08 14:31:35.0187 5680 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/08 14:31:35.0264 5680 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/08 14:31:35.0314 5680 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/08 14:31:35.0416 5680 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/08 14:31:35.0502 5680 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/08 14:31:35.0828 5680 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/08 14:31:35.0975 5680 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/08 14:31:36.0096 5680 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/05/08 14:31:36.0182 5680 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/08 14:31:36.0297 5680 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/08 14:31:36.0444 5680 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/08 14:31:36.0582 5680 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/08 14:31:36.0703 5680 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/08 14:31:36.0844 5680 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/08 14:31:36.0960 5680 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/08 14:31:37.0054 5680 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/08 14:31:37.0146 5680 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/08 14:31:37.0276 5680 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/08 14:31:37.0428 5680 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/08 14:31:37.0535 5680 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/08 14:31:37.0650 5680 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/08 14:31:37.0772 5680 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/08 14:31:37.0916 5680 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/08 14:31:37.0998 5680 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/08 14:31:38.0091 5680 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/08 14:31:38.0172 5680 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/08 14:31:38.0400 5680 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/08 14:31:38.0609 5680 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/08 14:31:38.0712 5680 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/08 14:31:38.0815 5680 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/08 14:31:38.0954 5680 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/08 14:31:39.0117 5680 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/08 14:31:39.0241 5680 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/08 14:31:39.0355 5680 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/05/08 14:31:39.0484 5680 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/08 14:31:39.0603 5680 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/08 14:31:39.0763 5680 NVHDA (96c27791d5ae5c77e37c61b15112e38d) C:\Windows\system32\drivers\nvhda32v.sys
2011/05/08 14:31:40.0142 5680 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/08 14:31:40.0510 5680 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/08 14:31:40.0645 5680 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/08 14:31:40.0958 5680 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/08 14:31:41.0417 5680 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/08 14:31:41.0567 5680 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/08 14:31:41.0681 5680 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/08 14:31:41.0803 5680 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/08 14:31:41.0946 5680 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/08 14:31:42.0013 5680 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/08 14:31:42.0118 5680 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/08 14:31:42.0283 5680 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/08 14:31:42.0472 5680 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/08 14:31:42.0604 5680 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/08 14:31:42.0777 5680 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/08 14:31:42.0900 5680 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/08 14:31:43.0009 5680 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/05/08 14:31:43.0088 5680 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/05/08 14:31:43.0320 5680 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/08 14:31:43.0460 5680 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/08 14:31:43.0599 5680 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/08 14:31:43.0707 5680 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/08 14:31:43.0830 5680 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/08 14:31:43.0958 5680 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/08 14:31:44.0013 5680 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/08 14:31:44.0065 5680 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/08 14:31:44.0174 5680 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/08 14:31:44.0325 5680 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/08 14:31:44.0463 5680 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/08 14:31:44.0599 5680 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/08 14:31:44.0776 5680 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/08 14:31:44.0939 5680 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
2011/05/08 14:31:45.0031 5680 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
2011/05/08 14:31:45.0127 5680 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
2011/05/08 14:31:45.0249 5680 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/08 14:31:45.0289 5680 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/05/08 14:31:45.0320 5680 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/05/08 14:31:45.0488 5680 SAVOnAccess (ae668d3f43fc90bc17f62e08ff82a446) C:\Windows\system32\DRIVERS\savonaccess.sys
2011/05/08 14:31:45.0660 5680 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/08 14:31:45.0805 5680 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/08 14:31:45.0920 5680 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/08 14:31:45.0979 5680 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\Windows\system32\DRIVERS\sdcfilter.sys
2011/05/08 14:31:46.0092 5680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/08 14:31:46.0216 5680 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/08 14:31:46.0344 5680 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/08 14:31:46.0774 5680 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/08 14:31:46.0935 5680 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/08 14:31:47.0062 5680 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/08 14:31:47.0182 5680 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/08 14:31:47.0306 5680 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/08 14:31:47.0458 5680 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/08 14:31:47.0584 5680 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/08 14:31:47.0717 5680 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/08 14:31:47.0850 5680 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/08 14:31:48.0010 5680 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
2011/05/08 14:31:48.0097 5680 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/08 14:31:48.0219 5680 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/05/08 14:31:48.0219 5680 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/05/08 14:31:48.0225 5680 sptd - detected LockedFile.Multi.Generic (1)
2011/05/08 14:31:48.0341 5680 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/08 14:31:48.0475 5680 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/08 14:31:48.0623 5680 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/08 14:31:48.0763 5680 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/08 14:31:48.0900 5680 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/08 14:31:49.0032 5680 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/08 14:31:49.0161 5680 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/08 14:31:49.0314 5680 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/08 14:31:49.0463 5680 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/08 14:31:49.0624 5680 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/08 14:31:49.0780 5680 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/08 14:31:49.0899 5680 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/08 14:31:49.0967 5680 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/08 14:31:50.0065 5680 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/08 14:31:50.0187 5680 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/08 14:31:50.0278 5680 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/08 14:31:50.0395 5680 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/08 14:31:50.0526 5680 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/08 14:31:50.0641 5680 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/08 14:31:50.0763 5680 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/08 14:31:50.0880 5680 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/08 14:31:51.0009 5680 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/08 14:31:51.0081 5680 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/08 14:31:51.0177 5680 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/08 14:31:51.0322 5680 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/08 14:31:51.0461 5680 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/08 14:31:51.0585 5680 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/08 14:31:51.0735 5680 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/08 14:31:51.0810 5680 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/08 14:31:51.0896 5680 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/08 14:31:52.0039 5680 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/08 14:31:52.0180 5680 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/08 14:31:52.0319 5680 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/08 14:31:52.0437 5680 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/08 14:31:52.0522 5680 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/08 14:31:52.0611 5680 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/08 14:31:52.0730 5680 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/08 14:31:52.0863 5680 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/08 14:31:52.0997 5680 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/08 14:31:53.0118 5680 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/08 14:31:53.0246 5680 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/08 14:31:53.0377 5680 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/08 14:31:53.0507 5680 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/08 14:31:53.0673 5680 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/08 14:31:53.0828 5680 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/08 14:31:53.0933 5680 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/08 14:31:54.0025 5680 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/08 14:31:54.0187 5680 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/08 14:31:54.0304 5680 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 14:31:54.0332 5680 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 14:31:54.0474 5680 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/08 14:31:54.0612 5680 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/08 14:31:54.0787 5680 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/08 14:31:54.0947 5680 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/08 14:31:55.0117 5680 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/08 14:31:55.0265 5680 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/08 14:31:55.0414 5680 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/08 14:31:55.0552 5680 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/08 14:31:55.0658 5680 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/05/08 14:31:55.0707 5680 ================================================================================
2011/05/08 14:31:55.0707 5680 Scan finished
2011/05/08 14:31:55.0707 5680 ================================================================================
2011/05/08 14:31:55.0718 4664 Detected object count: 1
2011/05/08 14:32:04.0442 4664 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you experiencing at the moment ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/application.pac
    O4 - HKCU..\Run: [{3485E88F-A70B-40B6-71F1-FEF115D60CCB}] File not found
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sophos is still quarantining files due to 'w32 ramnit-A' and occasionally 'mal/generic-L' but no longer 'troj TDL3 mem-B'.

On start up I still get 'Recovery management hidden partition checker has stopped working'.

Otherwise things are running more stabily.

Please find most recent OTL & MBAM logs as follows:



OTL logfile created on: 08/05/2011 14:48:38 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.05 Gb Total Space | 28.40 Gb Free Space | 25.80% Space Free | Partition Type: NTFS
Drive D: | 110.07 Gb Total Space | 18.48 Gb Free Space | 16.79% Space Free | Partition Type: NTFS
Drive E: | 626.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALEX_LAPTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/03/21 13:47:20 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/01 03:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/04/01 02:01:58 | 000,793,096 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/07 11:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/23 18:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2011/05/04 11:22:34 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/03/12 14:31:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/03/18 07:04:42 | 001,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/21 13:47:01 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011/03/21 13:46:40 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/03/21 13:46:32 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/03/03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/08/03 18:01:37 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/18 18:03:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/18 18:03:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/02/03 23:51:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/18 23:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/12 02:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/04/24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:13:02 | 000,000,000 | ---D | M]

[2009/01/17 14:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/05/05 09:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions
[2010/08/21 09:25:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 13:40:44 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/05/03 14:06:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(169)
[2010/07/25 18:02:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2009/02/16 15:52:29 | 000,000,000 | ---D | M] (EBrary Reader Plugin) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2011/05/08 13:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/15 17:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/19 14:38:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AO4WD6IK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/08 14:43:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL ()
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\tdsskiller
[2011/05/08 13:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media
[2011/05/08 13:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2011/05/08 13:15:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 11:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/04 08:37:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/03 15:22:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{28FB2A81-FF17-43EC-A199-40B68AA6CDC1}
[2011/05/03 15:18:52 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/03 14:36:10 | 000,000,000 | ---D | C] -- C:\Black Isle
[2011/05/01 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/01 20:13:43 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/05/01 20:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/01 11:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/13 17:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2011/05/08 14:46:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/08 14:45:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 14:45:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 14:45:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 14:45:38 | 3213,799,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 14:43:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/08 14:29:44 | 001,280,815 | ---- | M] () -- C:\Users\Alex\Desktop\tdsskiller.zip
[2011/05/08 13:23:35 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
[2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/08 10:18:47 | 318,360,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/07 12:43:15 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/05/06 16:50:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/05 08:53:16 | 000,000,942 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/04 11:22:30 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/05/04 11:20:55 | 000,028,912 | ---- | M] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2011/05/01 11:00:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/04/17 11:35:05 | 000,185,856 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 17:12:13 | 000,378,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 12:36:20 | 000,597,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/16 12:36:20 | 000,104,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 17:12:03 | 020,586,196 | ---- | M] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe

========== Files Created - No Company Name ==========

[2011/05/08 14:29:43 | 001,280,815 | ---- | C] () -- C:\Users\Alex\Desktop\tdsskiller.zip
[2011/05/07 15:46:11 | 3213,799,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/02 14:13:06 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 20:13:41 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/05/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/05/01 11:00:23 | 318,360,527 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/13 17:11:57 | 020,586,196 | ---- | C] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe
[2011/01/29 14:30:29 | 000,000,112 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Current.prx
[2010/10/02 15:17:54 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/06 09:06:09 | 000,000,760 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\setup_ldm.iss
[2010/04/04 18:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2009/10/21 21:36:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 21:36:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 14:59:26 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2009/07/10 14:59:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2009/07/10 14:59:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2009/07/10 14:59:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2009/07/10 14:59:12 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2009/07/10 14:59:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2009/07/10 14:59:00 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2009/07/10 14:58:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2009/07/10 14:58:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2009/07/10 14:58:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2009/07/10 14:58:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2009/04/06 13:29:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/06 13:29:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/04 11:40:02 | 000,001,204 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2009/02/20 02:22:58 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2009/02/13 00:07:29 | 000,158,720 | ---- | C] () -- C:\Windows\RefUinst.exe
[2008/12/23 09:33:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll
[2008/12/23 09:33:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/12/14 19:01:29 | 000,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2008/12/14 19:01:28 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2008/12/14 19:01:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2008/12/14 18:42:25 | 000,011,254 | ---- | C] () -- C:\Windows\System32\locate.com
[2008/12/14 17:54:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008/12/14 17:54:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008/12/14 17:54:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/12/14 17:54:14 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2008/12/14 17:27:37 | 000,000,691 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\GetValue.vbs
[2008/12/14 17:27:37 | 000,000,035 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SetValue.bat
[2008/12/10 16:29:41 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/10 02:39:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/02 12:02:19 | 000,013,701 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2008/10/03 10:46:40 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2008/09/19 19:55:39 | 000,141,150 | ---- | C] () -- C:\Windows\hpoins14.dat
[2008/09/09 23:24:16 | 000,185,856 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 23:09:20 | 000,000,477 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 20:30:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/05 11:59:57 | 000,006,353 | ---- | C] () -- C:\Windows\UN070618.INI
[2008/07/24 12:03:01 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 11:22:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 11:19:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 11:19:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 11:19:26 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 11:19:26 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 11:17:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/04/30 10:56:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 09:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 09:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 09:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 09:09:01 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/09/20 02:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,378,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,597,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,538 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== LOP Check ==========

[2008/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer
[2008/04/30 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer GameZone Console
[2009/04/22 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2009/02/04 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2011/05/04 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp
[2008/09/07 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\eSobi
[2009/04/27 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2009/08/01 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\JAM Software
[2009/01/26 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Moyea
[2008/09/17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2008/12/02 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PeerNetworking
[2011/03/12 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Polynomial
[2009/06/13 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2008/12/03 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StreamTorrent
[2009/06/14 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab
[2010/04/04 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2011/05/02 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2011/05/08 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virgin Media
[2011/05/08 14:44:23 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 13:23:35 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6531

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

08/05/2011 14:59:45
mbam-log-2011-05-08 (14-59-45).txt

Scan type: Quick scan
Objects scanned: 158810
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

'w32 ramnit-A' Virus: is a detection for a virus that infects Windows executable files and HTML files, and spreads to removable drives. The virus attempts to open a backdoor and wait for instructions.

This is a very bad file infector that cannot be guaranteed to be cured. So first I would recommend that you back up all your important data - pictures - songs etc...

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


Having said that lets attempt it unless you feel safer doing a full reformat and restore... The choice is yours

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Dr Web has changed the download page - either muddle your way through it or give me 10 minutes whilst I rewrite the instructions :)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry about the delay the scan took longer than I thought

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page
Fill in your name and e-mail
Answer the boring questions
Agree to the licence
It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run scan
About halfway through you will be prompted to buy - just X the box closed
Once finished please make a note of the infections found and whether they were able to be cured
  • 0

Advertisements


#11
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Lol oh goody.

My turn to apologise for the delay :)

I ended up running DrWeb a couple of times as it blue screened the first time, think it found a couple of instances which it cured the first time around.

Anyway, found 5 instances of 'trojan.pws.siggen.18562', none of which could be cured.

Latest log follows.

Thanks again
A


=============================================================================
Dr.Web Scanner for Windows v6.00.8 (6.00.8.03140)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-05-08, 16:29:37 [ALEX_LAPTOP][Alex]
Command line: "C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Vista Premium x86 (Build 6002), Service Pack 2
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\055273ba - 2285 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dc62f7c3 - 19661 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b4bddd48 - 24447 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6bc9ae6c - 21471 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\278c7b66 - 17824 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\7eea2207 - 18737 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\69e6f2b9 - 8998 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d49b9912 - 9352 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5fac4937 - 4901 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\eeac7102 - 7472 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\200c3599 - 13720 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fc3755dc - 12944 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\28d6ce16 - 17300 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1d0b9a0b - 17443 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bd7f2548 - 18483 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d725407f - 14834 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\efd1e463 - 14185 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\94454358 - 13370 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ac1ec831 - 7482 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\cfcfde46 - 11624 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\0ed79c9c - 10523 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\95cd3b9b - 10122 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\3994adf2 - 10453 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dcbacfd6 - 10778 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\47cd51cc - 9822 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8b9c8fb3 - 14045 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\aa0001e0 - 7028 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c2e004bf - 8674 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\330f2034 - 8626 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b5b5186c - 8231 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\429691e6 - 10397 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\af7af502 - 11234 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\51e72568 - 10356 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6e1010d1 - 11383 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\0790c3dd - 8957 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4f0e00a1 - 11015 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\70acf6cb - 11168 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d4e18564 - 7798 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\194fccd4 - 7873 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b7797947 - 6904 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\704762f9 - 6503 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8037dbed - 9823 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\39a0be4a - 7572 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\2eda5917 - 6996 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\cb3f91f3 - 16360 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\32acb321 - 29168 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ea6f07c3 - 34202 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fe05f5e5 - 28292 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\10035a01 - 27164 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c154503b - 25131 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e83d1e20 - 31464 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4dffa445 - 18281 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e326b9ea - 18009 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\f6293487 - 24685 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ef8b79aa - 13651 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b61b8fec - 16025 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ef37bf81 - 15644 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8cf9ace1 - 23265 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\02ad985f - 23135 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\86c11f16 - 20510 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d032edc6 - 25475 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\64152df4 - 16298 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c7dffb73 - 19357 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6a76cc3b - 18381 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5b7e3801 - 19562 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dfc95db9 - 27102 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6afa0555 - 21223 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\7be6f698 - 24847 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\0570ccc9 - 23251 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1f8bcb30 - 14982 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4c78c116 - 16778 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\9df88fbf - 18725 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\30b1600a - 18429 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dfcc2bcb - 6220 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\19de27f8 - 142240 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bac2735a - 66726 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\07eee2d0 - 24512 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bbcee9c7 - 82762 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\a9fcf7a9 - 508543 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\05bd714d - 1426 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\f7353aff - 1578 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6f5dddea - 1959 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fb0e5060 - 2033 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\a27694c9 - 1812 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\afc87ace - 1738 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b8e03d65 - 1885 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\797c08a0 - 2091 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ec057342 - 1569 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\23956639 - 1834 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c9aa89bc - 3216 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\2fddc4c0 - 1819 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b835d972 - 2229 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ff4725e9 - 1833 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\78ee5fef - 1614 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\557498c2 - 2297 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\85963977 - 2110 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ea1ebfc6 - 2007 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e67e0f11 - 2370 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5dfd16ac - 2241 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\9cdb4523 - 2596 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ddb0e97b - 2024 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fefb0bca - 1609 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4dbe4ff5 - 1471 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1d947d3b - 1445 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\de9bc391 - 1895 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\82f959fb - 2312 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8020ac21 - 3006 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8939275c - 2146 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\74eec204 - 1714 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\06917d94 - 2095 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4d42380a - 2715 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5386271d - 2545 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1f802ced - 2801 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\df549648 - 6197 virus records
[Virus database] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\70f86876 - 28348 virus records
Total virus records: 2067793
[Self-checking] C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe
Key file: C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11
Process in memory: System:4 - OK
Process in memory: C:\Windows\System32\smss.exe:264 - OK
Process in memory: C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\914704.exe:292 - OK
Process in memory: C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe:296 - OK
Process in memory: C:\Windows\System32\csrss.exe:392 - OK
Process in memory: C:\Windows\System32\csrss.exe:428 - OK
Process in memory: C:\Windows\System32\wininit.exe:436 - OK
Process in memory: C:\Windows\System32\services.exe:472 - OK
Process in memory: C:\Windows\System32\winlogon.exe:496 - OK
Process in memory: C:\Windows\System32\lsass.exe:512 - OK
Process in memory: C:\Windows\System32\lsm.exe:520 - OK
Process in memory: C:\Program Files\Internet Explorer\iexplore.exe:664 - OK
Process in memory: C:\Windows\System32\svchost.exe:676 - OK
Process in memory: C:\Windows\System32\svchost.exe:732 - OK
Process in memory: C:\Windows\System32\svchost.exe:816 - OK
Process in memory: C:\Windows\System32\svchost.exe:900 - OK
Process in memory: C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:916 - OK
Process in memory: C:\Program Files\Internet Explorer\iexplore.exe:924 - OK
Process in memory: C:\Windows\System32\svchost.exe:948 - OK
Process in memory: C:\Program Files\Internet Explorer\iexplore.exe:960 - OK
Process in memory: C:\Program Files\Internet Explorer\iexplore.exe:992 - OK
Process in memory: C:\Windows\explorer.exe:1068 - OK
Process in memory: C:\Users\Alex\Desktop\ut32myyb.exe:1984 - OK
[Memory scanning] No viruses found
Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
OS/2 or WinNT Boot Sector HDD1 - OK

[Scan path] C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Alex.bmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\QMrDA4n6.dll packed by ASPACK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\QMrDA4n6.dll - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\RCfeH14I.dll packed by ASPACK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\RCfeH14I.dll - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF1194.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF1A31.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF255A.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF2560.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF2585.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF258A.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF25A3.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF25A8.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF265E.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF2664.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF2689.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF268F.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF26A8.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF26AD.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF2F39.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF759D.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DF88DB.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFA553.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFA683.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFBF6.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFE24C.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFE253.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFE27A.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFE27F.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFE29A.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\~DFE29F.tmp - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\02ad985f - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\055273ba - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\0570ccc9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\05bd714d - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\06917d94 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\0790c3dd - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\07eee2d0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\0ed79c9c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\10035a01 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\194fccd4 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\19de27f8 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1d0b9a0b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1d947d3b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1f802ced - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\1f8bcb30 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\200c3599 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\23956639 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\278c7b66 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\28d6ce16 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\2eda5917 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\2fddc4c0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\30b1600a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\32acb321 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\330f2034 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\3994adf2 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\39a0be4a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\429691e6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\47cd51cc - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4c78c116 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4d42380a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4dbe4ff5 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4dffa445 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\4f0e00a1 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\51e72568 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5386271d - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\557498c2 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5b7e3801 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5dfd16ac - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\5fac4937 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\64152df4 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\69e6f2b9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6a76cc3b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6afa0555 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6bc9ae6c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6e1010d1 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\6f5dddea - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\704762f9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\70acf6cb - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\70f86876 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\74eec204 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\78ee5fef - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\797c08a0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\7be6f698 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\7eea2207 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8020ac21 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8037dbed - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\82f959fb - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\85963977 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\86c11f16 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8939275c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8b9c8fb3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\8cf9ace1 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\914704.dat - archive ZIP
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\914704.exe - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\94454358 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\95cd3b9b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\9cdb4523 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\9df88fbf - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\a27694c9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\a9fcf7a9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\aa0001e0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ac1ec831 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\af7af502 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\afc87ace - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b4bddd48 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b5b5186c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b61b8fec - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b7797947 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b835d972 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\b8e03d65 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bac2735a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bbcee9c7 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bd7f2548 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\be-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\bg-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c154503b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c2e004bf - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c7dffb73 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\c9aa89bc - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\cb3f91f3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\cfcfde46 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\cn-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\cs-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d032edc6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d49b9912 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d4e18564 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\d725407f - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dc62f7c3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dcbacfd6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ddb0e97b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\de-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\de9bc391 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\df549648 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dfc95db9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\dfcc2bcb - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe - archive BINARYRES
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe/data001 packed by ASPACK
>>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe/data001 - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe/data002 - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe/data003 - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe/data004 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e19d3_xp.exe - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e326b9ea - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e67e0f11 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\e83d1e20 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ea1ebfc6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ea6f07c3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ec057342 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\eeac7102 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ef37bf81 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ef8b79aa - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\efd1e463 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\el-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm - archive CHM
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#IDXHDR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#ITBITS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#IVB - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#STRINGS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#SYSTEM - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#TOPICS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#URLSTR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#URLTBL - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/#WINDOWS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$FIftiMain - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$OBJINST - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$WWAssociativeLinks/BTree - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$WWAssociativeLinks/Data - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$WWAssociativeLinks/Map - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$WWAssociativeLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/$WWKeywordLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/butpause2.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/butstart1.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/butstop3.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/com_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/CSHelp.txt - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/default.css - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/dr_web_cureit_update.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/dw_detectionmethods.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/dw_lastwin.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en-drwebgui-free.hhc - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en-drwebgui_popup_text.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en10.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en13.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en14.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en3.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en4.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en5.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en6.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en7.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en8.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/en9.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/freefirstwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/freelastwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/helpman_topicinit.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_aboutbox.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_curesettings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_dialog_main.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_dialog_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_dialog_scan_path.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_dialog_stat.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_proppage_actions.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_proppage_common.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_proppage_log.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_proppage_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/idd_proppage_types.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/intro.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/legal.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/open.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/sc_path_mask.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/scan_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/scan_settings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/scanning.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm/warning.png - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\en-scan.chm - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\eo-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\es-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\et-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\f6293487 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\f7353aff - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fb0e5060 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fc3755dc - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fe05f5e5 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fefb0bca - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ff4725e9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\fr-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\hu-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\it-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ja-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ko-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\lt-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\lv-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\nl-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\no-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\pl-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\pt-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm - archive CHM
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#IDXHDR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#ITBITS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#IVB - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#STRINGS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#SYSTEM - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#TOPICS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#URLSTR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#URLTBL - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/#WINDOWS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$FIftiMain - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$OBJINST - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$WWAssociativeLinks/BTree - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$WWAssociativeLinks/Data - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$WWAssociativeLinks/Map - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$WWAssociativeLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/$WWKeywordLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/butpause.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/butstart.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/butstop.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/com_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/CSHelp.txt - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/default.css - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/dw_detectionmethods.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/dw_lastwin.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/dw_update.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/freefirstwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/freelastwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/helpman_topicinit.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_aboutbox.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_curesettings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_dialog_main.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_dialog_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_dialog_scan_path.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_dialog_stat.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_proppage_actions.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_proppage_common.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_proppage_log.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_proppage_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/idd_proppage_types.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/intro.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/open.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru-drwebgui-free.hhc - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru-drwebgui_popup_text.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru1.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru11.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru12.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru2.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru3.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru4.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru5.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru6.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru7.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru8.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/ru9.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/sc_path_mask.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/scan_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/scan_settings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/scanning.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/topic.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm/warning.png - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\ru-scan.chm - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\setup.dll - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\setup.key - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\setup_xp.ini - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\sk-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\sr-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\tr-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\uk-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\uz-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\1AE7A6AB-BEFD8A8B-91CF0F92-CBAE9A66\zh-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\02ad985f - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\055273ba - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\0570ccc9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\05bd714d - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\06917d94 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\0790c3dd - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\07eee2d0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\0ed79c9c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\10035a01 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\194fccd4 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\19de27f8 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\1d0b9a0b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\1d947d3b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\1f802ced - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\1f8bcb30 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\200c3599 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\23956639 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\278c7b66 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\28d6ce16 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\2eda5917 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\2fddc4c0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\30b1600a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\32acb321 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\330f2034 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\3994adf2 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\39a0be4a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\429691e6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\47cd51cc - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\4c78c116 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\4d42380a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\4dbe4ff5 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\4dffa445 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\4f0e00a1 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\51e72568 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\5386271d - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\557498c2 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\5b7e3801 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\5dfd16ac - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\5fac4937 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\64152df4 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\69e6f2b9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\6a76cc3b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\6afa0555 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\6bc9ae6c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\6e1010d1 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\6f5dddea - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\704762f9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\70acf6cb - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\70f86876 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\74eec204 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\78ee5fef - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\797c08a0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\7be6f698 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\7eea2207 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\8020ac21 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\8037dbed - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\82f959fb - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\85963977 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\86c11f16 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\8939275c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\8b9c8fb3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\8cf9ace1 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\914704.dat - archive ZIP
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\914704.exe - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\94454358 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\95cd3b9b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\9cdb4523 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\9df88fbf - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\a27694c9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\a9fcf7a9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\aa0001e0 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ac1ec831 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\af7af502 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\afc87ace - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\b4bddd48 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\b5b5186c - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\b61b8fec - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\b7797947 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\b835d972 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\b8e03d65 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\bac2735a - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\bbcee9c7 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\bd7f2548 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\be-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\bg-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\c154503b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\c2e004bf - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\c7dffb73 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\c9aa89bc - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\cb3f91f3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\cfcfde46 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\cn-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\cs-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\d032edc6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\d49b9912 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\d4e18564 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\d725407f - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\dc62f7c3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\dcbacfd6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ddb0e97b - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\de-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\de9bc391 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\df549648 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\dfc95db9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\dfcc2bcb - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe - archive BINARYRES
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe/data001 packed by ASPACK
>>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe/data001 - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe/data002 - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe/data003 - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe/data004 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e19d3_xp.exe - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e326b9ea - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e67e0f11 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\e83d1e20 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ea1ebfc6 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ea6f07c3 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ec057342 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\eeac7102 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ef37bf81 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ef8b79aa - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\efd1e463 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\el-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm - archive CHM
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#IDXHDR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#ITBITS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#IVB - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#STRINGS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#SYSTEM - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#TOPICS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#URLSTR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#URLTBL - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/#WINDOWS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$FIftiMain - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$OBJINST - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$WWAssociativeLinks/BTree - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$WWAssociativeLinks/Data - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$WWAssociativeLinks/Map - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$WWAssociativeLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/$WWKeywordLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/butpause2.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/butstart1.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/butstop3.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/com_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/CSHelp.txt - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/default.css - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/dr_web_cureit_update.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/dw_detectionmethods.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/dw_lastwin.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en-drwebgui-free.hhc - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en-drwebgui_popup_text.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en10.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en13.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en14.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en3.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en4.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en5.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en6.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en7.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en8.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/en9.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/freefirstwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/freelastwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/helpman_topicinit.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_aboutbox.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_curesettings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_dialog_main.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_dialog_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_dialog_scan_path.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_dialog_stat.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_proppage_actions.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_proppage_common.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_proppage_log.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_proppage_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/idd_proppage_types.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/intro.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/legal.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/open.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/sc_path_mask.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/scan_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/scan_settings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/scanning.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm/warning.png - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\en-scan.chm - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\eo-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\es-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\et-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\f6293487 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\f7353aff - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\fb0e5060 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\fc3755dc - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\fe05f5e5 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\fefb0bca - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ff4725e9 - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\fr-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\hu-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\it-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ja-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ko-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\lt-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\lv-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\nl-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\no-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\pl-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\pt-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm - archive CHM
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#IDXHDR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#ITBITS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#IVB - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#STRINGS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#SYSTEM - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#TOPICS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#URLSTR - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#URLTBL - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/#WINDOWS - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$FIftiMain - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$OBJINST - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$WWAssociativeLinks/BTree - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$WWAssociativeLinks/Data - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$WWAssociativeLinks/Map - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$WWAssociativeLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/$WWKeywordLinks/Property - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/butpause.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/butstart.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/butstop.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/com_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/CSHelp.txt - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/default.css - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/dw_detectionmethods.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/dw_lastwin.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/dw_update.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/freefirstwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/freelastwin.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/helpman_topicinit.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_aboutbox.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_curesettings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_dialog_main.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_dialog_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_dialog_scan_path.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_dialog_stat.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_proppage_actions.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_proppage_common.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_proppage_log.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_proppage_scan.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/idd_proppage_types.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/intro.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/open.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru-drwebgui-free.hhc - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru-drwebgui_popup_text.js - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru1.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru11.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru12.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru2.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru3.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru4.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru5.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru6.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru7.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru8.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/ru9.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/sc_path_mask.png - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/scan_params.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/scan_settings.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/scanning.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/topic.htm - OK
>C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm/warning.png - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\ru-scan.chm - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\setup.dll - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\setup.key - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\setup_xp.ini - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\sk-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\sr-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\tr-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\uk-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\uz-scan - OK
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\79EBAF43-41EFF9E0-3534615E-2F7C1A28\zh-scan - OK

[Scan path] C:\Windows\system32\config\systemprofile\Documents
C:\Windows\system32\config\systemprofile\Documents\desktop.ini - OK
C:\Windows\system32\config\systemprofile\Documents\My Music\desktop.ini - OK
C:\Windows\system32\config\systemprofile\Documents\My Music\Sample Music.lnk - OK
C:\Windows\system32\config\systemprofile\Documents\My Music\Playlists\desktop.ini - OK
C:\Windows\system32\config\systemprofile\Documents\My Pictures\desktop.ini - OK
C:\Windows\system32\config\systemprofile\Documents\My Pictures\Sample Pictures.lnk - OK
C:\Windows\system32\config\systemprofile\Documents\My Pictures\Slide Shows\desktop.ini - OK
C:\Windows\system32\config\systemprofile\Documents\My Videos\desktop.ini - OK
C:\Windows\system32\config\systemprofile\Documents\My Videos\Sample Videos.lnk - OK

[Scan path] C:\Windows\temp
C:\Windows\temp\hpqddsvc.log - OK
C:\Windows\temp\Sophos Anti-Virus CustomActions Log_110508_025724.txt - OK
C:\Windows\temp\Sophos Anti-Virus Install Log_110508_025724.txt - OK
C:\Windows\temp\Cookies\index.dat - OK
C:\Windows\temp\History\History.IE5\desktop.ini - OK
C:\Windows\temp\History\History.IE5\index.dat - OK
C:\Windows\temp\sophos_autoupdate1.dir\ALUpdate.exe - OK
C:\Windows\temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\ChannelUpdater.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\CidSync.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\crypto.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\libcurl.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\libeay32.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\MSVCP71.DLL - OK
C:\Windows\temp\sophos_autoupdate1.dir\MSVCR71.DLL - OK
C:\Windows\temp\sophos_autoupdate1.dir\ps.crl - OK
C:\Windows\temp\sophos_autoupdate1.dir\ps_rootca.crt - OK
C:\Windows\temp\sophos_autoupdate1.dir\retailer.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\scf.dat - OK
C:\Windows\temp\sophos_autoupdate1.dir\SharedRes.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\xmlcpp.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\xmlparse.dll - OK
C:\Windows\temp\sophos_autoupdate1.dir\xmltok.dll - OK
C:\Windows\temp\Temporary Internet Files\Content.IE5\desktop.ini - OK
C:\Windows\temp\Temporary Internet Files\Content.IE5\index.dat - OK
C:\Windows\temp\Temporary Internet Files\Content.IE5\2NPVLNV2\desktop.ini - OK
C:\Windows\temp\Temporary Internet Files\Content.IE5\K6YTDLRZ\desktop.ini - OK
C:\Windows\temp\Temporary Internet Files\Content.IE5\U2LGUWTT\desktop.ini - OK
C:\Windows\temp\Temporary Internet Files\Content.IE5\Y3Q5BYR9\desktop.ini - OK

[Scan path] C:\autoexec.bat
C:\autoexec.bat - OK

[Scan path] C:\bootmgr
C:\bootmgr - OK

[Scan path] C:\BOOTSECT.BAK
C:\BOOTSECT.BAK - OK

[Scan path] C:\ComboFix.txt
C:\ComboFix.txt - OK

[Scan path] C:\config.sys
C:\config.sys - OK

[Scan path] C:\Earthworm-Jim-(U)-[!].gs0
C:\Earthworm-Jim-(U)-[!].gs0 - OK

[Scan path] C:\IO.SYS
C:\IO.SYS - OK

[Scan path] C:\mbam-error.txt
C:\mbam-error.txt - OK

[Scan path] C:\Medion.ini
C:\Medion.ini - OK

[Scan path] C:\MGlogs.zip
C:\MGlogs.zip - archive ZIP

[Scan path] C:\MGtools.exe
C:\MGtools.exe - archive BINARYRES
>C:\MGtools.exe/data001 packed by PECRYPT
>>C:\MGtools.exe/data001 - unpack error - archive corrupted
>C:\MGtools.exe/data002 packed by PECRYPT
>>C:\MGtools.exe/data002 - unpack error - archive corrupted
>C:\MGtools.exe/data003 packed by UPX
>>C:\MGtools.exe/data003 - OK
C:\MGtools.exe:Zone.Identifier - OK

[Scan path] C:\MSDOS.SYS
C:\MSDOS.SYS - OK

[Scan path] C:\pagefile.sys
C:\pagefile.sys - read error

[Scan path] C:\Partition.txt
C:\Partition.txt - OK

[Scan path] C:\Patch.rev
C:\Patch.rev - OK

[Scan path] C:\preload.rev
C:\preload.rev - OK

[Scan path] C:\PS.log
C:\PS.log - OK

[Scan path] C:\rapport.txt
C:\rapport.txt - OK

[Scan path] C:\RHDSetup.log
C:\RHDSetup.log - OK

[Scan path] C:\TDSSKiller.2.5.0.0_08.05.2011_14.30.49_log.txt
C:\TDSSKiller.2.5.0.0_08.05.2011_14.30.49_log.txt - OK

[Scan path] C:\updatedatfix.log
C:\updatedatfix.log - OK

[Scan path] c:\acer\mobility center\mobilityservice.exe
c:\acer\mobility center\mobilityservice.exe - OK

[Scan path] c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clhnservice.exe
c:\program files\acer arcade deluxe\homemedia\kernel\dmp\clhnservice.exe - OK

[Scan path] c:\program files\acer arcade deluxe\homemedia\kernel\dmp\ntippkernel.sys
c:\program files\acer arcade deluxe\homemedia\kernel\dmp\ntippkernel.sys - OK

[Scan path] c:\program files\acer arcade deluxe\playmovie\000.fcl
c:\program files\acer arcade deluxe\playmovie\000.fcl packed by FLY-CODE
>c:\program files\acer arcade deluxe\playmovie\000.fcl - OK

[Scan path] c:\program files\acer\acer vcm\rs_service.exe
c:\program files\acer\acer vcm\rs_service.exe - OK

[Scan path] c:\program files\acer\empowering technology\eaudio\eaudio.exe
c:\program files\acer\empowering technology\eaudio\eaudio.exe - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\activetoolband.dll
c:\program files\acer\empowering technology\edatasecurity\x86\activetoolband.dll - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\edsloader.exe
c:\program files\acer\empowering technology\edatasecurity\x86\edsloader.exe - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\edsservice.exe
c:\program files\acer\empowering technology\edatasecurity\x86\edsservice.exe - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\edsshellext.dll
c:\program files\acer\empowering technology\edatasecurity\x86\edsshellext.dll - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\edstoolbar.dll
c:\program files\acer\empowering technology\edatasecurity\x86\edstoolbar.dll - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\psdprotect.dll
c:\program files\acer\empowering technology\edatasecurity\x86\psdprotect.dll - OK

[Scan path] c:\program files\acer\empowering technology\edatasecurity\x86\sysenv.dll
c:\program files\acer\empowering technology\edatasecurity\x86\sysenv.dll - OK

[Scan path] c:\program files\acer\empowering technology\epower\epower_dmc.exe
c:\program files\acer\empowering technology\epower\epower_dmc.exe - OK

[Scan path] c:\program files\acer\empowering technology\service\etservice.exe
c:\program files\acer\empowering technology\service\etservice.exe - OK

[Scan path] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
c:\program files\adobe\reader 8.0\reader\reader_sl.exe - OK

[Scan path] c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll - OK

[Scan path] c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\program files\common files\adobe\arm\1.0\adobearm.exe - OK

[Scan path] c:\program files\common files\intel\wirelesscommon\regsrvc.exe
c:\program files\common files\intel\wirelesscommon\regsrvc.exe - OK

[Scan path] c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\common files\lightscribe\lssrvc.exe - OK

[Scan path] c:\program files\common files\logitech\bluetooth\lbtserv.exe
c:\program files\common files\logitech\bluetooth\lbtserv.exe - OK

[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
c:\program files\common files\microsoft shared\help\hxds.dll - OK

[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
c:\program files\common files\microsoft shared\information retrieval\msitss.dll - OK

[Scan path] c:\program files\common files\microsoft shared\ink\tipband.dll
c:\program files\common files\microsoft shared\ink\tipband.dll - OK

[Scan path] c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll - OK

[Scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
c:\program files\common files\microsoft shared\office11\msoxmlmf.dll - OK

[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
c:\program files\common files\microsoft shared\office12\msoshext.dll - OK

[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
c:\program files\common files\microsoft shared\office12\odserv.exe - OK

[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
c:\program files\common files\microsoft shared\source engine\ose.exe - OK

[Scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll
c:\program files\common files\microsoft shared\web components\11\owc11.dll - OK

[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
c:\program files\common files\microsoft shared\web folders\msonsext.dll - OK

[Scan path] c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll - OK

[Scan path] c:\program files\common files\sage sdata\sage.sdata.service.exe
c:\program files\common files\sage sdata\sage.sdata.service.exe - OK

[Scan path] c:\program files\common files\steam\steamservice.exe
c:\program files\common files\steam\steamservice.exe - OK

[Scan path] c:\program files\common files\system\ole db\oledb32.dll
c:\program files\common files\system\ole db\oledb32.dll - OK

[Scan path] c:\program files\common files\system\wab32.dll
c:\program files\common files\system\wab32.dll - OK

[Scan path] c:\program files\creative\creative zen\zen media explorer\ctconfig.dll
c:\program files\creative\creative zen\zen media explorer\ctconfig.dll - OK

[Scan path] c:\program files\creative\creative zen\zen media explorer\ctintrfu.dll
c:\program files\creative\creative zen\zen media explorer\ctintrfu.dll packed by FLY-CODE
>c:\program files\creative\creative zen\zen media explorer\ctintrfu.dll - archive BINARYRES
>>c:\program files\creative\creative zen\zen media explorer\ctintrfu.dll/data001 infected with Trojan.PWS.Siggen.18562
>c:\program files\creative\creative zen\zen media explorer\ctintrfu.dll - archive contains infected objects

[Scan path] c:\program files\creative\creative zen\zen media explorer\mfinfou.dll
c:\program files\creative\creative zen\zen media explorer\mfinfou.dll packed by FLY-CODE
>c:\program files\creative\creative zen\zen media explorer\mfinfou.dll - archive BINARYRES
>>c:\program files\creative\creative zen\zen media explorer\mfinfou.dll/data001 infected with Trojan.PWS.Siggen.18562
>c:\program files\creative\creative zen\zen media explorer\mfinfou.dll - archive contains infected objects

[Scan path] c:\program files\creative\creative zen\zen media explorer\modehlp.dll
c:\program files\creative\creative zen\zen media explorer\modehlp.dll packed by FLY-CODE
>c:\program files\creative\creative zen\zen media explorer\modehlp.dll - archive BINARYRES
>>c:\program files\creative\creative zen\zen media explorer\modehlp.dll/data001 infected with Trojan.PWS.Siggen.18562
>c:\program files\creative\creative zen\zen media explorer\modehlp.dll - archive contains infected objects

[Scan path] c:\program files\creative\creative zen\zen media explorer\shctwpd.dll
c:\program files\creative\creative zen\zen media explorer\shctwpd.dll - OK

[Scan path] c:\program files\creative\shared files\ctwpdctx.dll
c:\program files\creative\shared files\ctwpdctx.dll packed by FLY-CODE
>c:\program files\creative\shared files\ctwpdctx.dll - archive BINARYRES
>>c:\program files\creative\shared files\ctwpdctx.dll/data001 infected with Trojan.PWS.Siggen.18562
>c:\program files\creative\shared files\ctwpdctx.dll - archive contains infected objects

[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\google\common\google updater\googleupdaterservice.exe - OK

[Scan path] c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe - OK

[Scan path] c:\program files\hotspot shield\bin\hsswd.exe
c:\program files\hotspot shield\bin\hsswd.exe - OK

[Scan path] c:\program files\hotspot shield\bin\openvpnas.exe
c:\program files\hotspot shield\bin\openvpnas.exe - archive BINARYRES
>c:\program files\hotspot shield\bin\openvpnas.exe/data001 - OK
c:\program files\hotspot shield\bin\openvpnas.exe - OK

[Scan path] c:\program files\hotspot shield\hssie\hssie.dll
c:\program files\hotspot shield\hssie\hssie.dll - OK

[Scan path] c:\program files\hotspot shield\hsswpr\hsssrv.exe
c:\program files\hotspot shield\hsswpr\hsssrv.exe - OK

[Scan path] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
c:\program files\hp\digital imaging\bin\hpqcxs08.dll - OK

[Scan path] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
c:\program files\hp\digital imaging\bin\hpqddsvc.dll - OK

[Scan path] c:\program files\intel\wifi\bin\evteng.exe
c:\program files\intel\wifi\bin\evteng.exe - OK

[Scan path] c:\program files\internet explorer\ieproxy.dll
c:\program files\internet explorer\ieproxy.dll - OK

[Scan path] c:\program files\internet explorer\ieshims.dll
c:\program files\internet explorer\ieshims.dll - OK

[Scan path] c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe - OK

[Scan path] c:\program files\java\jre6\bin\jp2iexp.dll
c:\program files\java\jre6\bin\jp2iexp.dll - OK

[Scan path] c:\program files\java\jre6\bin\jp2ssv.dll
c:\program files\java\jre6\bin\jp2ssv.dll - OK

[Scan path] c:\program files\java\jre6\bin\npjpi160_22.dll
c:\program files\java\jre6\bin\npjpi160_22.dll - OK

[Scan path] c:\program files\launch manager\lmanager.exe
c:\program files\launch manager\lmanager.exe - OK

[Scan path] c:\program files\logitech\setpoint\kbcplext.dll
c:\program files\logitech\setpoint\kbcplext.dll - OK

[Scan path] c:\program files\logitech\setpoint\mcplext.dll
c:\program files\logitech\setpoint\mcplext.dll - OK

[Scan path] c:\program files\logitech\setpoint\setpoint.exe
c:\program files\logitech\setpoint\setpoint.exe - OK

[Scan path] c:\program files\malwarebytes' anti-malware\mbamext.dll
c:\program files\malwarebytes' anti-malware\mbamext.dll - OK

[Scan path] c:\program files\microsoft office\office11\mlshext.dll
c:\program files\microsoft office\office11\mlshext.dll - OK

[Scan path] c:\program files\microsoft office\office11\msohev.dll
c:\program files\microsoft office\office11\msohev.dll - OK

[Scan path] c:\program files\microsoft office\office11\olkfstub.dll
c:\program files\microsoft office\office11\olkfstub.dll - OK

[Scan path] c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe
c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe - OK

[Scan path] c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe
c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe - OK

[Scan path] c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe
c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe - OK

[Scan path] c:\program files\nvidia corporation\display\nvui.dll
c:\program files\nvidia corporation\display\nvui.dll packed by ZLIB
>c:\program files\nvidia corporation\display\nvui.dll - archive BINARYRES
>>c:\program files\nvidia corporation\display\nvui.dll/data001 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data002 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data003 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data004 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data005 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data006 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data007 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data008 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data009 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data010 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data011 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data012 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data013 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data014 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data015 - OK
>>c:\program files\nvidia corporation\display\nvui.dll/data016 - OK
>c:\program files\nvidia corporation\display\nvui.dll - OK

[Scan path] c:\program files\poweriso\pwrisosh.dll
c:\program files\poweriso\pwrisosh.dll - OK

[Scan path] c:\program files\sophos\autoupdate\almon.exe
c:\program files\sophos\autoupdate\almon.exe - OK

[Scan path] c:\program files\sophos\autoupdate\alsvc.exe
c:\program files\sophos\autoupdate\alsvc.exe - OK

[Scan path] c:\program files\sophos\sophos anti-virus\savadminservice.exe
c:\program files\sophos\sophos anti-virus\savadminservice.exe - OK

[Scan path] c:\program files\sophos\sophos anti-virus\savservice.exe
c:\program files\sophos\sophos anti-virus\savservice.exe - OK

[Scan path] c:\program files\sophos\sophos anti-virus\savshellext.dll
c:\program files\sophos\sophos anti-virus\savshellext.dll - OK

[Scan path] c:\program files\sophos\sophos anti-virus\sophos_detoured.dll
c:\program files\sophos\sophos anti-virus\sophos_detoured.dll - OK

[Scan path] c:\program files\sophos\sophos anti-virus\sophosbho.dll
c:\program files\sophos\sophos anti-virus\sophosbho.dll - OK

[Scan path] c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe
c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe - OK

[Scan path] c:\program files\spybot - search & destroy\sdhelper.dll
c:\program files\spybot - search & destroy\sdhelper.dll - OK

[Scan path] c:\program files\spybot - search & destroy\sdwinsec.exe
c:\program files\spybot - search & destroy\sdwinsec.exe - OK

[Scan path] c:\program files\superantispyware\sasctxmn.dll
c:\program files\superantispyware\sasctxmn.dll packed by FLY-CODE
>c:\program files\superantispyware\sasctxmn.dll - archive BINARYRES
>>c:\program files\superantispyware\sasctxmn.dll/data001 infected with Trojan.PWS.Siggen.18562
>c:\program files\superantispyware\sasctxmn.dll - archive contains infected objects

[Scan path] c:\program files\superantispyware\sasdifsv.sys
c:\program files\superantispyware\sasdifsv.sys - OK

[Scan path] c:\program files\superantispyware\sasenum.sys
c:\program files\superantispyware\sasenum.sys - OK

[Scan path] c:\program files\superantispyware\saskutil.sys
c:\program files\superantispyware\saskutil.sys - OK

[Scan path] c:\program files\superantispyware\saswinlo.dll
c:\program files\superantispyware\saswinlo.dll - OK

[Scan path] c:\program files\synaptics\syntp\syntpcpl.dll
c:\program files\synaptics\syntp\syntpcpl.dll - OK

[Scan path] c:\program files\synaptics\syntp\syntpenh.exe
c:\program files\synaptics\syntp\syntpenh.exe - OK

[Scan path] c:\program files\tvuplayer\nptvuax.dll
c:\program files\tvuplayer\nptvuax.dll packed by ZLIB
>c:\program files\tvuplayer\nptvuax.dll - archive BINARYRES
>>c:\program files\tvuplayer\nptvuax.dll/data001 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data002 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data003 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data004 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data005 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data006 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data007 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data008 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data009 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data010 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data011 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data012 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data013 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data014 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data015 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data016 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data017 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data018 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data019 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data020 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data021 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data022 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data023 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data024 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data025 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data026 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data027 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data028 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data029 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data030 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data031 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data032 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data033 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data034 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data035 - OK
>>c:\program files\tvuplayer\nptvuax.dll/data036 - OK
>c:\program files\tvuplayer\nptvuax.dll - OK

[Scan path] c:\program files\virgin media\service manager\bsutil.dll
c:\program files\virgin media\service manager\bsutil.dll - OK

[Scan path] c:\program files\virgin media\service manager\servicemanager.exe
c:\program files\virgin media\service manager\servicemanager.exe - OK

[Scan path] c:\program files\virgin media\service manager\servicepointservice.exe
c:\program files\virgin media\service manager\servicepointservice.exe - OK

[Scan path] c:\program files\windows defender\mpoav.dll
c:\program files\windows defender\mpoav.dll - OK

[Scan path] c:\program files\windows defender\mpsvc.dll
c:\program files\windows defender\mpsvc.dll - OK

[Scan path] c:\program files\windows live\mail\mailcomm.dll
c:\program files\windows live\mail\mailcomm.dll - OK

[Scan path] c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll
c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll - OK

[Scan path] c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\messenger\msnmsgr.exe - OK

[Scan path] c:\program files\windows mail\wabfind.dll
c:\program files\windows mail\wabfind.dll packed by PESTUB
>c:\program files\windows mail\wabfind.dll - OK

[Scan path] c:\program files\windows mail\winmail.exe
c:\program files\windows mail\winmail.exe - OK

[Scan path] c:\program files\windows media player\wmpband.dll
c:\program files\windows media player\wmpband.dll - OK

[Scan path] c:\program files\windows media player\wmpnetwk.exe
c:\program files\windows media player\wmpnetwk.exe packed by ZLIB
>c:\program files\windows media player\wmpnetwk.exe - archive BINARYRES
>>c:\program files\windows media player\wmpnetwk.exe/data001 - OK
>>c:\program files\windows media player\wmpnetwk.exe/data002 - OK
>>c:\program files\windows media player\wmpnetwk.exe/data003 - OK
>>c:\program files\windows media player\wmpnetwk.exe/data004 - OK
>c:\program files\windows media player\wmpnetwk.exe - OK

[Scan path] c:\program files\windows photo gallery\photoacq.dll
c:\program files\windows photo gallery\photoacq.dll - OK

[Scan path] c:\program files\windows photo gallery\photoviewer.dll
c:\program files\windows photo gallery\photoviewer.dll packed by ZLIB
>c:\program files\windows photo gallery\photoviewer.dll - archive BINARYRES
>>c:\program files\windows photo gallery\photoviewer.dll/data001 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data002 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data003 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data004 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data005 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data006 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data007 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data008 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data009 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data010 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data011 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data012 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data013 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data014 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data015 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data016 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data017 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data018 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data019 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data020 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data021 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data022 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data023 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data024 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data025 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data026 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data027 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data028 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data029 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data030 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data031 - OK
>>c:\program files\windows photo gallery\photoviewer.dll/data032 - OK
>c:\program files\windows photo gallery\photoviewer.dll - OK

[Scan path] c:\program files\windows sidebar\sbdrop.dll
c:\program files\windows sidebar\sbdrop.dll - OK

[Scan path] c:\program files\windows sidebar\sidebar.exe
c:\program files\windows sidebar\sidebar.exe - OK

[Scan path] c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini
c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini - OK

[Scan path] c:\users\alex\desktop\ut32myyb.exe
c:\users\alex\desktop\ut32myyb.exe - OK
c:\users\alex\desktop\ut32myyb.exe:Zone.Identifier - OK

[Scan path] c:\windows\downloaded program files\ebraryrdr.ocx
c:\windows\downloaded program files\ebraryrdr.ocx - archive BINARYRES
>c:\windows\downloaded program files\ebraryrdr.ocx/data001 - OK
c:\windows\downloaded program files\ebraryrdr.ocx - OK

[Scan path] c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehrecvr.exe - OK

[Scan path] c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehsched.exe - OK

[Scan path] c:\windows\ehome\ehsso.dll
c:\windows\ehome\ehsso.dll - OK

[Scan path] c:\windows\ehome\ehstart.dll
c:\windows\ehome\ehstart.dll - OK

[Scan path] c:\windows\explorer.exe
c:\windows\explorer.exe - OK

[Scan path] c:\windows\khalmnpr.exe
c:\windows\khalmnpr.exe - OK

[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe - OK

[Scan path] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe - OK

[Scan path] c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe - OK

[Scan path] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe - OK

[Scan path] c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe - OK

[Scan path] c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe - OK

[Scan path] c:\windows\msagent\agentpsh.dll
c:\windows\msagent\agentpsh.dll - OK

[Scan path] c:\windows\plfseti.exe
c:\windows\plfseti.exe - OK

[Scan path] c:\windows\servicing\trustedinstaller.exe
c:\windows\servicing\trustedinstaller.exe - OK

[Scan path] c:\windows\system32\acer.scr
c:\windows\system32\acer.scr - OK

[Scan path] c:\windows\system32\acppage.dll
c:\windows\system32\acppage.dll - OK

[Scan path] c:\windows\system32\actxprxy.dll
c:\windows\system32\actxprxy.dll - OK

[Scan path] c:\windows\system32\advapi32.dll
c:\windows\system32\advapi32.dll - OK

[Scan path] c:\windows\system32\aelupsvc.dll
c:\windows\system32\aelupsvc.dll - OK

[Scan path] c:\windows\system32\agrsmsvc.exe
c:\windows\system32\agrsmsvc.exe - OK

[Scan path] c:\windows\system32\alg.exe
c:\windows\system32\alg.exe - OK

[Scan path] c:\windows\system32\alttab.dll
c:\windows\system32\alttab.dll - OK

[Scan path] c:\windows\system32\apphelp.dll
c:\windows\system32\apphelp.dll - OK

[Scan path] c:\windows\system32\appinfo.dll
c:\windows\system32\appinfo.dll - OK

[Scan path] c:\windows\system32\appwiz.cpl
c:\windows\system32\appwiz.cpl - OK

[Scan path] c:\windows\system32\atl.dll
c:\windows\system32\atl.dll - OK

[Scan path] c:\windows\system32\audiodev.dll
c:\windows\system32\audiodev.dll - OK

[Scan path] c:\windows\system32\audiosrv.dll
c:\windows\system32\audiosrv.dll - OK

[Scan path] c:\windows\system32\authui.dll
c:\windows\system32\authui.dll - OK

[Scan path] c:\windows\system32\authz.dll
c:\windows\system32\authz.dll - OK

[Scan path] c:\windows\system32\autochk.exe
c:\windows\system32\autochk.exe - OK

[Scan path] c:\windows\system32\avrt.dll
c:\windows\system32\avrt.dll - OK

[Scan path] c:\windows\system32\basesrv.dll
c:\windows\system32\basesrv.dll - OK

[Scan path] c:\windows\system32\batmeter.dll
c:\windows\system32\batmeter.dll - OK

[Scan path] c:\windows\system32\bcrypt.dll
c:\windows\system32\bcrypt.dll - OK

[Scan path] c:\windows\system32\bfe.dll
c:\windows\system32\bfe.dll - OK

[Scan path] c:\windows\system32\browser.dll
c:\windows\system32\browser.dll - OK

[Scan path] c:\windows\system32\browseui.dll
c:\windows\system32\browseui.dll - OK

[Scan path] c:\windows\system32\bthprops.cpl
c:\windows\system32\bthprops.cpl - OK

[Scan path] c:\windows\system32\cabinet.dll
c:\windows\system32\cabinet.dll - OK

[Scan path] c:\windows\system32\cabview.dll
c:\windows\system32\cabview.dll - OK

[Scan path] c:\windows\system32\certprop.dll
c:\windows\system32\certprop.dll - OK

[Scan path] c:\windows\system32\clbcatq.dll
c:\windows\system32\clbcatq.dll - OK

[Scan path] c:\windows\system32\clfs.sys
c:\windows\system32\clfs.sys - OK

[Scan path] c:\windows\system32\cngaudit.dll
c:\windows\system32\cngaudit.dll - OK

[Scan path] c:\windows\system32\colorui.dll
c:\windows\system32\colorui.dll - OK

[Scan path] c:\windows\system32\comdlg32.dll
c:\windows\system32\comdlg32.dll - OK

[Scan path] c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\914704.exe
c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\914704.exe - OK

[Scan path] c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe
c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe - archive BINARYRES
>c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe/data001 packed by ASPACK
>>c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe/data001 - OK
>c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe/data002 - OK
>c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe/data003 - OK
>c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe/data004 - OK
c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\e19d3_xp.exe - OK

[Scan path] c:\windows\system32\config\systemprofile\appdata\local\temp\1ae7a6ab-befd8a8b-91cf0f92-cbae9a66\system
[Scan path] c:\windows\system32\config\systemprofile\appdata\local\temp\qmrda4n6.dll
c:\windows\system32\config\systemprofile\appdata\local\temp\qmrda4n6.dll packed by ASPACK
>c:\windows\system32\config\systemprofile\appdata\local\temp\qmrda4n6.dll - OK

[Scan path] c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini - OK

[Scan path] c:\windows\system32\credssp.dll
c:\windows\system32\credssp.dll - OK

[Scan path] c:\windows\system32\crypt32.dll
c:\windows\system32\crypt32.dll - OK

[Scan path] c:\windows\system32\cryptdll.dll
c:\windows\system32\cryptdll.dll - OK

[Scan path] c:\windows\system32\cryptext.dll
c:\windows\system32\cryptext.dll - OK

[Scan path] c:\windows\system32\cryptnet.dll
c:\windows\system32\cryptnet.dll - OK

[Scan path] c:\windows\system32\cryptsvc.dll
c:\windows\system32\cryptsvc.dll - OK

[Scan path] c:\windows\system32\cscapi.dll
c:\windows\system32\cscapi.dll - OK

[Scan path] c:\windows\system32\csrsrv.dll
c:\windows\system32\csrsrv.dll - OK

[Scan path] c:\windows\system32\csrss.exe
c:\windows\system32\csrss.exe - OK

[Scan path] c:\windows\system32\davclnt.dll
c:\windows\system32\davclnt.dll - OK

[Scan path] c:\windows\system32\dbghelp.dll
c:\windows\system32\dbghelp.dll - OK

[Scan path] c:\windows\system32\deskadp.dll
c:\windows\system32\deskadp.dll - OK

[Scan path] c:\windows\system32\deskmon.dll
c:\windows\system32\deskmon.dll - OK

[Scan path] c:\windows\system32\deskperf.dll
c:\windows\system32\deskperf.dll - OK

[Scan path] c:\windows\system32\devmgr.dll
c:\windows\system32\devmgr.dll - OK

[Scan path] c:\windows\system32\dfshim.dll
c:\windows\system32\dfshim.dll - OK

[Scan path] c:\windows\system32\dfsr.exe
c:\windows\system32\dfsr.exe - OK

[Scan path] c:\windows\system32\dfsshlex.dll
c:\windows\system32\dfsshlex.dll - OK

[Scan path] c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc.dll - OK

[Scan path] c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc6.dll - OK

[Scan path] c:\windows\system32\diskcopy.dll
c:\windows\system32\diskcopy.dll - OK

[Scan path] c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe - OK

[Scan path] c:\windows\system32\dnsapi.dll
c:\windows\system32\dnsapi.dll - OK

[Scan path] c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsrslvr.dll - OK

[Scan path] c:\windows\system32\docprop.dll
c:\windows\system32\docprop.dll - OK

[Scan path] c:\windows\system32\dot3gpclnt.dll
c:\windows\system32\dot3gpclnt.dll - OK

[Scan path] c:\windows\system32\dot3svc.dll
c:\windows\system32\dot3svc.dll - OK

[Scan path] c:\windows\system32\dps.dll
c:\windows\system32\dps.dll - OK

[Scan path] c:\windows\system32\drivers\acpi.sys
c:\windows\system32\drivers\acpi.sys - OK

[Scan path] c:\windows\system32\drivers\adp94xx.sys
c:\windows\system32\drivers\adp94xx.sys - OK

[Scan path] c:\windows\system32\drivers\adpahci.sys
c:\windows\system32\drivers\adpahci.sys - OK

[Scan path] c:\windows\system32\drivers\adpu160m.sys
c:\windows\system32\drivers\adpu160m.sys - OK

[Scan path] c:\windows\system32\drivers\adpu320.sys
c:\windows\system32\drivers\adpu320.sys - OK

[Scan path] c:\windows\system32\drivers\afd.sys
c:\windows\system32\drivers\afd.sys - OK

[Scan path] c:\windows\system32\drivers\agp440.sys
c:\windows\system32\drivers\agp440.sys - OK

[Scan path] c:\windows\system32\drivers\agrsm.sys
c:\windows\system32\drivers\agrsm.sys - OK

[Scan path] c:\windows\system32\drivers\aliide.sys
c:\windows\system32\drivers\aliide.sys packed by FLY-CODE
>c:\windows\system32\drivers\aliide.sys - OK

[Scan path] c:\windows\system32\drivers\amdagp.sys
c:\windows\system32\drivers\amdagp.sys - OK

[Scan path] c:\windows\system32\drivers\amdide.sys
c:\windows\system32\drivers\amdide.sys packed by FLY-CODE
>c:\windows\system32\drivers\amdide.sys - OK

[Scan path] c:\windows\system32\drivers\amdk7.sys
c:\windows\system32\drivers\amdk7.sys - OK

[Scan path] c:\windows\system32\drivers\amdk8.sys
c:\windows\system32\drivers\amdk8.sys - OK

[Scan path] c:\windows\system32\drivers\arc.sys
c:\windows\system32\drivers\arc.sys - OK

[Scan path] c:\windows\system32\drivers\arcsas.sys
c:\windows\system32\drivers\arcsas.sys - OK

[Scan path] c:\windows\system32\drivers\asyncmac.sys
c:\windows\system32\drivers\asyncmac.sys - OK

[Scan path] c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\atapi.sys - OK

[Scan path] c:\windows\system32\drivers\atksgt.sys
c:\windows\system32\drivers\atksgt.sys - OK

[Scan path] c:\windows\system32\drivers\b57nd60x.sys
c:\windows\system32\drivers\b57nd60x.sys - OK

[Scan path] c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\beep.sys - OK

[Scan path] c:\windows\system32\drivers\bfturboh.sys
c:\windows\system32\drivers\bfturboh.sys - OK

[Scan path] c:\windows\system32\drivers\blbdrive.sys
c:\windows\system32\drivers\blbdrive.sys - OK

[Scan path] c:\windows\system32\drivers\bowser.sys
c:\windows\system32\drivers\bowser.sys - OK

[Scan path] c:\windows\system32\drivers\brfiltlo.sys
c:\windows\system32\drivers\brfiltlo.sys - OK

[Scan path] c:\windows\system32\drivers\brfiltup.sys
c:\windows\system32\drivers\brfiltup.sys - OK

[Scan path] c:\windows\system32\drivers\brserid.sys
c:\windows\system32\drivers\brserid.sys - OK

[Scan path] c:\windows\system32\drivers\brserwdm.sys
c:\windows\system32\drivers\brserwdm.sys - OK

[Scan path] c:\windows\system32\drivers\brusbmdm.sys
c:\windows\system32\drivers\brusbmdm.sys - OK

[Scan path] c:\windows\system32\drivers\brusbser.sys
c:\windows\system32\drivers\brusbser.sys - OK

[Scan path] c:\windows\system32\drivers\bthmodem.sys
c:\windows\system32\drivers\bthmodem.sys - OK

[Scan path] c:\windows\system32\drivers\cdfs.sys
c:\windows\system32\drivers\cdfs.sys - OK

[Scan path] c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\cdrom.sys - OK

[Scan path] c:\windows\system32\drivers\circlass.sys
c:\windows\system32\drivers\circlass.sys - OK

[Scan path] c:\windows\system32\drivers\cmbatt.sys
c:\windows\system32\drivers\cmbatt.sys - OK

[Scan path] c:\windows\system32\drivers\cmdide.sys
c:\windows\system32\drivers\cmdide.sys packed by FLY-CODE
>c:\windows\system32\drivers\cmdide.sys - OK

[Scan path] c:\windows\system32\drivers\compbatt.sys
c:\windows\system32\drivers\compbatt.sys - OK

[Scan path] c:\windows\system32\drivers\crcdisk.sys
c:\windows\system32\drivers\crcdisk.sys - OK

[Scan path] c:\windows\system32\drivers\crusoe.sys
c:\windows\system32\drivers\crusoe.sys - OK

[Scan path] c:\windows\system32\drivers\dfsc.sys
c:\windows\system32\drivers\dfsc.sys - OK

[Scan path] c:\windows\system32\drivers\disk.sys
c:\windows\system32\drivers\disk.sys - OK

[Scan path] c:\windows\system32\drivers\djsvs.sys
c:\windows\system32\drivers\djsvs.sys - OK

[Scan path] c:\windows\system32\drivers\dkbfltr.sys
c:\windows\system32\drivers\dkbfltr.sys - OK

[Scan path] c:\windows\system32\drivers\dot4.sys
c:\windows\system32\drivers\dot4.sys - OK

[Scan path] c:\windows\system32\drivers\dot4prt.sys
c:\windows\system32\drivers\dot4prt.sys - OK

[Scan path] c:\windows\system32\drivers\dot4usb.sys
c:\windows\system32\drivers\dot4usb.sys - OK

[Scan path] c:\windows\system32\drivers\drmkaud.sys
c:\windows\system32\drivers\drmkaud.sys packed by FLY-CODE
>c:\windows\system32\drivers\drmkaud.sys - OK

[Scan path] c:\windows\system32\drivers\dxgkrnl.sys
c:\windows\system32\drivers\dxgkrnl.sys - OK

[Scan path] c:\windows\system32\drivers\e1g60i32.sys
c:\windows\system32\drivers\e1g60i32.sys - OK

[Scan path] c:\windows\system32\drivers\ecache.sys
c:\windows\system32\drivers\ecache.sys - OK

[Scan path] c:\windows\system32\drivers\elxstor.sys
c:\windows\system32\drivers\elxstor.sys - OK

[Scan path] c:\windows\system32\drivers\errdev.sys
c:\windows\system32\drivers\errdev.sys - OK

[Scan path] c:\windows\system32\drivers\fdc.sys
c:\windows\system32\drivers\fdc.sys - OK

[Scan path] c:\windows\system32\drivers\fileinfo.sys
c:\windows\system32\drivers\fileinfo.sys - OK

[Scan path] c:\windows\system32\drivers\filetrace.sys
c:\windows\system32\drivers\filetrace.sys - OK

[Scan path] c:\windows\system32\drivers\flpydisk.sys
c:\windows\system32\drivers\flpydisk.sys - OK

[Scan path] c:\windows\system32\drivers\fltmgr.sys
c:\windows\system32\drivers\fltmgr.sys - OK

[Scan path] c:\windows\system32\drivers\fs_rec.sys
c:\windows\system32\drivers\fs_rec.sys - OK

[Scan path] c:\windows\system32\drivers\gagp30kx.sys
c:\windows\system32\drivers\gagp30kx.sys - OK

[Scan path] c:\windows\system32\drivers\hdaudbus.sys
c:\windows\system32\drivers\hdaudbus.sys - OK

[Scan path] c:\windows\system32\drivers\hdaudio.sys
c:\windows\system32\drivers\hdaudio.sys - OK

[Scan path] c:\windows\system32\drivers\hidbth.sys
c:\windows\system32\drivers\hidbth.sys - OK

[Scan path] c:\windows\system32\drivers\hidir.sys
c:\windows\system32\drivers\hidir.sys - OK

[Scan path] c:\windows\system32\drivers\hidusb.sys
c:\windows\system32\drivers\hidusb.sys - OK

[Scan path] c:\windows\system32\drivers\hpcisss.sys
c:\windows\system32\drivers\hpcisss.sys - OK

[Scan path] c:\windows\system32\drivers\hssdrv.sys
c:\windows\system32\drivers\hssdrv.sys - OK

[Scan path] c:\windows\system32\drivers\http.sys
c:\windows\system32\drivers\http.sys - archive BINARYRES
>c:\windows\system32\drivers\http.sys/data001 - OK
>c:\windows\system32\drivers\http.sys/data002 - OK
>c:\windows\system32\drivers\http.sys/data003 - OK
>c:\windows\system32\drivers\http.sys/data004 - OK
>c:\windows\system32\drivers\http.sys/data005 - OK
>c:\windows\system32\drivers\http.sys/data006 - OK
>c:\windows\system32\drivers\http.sys/data007 - OK
>c:\windows\system32\drivers\http.sys/data008 - OK
>c:\windows\system32\drivers\http.sys/data009 - OK
>c:\windows\system32\drivers\http.sys/data010 - OK
>c:\windows\system32\drivers\http.sys/data011 - OK
>c:\windows\system32\drivers\http.sys/data012 - OK
>c:\windows\system32\drivers\http.sys/data013 - OK
>c:\windows\system32\drivers\http.sys/data014 - OK
>c:\windows\system32\drivers\http.sys/data015 - OK
>c:\windows\system32\drivers\http.sys/data016 - OK
>c:\windows\system32\drivers\http.sys/data017 - OK
>c:\windows\system32\drivers\http.sys/data018 - OK
>c:\windows\system32\drivers\http.sys/data019 - OK
>c:\windows\system32\drivers\http.sys/data020 - OK
>c:\windows\system32\drivers\http.sys/data021 - OK
>c:\windows\system32\drivers\http.sys/data022 - OK
>c:\windows\system32\drivers\http.sys/data023 - OK
>c:\windows\system32\drivers\http.sys/data024 - OK
>c:\windows\system32\drivers\http.sys/data025 - OK
>c:\windows\system32\drivers\http.sys/data026 - OK
>c:\windows\system32\drivers\http.sys/data027 - OK
c:\windows\system32\drivers\http.sys - OK

[Scan path] c:\windows\system32\drivers\i2omp.sys
c:\windows\system32\drivers\i2omp.sys - OK

[Scan path] c:\windows\system32\drivers\i8042prt.sys
c:\windows\system32\drivers\i8042prt.sys - OK

[Scan path] c:\windows\system32\drivers\iastorv.sys
c:\windows\system32\drivers\iastorv.sys - OK

[Scan path] c:\windows\system32\drivers\iirsp.sys
c:\windows\system32\drivers\iirsp.sys - OK

[Scan path] c:\windows\system32\drivers\int15.sys
c:\windows\system32\drivers\int15.sys - OK

[Scan path] c:\windows\system32\drivers\intelide.sys
c:\windows\system32\drivers\intelide.sys packed by FLY-CODE
>c:\windows\system32\drivers\intelide.sys - OK

[Scan path] c:\windows\system32\drivers\intelppm.sys
c:\windows\system32\drivers\intelppm.sys - OK

[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
c:\windows\system32\drivers\ipfltdrv.sys - OK

[Scan path] c:\windows\system32\drivers\ipmidrv.sys
c:\windows\system32\drivers\ipmidrv.sys - OK

[Scan path] c:\windows\system32\drivers\ipnat.sys
c:\windows\system32\drivers\ipnat.sys - OK

[Scan path] c:\windows\system32\drivers\irda.sys
c:\windows\system32\drivers\irda.sys - OK

[Scan path] c:\windows\system32\drivers\irenum.sys
c:\windows\system32\drivers\irenum.sys - OK

[Scan path] c:\windows\system32\drivers\isapnp.sys
c:\windows\system32\drivers\isapnp.sys - OK

[Scan path] c:\windows\system32\drivers\iteatapi.sys
c:\windows\system32\drivers\iteatapi.sys - OK

[Scan path] c:\windows\system32\drivers\iteraid.sys
c:\windows\system32\drivers\iteraid.sys - OK

[Scan path] c:\windows\system32\drivers\jmcr.sys
c:\windows\system32\drivers\jmcr.sys - OK

[Scan path] c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\kbdclass.sys - OK

[Scan path] c:\windows\system32\drivers\kbdhid.sys
c:\windows\system32\drivers\kbdhid.sys - OK

[Scan path] c:\windows\system32\drivers\ksecdd.sys
c:\windows\system32\drivers\ksecdd.sys - OK

[Scan path] c:\windows\system32\drivers\lhidfilt.sys
c:\windows\system32\drivers\lhidfilt.sys - OK

[Scan path] c:\windows\system32\drivers\lirsgt.sys
c:\windows\system32\drivers\lirsgt.sys - OK

[Scan path] c:\windows\system32\drivers\lltdio.sys
c:\windows\system32\drivers\lltdio.sys - OK

[Scan path] c:\windows\system32\drivers\lmoufilt.sys
c:\windows\system32\drivers\lmoufilt.sys - OK

[Scan path] c:\windows\system32\drivers\lsi_fc.sys
c:\windows\system32\drivers\lsi_fc.sys - OK

[Scan path] c:\windows\system32\drivers\lsi_sas.sys
c:\windows\system32\drivers\lsi_sas.sys - OK

[Scan path] c:\windows\system32\drivers\lsi_scsi.sys
c:\windows\system32\drivers\lsi_scsi.sys - OK

[Scan path] c:\windows\system32\drivers\luafv.sys
c:\windows\system32\drivers\luafv.sys - OK

[Scan path] c:\windows\system32\drivers\megasas.sys
c:\windows\system32\drivers\megasas.sys - OK

[Scan path] c:\windows\system32\drivers\megasr.sys
c:\windows\system32\drivers\megasr.sys - OK

[Scan path] c:\windows\system32\drivers\modem.sys
c:\windows\system32\drivers\modem.sys - OK

[Scan path] c:\windows\system32\drivers\monitor.sys
c:\windows\system32\drivers\monitor.sys packed by FLY-CODE
>c:\windows\system32\drivers\monitor.sys - OK

[Scan path] c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\mouclass.sys - OK

[Scan path] c:\windows\system32\drivers\mouhid.sys
c:\windows\system32\drivers\mouhid.sys - OK

[Scan path] c:\windows\system32\drivers\mountmgr.sys
c:\windows\system32\drivers\mountmgr.sys - OK

[Scan path] c:\windows\system32\drivers\mpio.sys
c:\windows\system32\drivers\mpio.sys - OK

[Scan path] c:\windows\system32\drivers\mpsdrv.sys
c:\windows\system32\drivers\mpsdrv.sys - OK

[Scan path] c:\windows\system32\drivers\mraid35x.sys
c:\windows\system32\drivers\mraid35x.sys - OK

[Scan path] c:\windows\system32\drivers\mrxdav.sys
c:\windows\system32\drivers\mrxdav.sys - OK

[Scan path] c:\windows\system32\drivers\mrxsmb.sys
c:\windows\system32\drivers\mrxsmb.sys - OK

[Scan path] c:\windows\system32\drivers\mrxsmb10.sys
c:\windows\system32\drivers\mrxsmb10.sys - OK

[Scan path] c:\windows\system32\drivers\mrxsmb20.sys
c:\windows\system32\drivers\mrxsmb20.sys - OK

[Scan path] c:\windows\system32\drivers\msahci.sys
c:\windows\system32\drivers\msahci.sys - OK

[Scan path] c:\windows\system32\drivers\msdsm.sys
c:\windows\system32\drivers\msdsm.sys - OK

[Scan path] c:\windows\system32\drivers\msfs.sys
c:\windows\system32\drivers\msfs.sys - OK

[Scan path] c:\windows\system32\drivers\msisadrv.sys
c:\windows\system32\drivers\msisadrv.sys - OK

[Scan path] c:\windows\system32\drivers\msiscsi.sys
c:\windows\system32\drivers\msiscsi.sys - OK

[Scan path] c:\windows\system32\drivers\mskssrv.sys
c:\windows\system32\drivers\mskssrv.sys - OK

[Scan path] c:\windows\system32\drivers\mspclock.sys
c:\windows\system32\drivers\mspclock.sys - OK

[Scan path] c:\windows\system32\drivers\mspqm.sys
c:\windows\system32\drivers\mspqm.sys - OK

[Scan path] c:\windows\system32\drivers\mssmbios.sys
c:\windows\system32\drivers\mssmbios.sys - OK

[Scan path] c:\windows\system32\drivers\mstee.sys
c:\windows\system32\drivers\mstee.sys - OK

[Scan path] c:\windows\system32\drivers\mup.sys
c:\windows\system32\drivers\mup.sys - OK

[Scan path] c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\ndis.sys - OK

[Scan path] c:\windows\system32\drivers\ndistapi.sys
c:\windows\system32\drivers\ndistapi.sys - OK

[Scan path] c:\windows\system32\drivers\ndisuio.sys
c:\windows\system32\drivers\ndisuio.sys - OK

[Scan path] c:\windows\system32\drivers\ndiswan.sys
c:\windows\system32\drivers\ndiswan.sys - OK

[Scan path] c:\windows\system32\drivers\netbios.sys
c:\windows\system32\drivers\netbios.sys - OK

[Scan path] c:\windows\system32\drivers\netbt.sys
c:\windows\system32\drivers\netbt.sys - OK

[Scan path] c:\windows\system32\drivers\netw5v32.sys
c:\windows\system32\drivers\netw5v32.sys - OK

[Scan path] c:\windows\system32\drivers\nfrd960.sys
c:\windows\system32\drivers\nfrd960.sys - OK

[Scan path] c:\windows\system32\drivers\npfs.sys
c:\windows\system32\drivers\npfs.sys - OK

[Scan path] c:\windows\system32\drivers\nscirda.sys
c:\windows\system32\drivers\nscirda.sys - OK

[Scan path] c:\windows\system32\drivers\nsiproxy.sys
c:\windows\system32\drivers\nsiproxy.sys - OK

[Scan path] c:\windows\system32\drivers\ntidrvr.sys
c:\windows\system32\drivers\ntidrvr.sys - OK

[Scan path] c:\windows\system32\drivers\ntrigdigi.sys
c:\windows\system32\drivers\ntrigdigi.sys - OK

[Scan path] c:\windows\system32\drivers\null.sys
c:\windows\system32\drivers\null.sys packed by FLY-CODE
>c:\windows\system32\drivers\null.sys - OK

[Scan path] c:\windows\system32\drivers\nv_agp.sys
c:\windows\system32\drivers\nv_agp.sys - OK

[Scan path] c:\windows\system32\drivers\nvhda32v.sys
c:\windows\system32\drivers\nvhda32v.sys - OK

[Scan path] c:\windows\system32\drivers\nvlddmkm.sys
c:\windows\system32\drivers\nvlddmkm.sys - OK

[Scan path] c:\windows\system32\drivers\nvraid.sys
c:\windows\system32\drivers\nvraid.sys - OK

[Scan path] c:\windows\system32\drivers\nvstor.sys
c:\windows\system32\drivers\nvstor.sys - OK

[Scan path] c:\windows\system32\drivers\nwifi.sys
c:\windows\system32\drivers\nwifi.sys - OK

[Scan path] c:\windows\system32\drivers\ohci1394.sys
c:\windows\system32\drivers\ohci1394.sys - OK

[Scan path] c:\windows\system32\drivers\pacer.sys
c:\windows\system32\drivers\pacer.sys - OK

[Scan path] c:\windows\system32\drivers\parport.sys
c:\windows\system32\drivers\parport.sys - OK

[Scan path] c:\windows\system32\drivers\partmgr.sys
c:\windows\system32\drivers\partmgr.sys - OK

[Scan path] c:\windows\system32\drivers\parvdm.sys
c:\windows\system32\drivers\parvdm.sys - OK

[Scan path] c:\windows\system32\drivers\pci.sys
c:\windows\system32\drivers\pci.sys - OK

[Scan path] c:\windows\system32\drivers\pciide.sys
c:\windows\system32\drivers\pciide.sys packed by FLY-CODE
>c:\windows\system32\drivers\pciide.sys - OK

[Scan path] c:\windows\system32\drivers\pcmcia.sys
c:\windows\system32\drivers\pcmcia.sys - OK

[Scan path] c:\windows\system32\drivers\peauth.sys
c:\windows\system32\drivers\peauth.sys - OK

[Scan path] c:\windows\system32\drivers\processr.sys
c:\windows\system32\drivers\processr.sys - OK

[Scan path] c:\windows\system32\drivers\psdfilter.sys
c:\windows\system32\drivers\psdfilter.sys - OK

[Scan path] c:\windows\system32\drivers\psdnserv.sys
c:\windows\system32\drivers\psdnserv.sys - OK

[Scan path] c:\windows\system32\drivers\psdvdisk.sys
c:\windows\system32\drivers\psdvdisk.sys - OK

[Scan path] c:\windows\system32\drivers\ql2300.sys
c:\windows\system32\drivers\ql2300.sys - OK

[Scan path] c:\windows\system32\drivers\ql40xx.sys
c:\windows\system32\drivers\ql40xx.sys - OK

[Scan path] c:\windows\system32\drivers\qwavedrv.sys
c:\windows\system32\drivers\qwavedrv.sys - OK

[Scan path] c:\windows\system32\drivers\rasacd.sys
c:\windows\system32\drivers\rasacd.sys - OK

[Scan path] c:\windows\system32\drivers\rasl2tp.sys
c:\windows\system32\drivers\rasl2tp.sys - OK

[Scan path] c:\windows\system32\drivers\raspppoe.sys
c:\windows\system32\drivers\raspppoe.sys - OK

[Scan path] c:\windows\system32\drivers\raspptp.sys
c:\windows\system32\drivers\raspptp.sys - OK

[Scan path] c:\windows\system32\drivers\rassstp.sys
c:\windows\system32\drivers\rassstp.sys - OK

[Scan path] c:\windows\system32\drivers\rdbss.sys
c:\windows\system32\drivers\rdbss.sys - OK

[Scan path] c:\windows\system32\drivers\rdpcdd.sys
c:\windows\system32\drivers\rdpcdd.sys packed by FLY-CODE
>c:\windows\system32\drivers\rdpcdd.sys packed by FLY-CODE
>>c:\windows\system32\drivers\rdpcdd.sys - OK

[Scan path] c:\windows\system32\drivers\rdpdr.sys
c:\windows\system32\drivers\rdpdr.sys - OK

[Scan path] c:\windows\system32\drivers\rdpencdd.sys
c:\windows\system32\drivers\rdpencdd.sys packed by FLY-CODE
>c:\windows\system32\drivers\rdpencdd.sys packed by FLY-CODE
>>c:\windows\system32\drivers\rdpencdd.sys - OK

[Scan path] c:\windows\system32\drivers\rspndr.sys
c:\windows\system32\drivers\rspndr.sys - OK

[Scan path] c:\windows\system32\drivers\s125bus.sys
c:\windows\system32\drivers\s125bus.sys - OK

[Scan path] c:\windows\system32\drivers\s125mdfl.sys
c:\windows\system32\drivers\s125mdfl.sys - OK

[Scan path] c:\windows\system32\drivers\s125mdm.sys
c:\windows\system32\drivers\s125mdm.sys - OK

[Scan path] c:\windows\system32\drivers\savonaccess.sys
c:\windows\system32\drivers\savonaccess.sys - OK

[Scan path] c:\windows\system32\drivers\sbp2port.sys
c:\windows\system32\drivers\sbp2port.sys - OK

[Scan path] c:\windows\system32\drivers\scdemu.sys
c:\windows\system32\drivers\scdemu.sys - OK

[Scan path] c:\windows\system32\drivers\sdbus.sys
c:\windows\system32\drivers\sdbus.sys - OK

[Scan path] c:\windows\system32\drivers\sdcfilter.sys
c:\windows\system32\drivers\sdcfilter.sys - OK

[Scan path] c:\windows\system32\drivers\serenum.sys
c:\windows\system32\drivers\serenum.sys - OK

[Scan path] c:\windows\system32\drivers\serial.sys
c:\windows\system32\drivers\serial.sys - OK

[Scan path] c:\windows\system32\drivers\sermouse.sys
c:\windows\system32\drivers\sermouse.sys - OK

[Scan path] c:\windows\system32\drivers\sffdisk.sys
c:\windows\system32\drivers\sffdisk.sys - OK

[Scan path] c:\windows\system32\drivers\sffp_mmc.sys
c:\windows\system32\drivers\sffp_mmc.sys packed by FLY-CODE
>c:\windows\system32\drivers\sffp_mmc.sys - OK

[Scan path] c:\windows\system32\drivers\sffp_sd.sys
c:\windows\system32\drivers\sffp_sd.sys - OK

[Scan path] c:\windows\system32\drivers\sfloppy.sys
c:\windows\system32\drivers\sfloppy.sys - OK

[Scan path] c:\windows\system32\drivers\sisagp.sys
c:\windows\system32\drivers\sisagp.sys - OK

[Scan path] c:\windows\system32\drivers\sisraid2.sys
c:\windows\system32\drivers\sisraid2.sys - OK

[Scan path] c:\windows\system32\drivers\sisraid4.sys
c:\windows\system32\drivers\sisraid4.sys - OK

[Scan path] c:\windows\system32\drivers\smb.sys
c:\windows\system32\drivers\smb.sys - OK

[Scan path] c:\windows\system32\drivers\sophosbootdriver.sys
c:\windows\system32\drivers\sophosbootdriver.sys - OK

[Scan path] c:\windows\system32\drivers\spldr.sys
c:\windows\system32\drivers\spldr.sys - OK

[Scan path] c:\windows\system32\drivers\sptd.sys
c:\windows\system32\drivers\sptd.sys - OK

[Scan path] c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\srv.sys - OK

[Scan path] c:\windows\system32\drivers\srv2.sys
c:\windows\system32\drivers\srv2.sys - OK

[Scan path] c:\windows\system32\drivers\srvnet.sys
c:\windows\system32\drivers\srvnet.sys - OK

[Scan path] c:\windows\system32\drivers\swenum.sys
c:\windows\system32\drivers\swenum.sys - OK

[Scan path] c:\windows\system32\drivers\sym_hi.sys
c:\windows\system32\drivers\sym_hi.sys - OK

[Scan path] c:\windows\system32\drivers\sym_u3.sys
c:\windows\system32\drivers\sym_u3.sys - OK

[Scan path] c:\windows\system32\drivers\symc8xx.sys
c:\windows\system32\drivers\symc8xx.sys - OK

[Scan path] c:\windows\system32\drivers\syntp.sys
c:\windows\system32\drivers\syntp.sys - OK

[Scan path] c:\windows\system32\drivers\taphss.sys
c:\windows\system32\drivers\taphss.sys - OK

[Scan path] c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\tcpip.sys - OK

[Scan path] c:\windows\system32\drivers\tcpipreg.sys
c:\windows\system32\drivers\tcpipreg.sys - OK

[Scan path] c:\windows\system32\drivers\tdpipe.sys
c:\windows\system32\drivers\tdpipe.sys - OK

[Scan path] c:\windows\system32\drivers\tdtcp.sys
c:\windows\system32\drivers\tdtcp.sys - OK

[Scan path] c:\windows\system32\drivers\tdx.sys
c:\windows\system32\drivers\tdx.sys - OK

[Scan path] c:\windows\system32\drivers\termdd.sys
c:\windows\system32\drivers\termdd.sys - OK

[Scan path] c:\windows\system32\drivers\tssecsrv.sys
c:\windows\system32\drivers\tssecsrv.sys - OK

[Scan path] c:\windows\system32\drivers\tunmp.sys
c:\windows\system32\drivers\tunmp.sys - OK

[Scan path] c:\windows\system32\drivers\tunnel.sys
c:\windows\system32\drivers\tunnel.sys - OK

[Scan path] c:\windows\system32\drivers\uagp35.sys
c:\windows\system32\drivers\uagp35.sys - OK

[Scan path] c:\windows\system32\drivers\ubhelper.sys
c:\windows\system32\drivers\ubhelper.sys - OK

[Scan path] c:\windows\system32\drivers\udfs.sys
c:\windows\system32\drivers\udfs.sys - OK

[Scan path] c:\windows\system32\drivers\uliagpkx.sys
c:\windows\system32\drivers\uliagpkx.sys - OK

[Scan path] c:\windows\system32\drivers\uliahci.sys
c:\windows\system32\drivers\uliahci.sys - OK

[Scan path] c:\windows\system32\drivers\ulsata.sys
c:\windows\system32\drivers\ulsata.sys - OK

[Scan path] c:\windows\system32\drivers\ulsata2.sys
c:\windows\system32\drivers\ulsata2.sys - OK

[Scan path] c:\windows\system32\drivers\umbus.sys
c:\windows\system32\drivers\umbus.sys packed by FLY-CODE
>c:\windows\system32\drivers\umbus.sys - OK

[Scan path] c:\windows\system32\drivers\usbaudio.sys
c:\windows\system32\drivers\usbaudio.sys - OK

[Scan path] c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys - OK

[Scan path] c:\windows\system32\drivers\usbcir.sys
c:\windows\system32\drivers\usbcir.sys - OK

[Scan path] c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\usbehci.sys - OK

[Scan path] c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\usbhub.sys - OK

[Scan path] c:\windows\system32\drivers\usbohci.sys
c:\windows\system32\drivers\usbohci.sys - OK

[Scan path] c:\windows\system32\drivers\usbprint.sys
c:\windows\system32\drivers\usbprint.sys - OK

[Scan path] c:\windows\system32\drivers\usbscan.sys
c:\windows\system32\drivers\usbscan.sys - OK

[Scan path] c:\windows\system32\drivers\usbstor.sys
c:\windows\system32\drivers\usbstor.sys - OK

[Scan path] c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\drivers\usbuhci.sys - OK

[Scan path] c:\windows\system32\drivers\usbvideo.sys
c:\windows\system32\drivers\usbvideo.sys - OK

[Scan path] c:\windows\system32\drivers\vga.sys
c:\windows\system32\drivers\vga.sys - OK

[Scan path] c:\windows\system32\drivers\vgapnp.sys
c:\windows\system32\drivers\vgapnp.sys - OK

[Scan path] c:\windows\system32\drivers\viaagp.sys
c:\windows\system32\drivers\viaagp.sys - OK

[Scan path] c:\windows\system32\drivers\viac7.sys
c:\windows\system32\drivers\viac7.sys - OK

[Scan path] c:\windows\system32\drivers\viaide.sys
c:\windows\system32\drivers\viaide.sys packed by FLY-CODE
>c:\windows\system32\drivers\viaide.sys - OK

[Scan path] c:\windows\system32\drivers\volmgr.sys
c:\windows\system32\drivers\volmgr.sys - OK

[Scan path] c:\windows\system32\drivers\volmgrx.sys
c:\windows\system32\drivers\volmgrx.sys - OK

[Scan path] c:\windows\system32\drivers\volsnap.sys
c:\windows\system32\drivers\volsnap.sys - OK

[Scan path] c:\windows\system32\drivers\vsmraid.sys
c:\windows\system32\drivers\vsmraid.sys - OK

[Scan path] c:\windows\system32\drivers\vstazl3.sys
c:\windows\system32\drivers\vstazl3.sys - OK

[Scan path] c:\windows\system32\drivers\vstcnxt3.sys
c:\windows\system32\drivers\vstcnxt3.sys - OK

[Scan path] c:\windows\system32\drivers\vstdpv3.sys
c:\windows\system32\drivers\vstdpv3.sys - OK

[Scan path] c:\windows\system32\drivers\wacompen.sys
c:\windows\system32\drivers\wacompen.sys - OK

[Scan path] c:\windows\system32\drivers\wanarp.sys
c:\windows\system32\drivers\wanarp.sys - OK

[Scan path] c:\windows\system32\drivers\wd.sys
c:\windows\system32\drivers\wd.sys - OK

[Scan path] c:\windows\system32\drivers\wdf01000.sys
c:\windows\system32\drivers\wdf01000.sys - OK

[Scan path] c:\windows\system32\drivers\wmiacpi.sys
c:\windows\system32\drivers\wmiacpi.sys - OK

[Scan path] c:\windows\system32\drivers\wpdusb.sys
c:\windows\system32\drivers\wpdusb.sys - OK

[Scan path] c:\windows\system32\drivers\ws2ifsl.sys
c:\windows\system32\drivers\ws2ifsl.sys - OK

[Scan path] c:\windows\system32\drivers\wudfrd.sys
c:\windows\system32\drivers\wudfrd.sys - OK

[Scan path] c:\windows\system32\drivers\yk60x86.sys
c:\windows\system32\drivers\yk60x86.sys - OK

[Scan path] c:\windows\system32\drprov.dll
c:\windows\system32\drprov.dll - OK

[Scan path] c:\windows\system32\dskquota.dll
c:\windows\system32\dskquota.dll - OK

[Scan path] c:\windows\system32\dskquoui.dll
c:\windows\system32\dskquoui.dll - OK

[Scan path] c:\windows\system32\dsquery.dll
c:\windows\system32\dsquery.dll - OK

[Scan path] c:\windows\system32\dssec.dll
c:\windows\system32\dssec.dll packed by PESTUB
>c:\windows\system32\dssec.dll - OK

[Scan path] c:\windows\system32\dsuiext.dll
c:\windows\system32\dsuiext.dll - OK

[Scan path] c:\windows\system32\duser.dll
c:\windows\system32\duser.dll - OK

[Scan path] c:\windows\system32\dwmapi.dll
c:\windows\system32\dwmapi.dll - OK

[Scan path] c:\windows\system32\eappcfg.dll
c:\windows\system32\eappcfg.dll - OK

[Scan path] c:\windows\system32\eappprxy.dll
c:\windows\system32\eappprxy.dll - OK

[Scan path] c:\windows\system32\eapsvc.dll
c:\windows\system32\eapsvc.dll - OK

[Scan path] c:\windows\system32\ehstorapi.dll
c:\windows\system32\ehstorapi.dll - OK

[Scan path] c:\windows\system32\ehstorshell.dll
c:\windows\system32\ehstorshell.dll - OK

[Scan path] c:\windows\system32\emdmgmt.dll
c:\windows\system32\emdmgmt.dll - OK

[Scan path] c:\windows\system32\es.dll
c:\windows\system32\es.dll - OK

[Scan path] c:\windows\system32\esent.dll
c:\windows\system32\esent.dll - OK

[Scan path] c:\windows\system32\explorerframe.dll
c:\windows\system32\explorerframe.dll - OK

[Scan path] c:\windows\system32\fdeploy.dll
c:\windows\system32\fdeploy.dll - OK

[Scan path] c:\windows\system32\fdphost.dll
c:\windows\system32\fdphost.dll - OK

[Scan path] c:\windows\system32\fdproxy.dll
c:\windows\system32\fdproxy.dll - OK

[Scan path] c:\windows\system32\fdrespub.dll
c:\windows\system32\fdrespub.dll - OK

[Scan path] c:\windows\system32\feclient.dll
c:\windows\system32\feclient.dll - OK

[Scan path] c:\windows\system32\firewallapi.dll
c:\windows\system32\firewallapi.dll - OK

[Scan path] c:\windows\system32\fntcache.dll
c:\windows\system32\fntcache.dll packed by PESTUB
>c:\windows\system32\fntcache.dll - OK

[Scan path] c:\windows\system32\fontext.dll
c:\windows\system32\fontext.dll packed by BINARYRES
>c:\windows\system32\fontext.dll packed by MS COMPRESS
>>c:\windows\system32\fontext.dll - OK

[Scan path] c:\windows\system32\frapsvid.dll
c:\windows\system32\frapsvid.dll - OK

[Scan path] c:\windows\system32\functiondiscoveryfolder.dll
c:\windows\system32\functiondiscoveryfolder.dll - OK

[Scan path] c:\windows\system32\fundisc.dll
c:\windows\system32\fundisc.dll - OK

[Scan path] c:\windows\system32\fwpuclnt.dll
c:\windows\system32\fwpuclnt.dll - OK

[Scan path] c:\windows\system32\gameux.dll
c:\windows\system32\gameux.dll - OK

[Scan path] c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32.dll - OK

[Scan path] c:\windows\system32\gpapi.dll
c:\windows\system32\gpapi.dll - OK

[Scan path] c:\windows\system32\gpsvc.dll
c:\windows\system32\gpsvc.dll - OK

[Scan path] c:\windows\system32\gptext.dll
c:\windows\system32\gptext.dll - OK

[Scan path] c:\windows\system32\hhctrl.ocx
c:\windows\system32\hhctrl.ocx - OK

[Scan path] c:\windows\system32\hid.dll
c:\windows\system32\hid.dll - OK

[Scan path] c:\windows\system32\hidserv.dll
c:\windows\system32\hidserv.dll - OK

[Scan path] c:\windows\system32\hpzinw12.dll
c:\windows\system32\hpzinw12.dll - OK

[Scan path] c:\windows\system32\hpzipm12.dll
c:\windows\system32\hpzipm12.dll - OK

[Scan path] c:\windows\system32\hpzll5ha.dll
c:\windows\system32\hpzll5ha.dll - OK

[Scan path] c:\windows\system32\iccvid.dll
c:\windows\system32\iccvid.dll - OK

[Scan path] c:\windows\system32\iconcodecservice.dll
c:\windows\system32\iconcodecservice.dll - OK

[Scan path] c:\windows\system32\icsigd.dll
c:\windows\system32\icsigd.dll - OK

[Scan path] c:\windows\system32\ie4uinit.exe
c:\windows\system32\ie4uinit.exe - OK

[Scan path] c:\windows\system32\iedkcs32.dll
c:\windows\system32\iedkcs32.dll - OK

[Scan path] c:\windows\system32\ieframe.dll
c:\windows\system32\ieframe.dll - OK

[Scan path] c:\windows\system32\iepeers.dll
c:\windows\system32\iepeers.dll - OK

[Scan path] c:\windows\system32\iertutil.dll
c:\windows\system32\iertutil.dll - OK

[Scan path] c:\windows\system32\ieui.dll
c:\windows\system32\ieui.dll - OK

[Scan path] c:\windows\system32\ikeext.dll
c:\windows\system32\ikeext.dll - OK

[Scan path] c:\windows\system32\imaadp32.acm
c:\windows\system32\imaadp32.acm - OK

[Scan path] c:\windows\system32\imagehlp.dll
c:\windows\system32\imagehlp.dll - OK

[Scan path] c:\windows\system32\imapi2.dll
c:\windows\system32\imapi2.dll - OK

[Scan path] c:\windows\system32\imgutil.dll
c:\windows\system32\imgutil.dll - OK

[Scan path] c:\windows\system32\imm32.dll
c:\windows\system32\imm32.dll - OK

[Scan path] c:\windows\system32\inetcomm.dll
c:\windows\system32\inetcomm.dll - OK

[Scan path] c:\windows\system32\ipbusenum.dll
c:\windows\system32\ipbusenum.dll - OK

[Scan path] c:\windows\system32\iphlpapi.dll
c:\windows\system32\iphlpapi.dll - OK

[Scan path] c:\windows\system32\iphlpsvc.dll
c:\windows\system32\iphlpsvc.dll - OK

[Scan path] c:\windows\system32\ipnathlp.dll
c:\windows\system32\ipnathlp.dll - OK

[Scan path] c:\windows\system32\iproset.cpl
c:\windows\system32\iproset.cpl - OK

[Scan path] c:\windows\system32\ipsecsvc.dll
c:\windows\system32\ipsecsvc.dll - OK

[Scan path] c:\windows\system32\irmon.dll
c:\windows\system32\irmon.dll - OK

[Scan path] c:\windows\system32\iscsiexe.dll
c:\windows\system32\iscsiexe.dll - OK

[Scan path] c:\windows\system32\itss.dll
c:\windows\system32\itss.dll - OK

[Scan path] c:\windows\system32\iyuv_32.dll
c:\windows\system32\iyuv_32.dll - OK

[Scan path] c:\windows\system32\jscript.dll
c:\windows\system32\jscript.dll - OK

[Scan path] c:\windows\system32\kerberos.dll
c:\windows\system32\kerberos.dll - OK

[Scan path] c:\windows\system32\kernel32.dll
c:\windows\system32\kernel32.dll - OK

[Scan path] c:\windows\system32\keyiso.dll
c:\windows\system32\keyiso.dll - OK

[Scan path] c:\windows\system32\kmsvc.dll
c:\windows\system32\kmsvc.dll - OK

[Scan path] c:\windows\system32\ksuser.dll
c:\windows\system32\ksuser.dll - OK

[Scan path] c:\windows\system32\l3codeca.acm
c:\windows\system32\l3codeca.acm - OK

[Scan path] c:\windows\system32\linkinfo.dll
c:\windows\system32\linkinfo.dll - OK

[Scan path] c:\windows\system32\lltdsvc.dll
c:\windows\system32\lltdsvc.dll - OK

[Scan path] c:\windows\system32\lmhsvc.dll
c:\windows\system32\lmhsvc.dll - OK

[Scan path] c:\windows\system32\localspl.dll
c:\windows\system32\localspl.dll - OK

[Scan path] c:\windows\system32\locator.exe
c:\windows\system32\locator.exe - OK

[Scan path] c:\windows\system32\logon.scr
c:\windows\system32\logon.scr - OK

[Scan path] c:\windows\system32\lpk.dll
c:\windows\system32\lpk.dll packed by FLY-CODE
>c:\windows\system32\lpk.dll - OK

[Scan path] c:\windows\system32\lsasrv.dll
c:\windows\system32\lsasrv.dll - OK

[Scan path] c:\windows\system32\lsass.exe
c:\windows\system32\lsass.exe - OK

[Scan path] c:\windows\system32\lsm.exe
c:\windows\system32\lsm.exe - OK

[Scan path] c:\windows\system32\mcx2svc.dll
c:\windows\system32\mcx2svc.dll - OK

[Scan path] c:\windows\system32\mdimon.dll
c:\windows\system32\mdimon.dll - OK

[Scan path] c:\windows\system32\mediametadatahandler.dll
c:\windows\system32\mediametadatahandler.dll - OK

[Scan path] c:\windows\system32\midimap.dll
c:\windows\system32\midimap.dll - OK

[Scan path] c:\windows\system32\mlang.dll
c:\windows\system32\mlang.dll - OK

[Scan path] c:\windows\system32\mmcshext.dll
c:\windows\system32\mmcshext.dll - OK

[Scan path] c:\windows\system32\mmcss.dll
c:\windows\system32\mmcss.dll - OK

[Scan path] c:\windows\system32\mmdevapi.dll
c:\windows\system32\mmdevapi.dll - OK

[Scan path] c:\windows\system32\mpr.dll
c:\windows\system32\mpr.dll - OK

[Scan path] c:\windows\system32\mprdim.dll
c:\windows\system32\mprdim.dll - OK

[Scan path] c:\windows\system32\mpssvc.dll
c:\windows\system32\mpssvc.dll - OK

[Scan path] c:\windows\system32\msacm32.dll
c:\windows\system32\msacm32.dll - OK

[Scan path] c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.drv - OK

[Scan path] c:\windows\system32\msadp32.acm
c:\windows\system32\msadp32.acm - OK

[Scan path] c:\windows\system32\msasn1.dll
c:\windows\system32\msasn1.dll - OK

[Scan path] c:\windows\system32\mscoree.dll
c:\windows\system32\mscoree.dll - OK

[Scan path] c:\windows\system32\mscories.dll
c:\windows\system32\mscories.dll - OK

[Scan path] c:\windows\system32\msctf.dll
c:\windows\system32\msctf.dll - OK

[Scan path] c:\windows\system32\msdtc.exe
c:\windows\system32\msdtc.exe - OK

[Scan path] c:\windows\system32\msdtckrm.dll
c:\windows\system32\msdtckrm.dll - OK

[Scan path] c:\windows\system32\msfeeds.dll
c:\windows\system32\msfeeds.dll - OK

[Scan path] c:\windows\system32\msg711.acm
c:\windows\system32\msg711.acm - OK

[Scan path] c:\windows\system32\msgsm32.acm
c:\windows\system32\msgsm32.acm - OK

[Scan path] c:\windows\system32\mshtml.dll
c:\windows\system32\mshtml.dll - OK

[Scan path] c:\windows\system32\msi.dll
c:\windows\system32\msi.dll - OK

[Scan path] c:\windows\system32\msieftp.dll
c:\windows\system32\msieftp.dll - OK

[Scan path] c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe - OK

[Scan path] c:\windows\system32\msiltcfg.dll
c:\windows\system32\msiltcfg.dll - OK

[Scan path] c:\windows\system32\msimg32.dll
c:\windows\system32\msimg32.dll packed by FLY-CODE
>c:\windows\system32\msimg32.dll - OK

[Scan path] c:\windows\system32\msimtf.dll
c:\windows\system32\msimtf.dll - OK

[Scan path] c:\windows\system32\msls31.dll
c:\windows\system32\msls31.dll - OK

[Scan path] c:\windows\system32\msonpmon.dll
c:\windows\system32\msonpmon.dll - OK

[Scan path] c:\windows\system32\msprivs.dll
c:\windows\system32\msprivs.dll - OK

[Scan path] c:\windows\system32\msrle32.dll
c:\windows\system32\msrle32.dll - OK

[Scan path] c:\windows\system32\msshsq.dll
c:\windows\system32\msshsq.dll - OK

[Scan path] c:\windows\system32\mssvp.dll
c:\windows\system32\mssvp.dll - OK

[Scan path] c:\windows\system32\mstask.dll
c:\windows\system32\mstask.dll - OK

[Scan path] c:\windows\system32\msv1_0.dll
c:\windows\system32\msv1_0.dll - OK

[Scan path] c:\windows\system32\msvcrt.dll
c:\windows\system32\msvcrt.dll - OK

[Scan path] c:\windows\system32\msvidc32.dll
c:\windows\system32\msvidc32.dll - OK

[Scan path] c:\windows\system32\msvidctl.dll
c:\windows\system32\msvidctl.dll - OK

[Scan path] c:\windows\system32\mswsock.dll
c:\windows\system32\mswsock.dll - OK

[Scan path] c:\windows\system32\msxml3.dll
c:\windows\system32\msxml3.dll - OK

[Scan path] c:\windows\system32\msyuv.dll
c:\windows\system32\msyuv.dll - OK

[Scan path] c:\windows\system32\mydocs.dll
c:\windows\system32\mydocs.dll - OK

[Scan path] c:\windows\system32\nagasoft\vjocx.dll
c:\windows\system32\nagasoft\vjocx.dll - OK

[Scan path] c:\windows\system32\napinsp.dll
c:\windows\system32\napinsp.dll - OK

[Scan path] c:\windows\system32\naturallanguage6.dll
c:\windows\system32\naturallanguage6.dll - OK

[Scan path] c:\windows\system32\ncdprop.dll
c:\windows\system32\ncdprop.dll packed by PESTUB
>c:\windows\system32\ncdprop.dll - OK

[Scan path] c:\windows\system32\ncobjapi.dll
c:\windows\system32\ncobjapi.dll - OK

[Scan path] c:\windows\system32\ncrypt.dll
c:\windows\system32\ncrypt.dll - OK

[Scan path] c:\windows\system32\netapi32.dll
c:\windows\system32\netapi32.dll - OK

[Scan path] c:\windows\system32\netlogon.dll
c:\windows\system32\netlogon.dll - OK

[Scan path] c:\windows\system32\netman.dll
c:\windows\system32\netman.dll - OK

[Scan path] c:\windows\system32\netprofm.dll
c:\windows\system32\netprofm.dll - OK

[Scan path] c:\windows\system32\netshell.dll
c:\windows\system32\netshell.dll - OK

[Scan path] c:\windows\system32\networkexplorer.dll
c:\windows\system32\networkexplorer.dll - OK

[Scan path] c:\windows\system32\nlaapi.dll
c:\windows\system32\nlaapi.dll - OK

[Scan path] c:\windows\system32\nlasvc.dll
c:\windows\system32\nlasvc.dll - OK

[Scan path] c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlsdata0009.dll - OK

[Scan path] c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\nlslexicons0009.dll - OK

[Scan path] c:\windows\system32\normaliz.dll
c:\windows\system32\normaliz.dll - OK

[Scan path] c:\windows\system32\nsi.dll
c:\windows\system32\nsi.dll packed by FLY-CODE
>c:\windows\system32\nsi.dll - OK

[Scan path] c:\windows\system32\nsisvc.dll
c:\windows\system32\nsisvc.dll - OK

[Scan path] c:\windows\system32\ntdll.dll
c:\windows\system32\ntdll.dll - OK

[Scan path] c:\windows\system32\ntdsapi.dll
c:\windows\system32\ntdsapi.dll - OK

[Scan path] c:\windows\system32\ntlanman.dll
c:\windows\system32\ntlanman.dll - OK

[Scan path] c:\windows\system32\ntlanui2.dll
c:\windows\system32\ntlanui2.dll - OK

[Scan path] c:\windows\system32\ntmarta.dll
c:\windows\system32\ntmarta.dll - OK

[Scan path] c:\windows\system32\ntshrui.dll
c:\windows\system32\ntshrui.dll - OK

[Scan path] c:\windows\system32\nvshext.dll
c:\windows\system32\nvshext.dll - OK

[Scan path] c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe - OK

[Scan path] c:\windows\system32\occache.dll
c:\windows\system32\occache.dll - OK

[Scan path] c:\windows\system32\ole32.dll
c:\windows\system32\ole32.dll - archive BINARYRES
>c:\windows\system32\ole32.dll/data001 - OK
c:\windows\system32\ole32.dll - OK

[Scan path] c:\windows\system32\oleacc.dll
c:\windows\system32\oleacc.dll - OK

[Scan path] c:\windows\system32\oleaut32.dll
c:\windows\system32\oleaut32.dll - OK

[Scan path] c:\windows\system32\oleprn.dll
c:\windows\system32\oleprn.dll - OK

[Scan path] c:\windows\system32\onex.dll
c:\windows\system32\onex.dll - OK

[Scan path] c:\windows\system32\oobefldr.dll
c:\windows\system32\oobefldr.dll - OK

[Scan path] c:\windows\system32\p2psvc.dll
c:\windows\system32\p2psvc.dll - OK

[Scan path] c:\windows\system32\pcasvc.dll
c:\windows\system32\pcasvc.dll packed by PESTUB
>c:\windows\system32\pcasvc.dll - OK

[Scan path] c:\windows\system32\photowiz.dll
c:\windows\system32\photowiz.dll - OK

[Scan path] c:\windows\system32\pla.dll
c:\windows\system32\pla.dll - OK

[Scan path] c:\windows\system32\pngfilt.dll
c:\windows\system32\pngfilt.dll - OK

[Scan path] c:\windows\system32\pnidui.dll
c:\windows\system32\pnidui.dll - OK

[Scan path] c:\windows\system32\pnrpnsp.dll
c:\windows\system32\pnrpnsp.dll - OK

[Scan path] c:\windows\system32\polstore.dll
c:\windows\system32\polstore.dll - OK

[Scan path] c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\portabledeviceapi.dll - OK

[Scan path] c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledevicetypes.dll - OK

[Scan path] c:\windows\system32\powrprof.dll
c:\windows\system32\powrprof.dll - OK

[Scan path] c:\windows\system32\printui.dll
c:\windows\system32\printui.dll - OK

[Scan path] c:\windows\system32\profsvc.dll
c:\windows\system32\profsvc.dll - OK

[Scan path] c:\windows\system32\propsys.dll
c:\windows\system32\propsys.dll - OK

[Scan path] c:\windows\system32\prxerdrv.dll
c:\windows\system32\prxerdrv.dll - OK

[Scan path] c:\windows\system32\prxernsp.dll
c:\windows\system32\prxernsp.dll - OK

[Scan path] c:\windows\system32\psapi.dll
c:\windows\system32\psapi.dll - OK

[Scan path] c:\windows\system32\qagent.dll
c:\windows\system32\qagent.dll - OK

[Scan path] c:\windows\system32\qagentrt.dll
c:\windows\system32\qagentrt.dll - OK

[Scan path] c:\windows\system32\qmgr.dll
c:\windows\system32\qmgr.dll - OK

[Scan path] c:\windows\system32\qutil.dll
c:\windows\system32\qutil.dll - OK

[Scan path] c:\windows\system32\qwave.dll
c:\windows\system32\qwave.dll - OK

[Scan path] c:\windows\system32\rasapi32.dll
c:\windows\system32\rasapi32.dll - OK

[Scan path] c:\windows\system32\rasauto.dll
c:\windows\system32\rasauto.dll - OK

[Scan path] c:\windows\system32\rasman.dll
c:\windows\system32\rasman.dll - OK

[Scan path] c:\windows\system32\rasmans.dll
c:\windows\system32\rasmans.dll - OK

[Scan path] c:\windows\system32\regsvc.dll
c:\windows\system32\regsvc.dll - OK

[Scan path] c:\windows\system32\regsvr32.exe
c:\windows\system32\regsvr32.exe - OK

[Scan path] c:\windows\system32\remotepg.dll
c:\windows\system32\remotepg.dll - OK

[Scan path] c:\windows\system32\rpcrt4.dll
c:\windows\system32\rpcrt4.dll - OK

[Scan path] c:\windows\system32\rpcss.dll
c:\windows\system32\rpcss.dll - OK

[Scan path] c:\windows\system32\rsaenh.dll
c:\windows\system32\rsaenh.dll - OK

[Scan path] c:\windows\system32\rshx32.dll
c:\windows\system32\rshx32.dll - OK

[Scan path] c:\windows\system32\rtutils.dll
c:\windows\system32\rtutils.dll - OK

[Scan path] c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe - OK

[Scan path] c:\windows\system32\samlib.dll
c:\windows\system32\samlib.dll - OK

[Scan path] c:\windows\system32\samsrv.dll
c:\windows\system32\samsrv.dll - OK

[Scan path] c:\windows\system32\scardsvr.dll
c:\windows\system32\scardsvr.dll - OK

[Scan path] c:\windows\system32\scecli.dll
c:\windows\system32\scecli.dll - OK

[Scan path] c:\windows\system32\scesrv.dll
c:\windows\system32\scesrv.dll - OK

[Scan path] c:\windows\system32\schannel.dll
c:\windows\system32\schannel.dll - OK

[Scan path] c:\windows\system32\schedsvc.dll
c:\windows\system32\schedsvc.dll - OK

[Scan path] c:\windows\system32\sdrsvc.dll
c:\windows\system32\sdrsvc.dll - OK

[Scan path] c:\windows\system32\sdshext.dll
c:\windows\system32\sdshext.dll - OK

[Scan path] c:\windows\system32\searchindexer.exe
c:\windows\system32\searchindexer.exe - OK

[Scan path] c:\windows\system32\seclogon.dll
c:\windows\system32\seclogon.dll - OK

[Scan path] c:\windows\system32\secur32.dll
c:\windows\system32\secur32.dll - OK

[Scan path] c:\windows\system32\sendmail.dll
c:\windows\system32\sendmail.dll - OK

[Scan path] c:\windows\system32\sens.dll
c:\windows\system32\sens.dll - OK

[Scan path] c:\windows\system32\sensapi.dll
c:\windows\system32\sensapi.dll - OK

[Scan path] c:\windows\system32\services.exe
c:\windows\system32\services.exe - OK

[Scan path] c:\windows\system32\sessenv.dll
c:\windows\system32\sessenv.dll - OK

[Scan path] c:\windows\system32\setupapi.dll
c:\windows\system32\setupapi.dll - OK

[Scan path] c:\windows\system32\shacct.dll
c:\windows\system32\shacct.dll - OK

[Scan path] c:\windows\system32\shdocvw.dll
c:\windows\system32\shdocvw.dll - OK

[Scan path] c:\windows\system32\shell32.dll
c:\windows\system32\shell32.dll - OK

[Scan path] c:\windows\system32\shlwapi.dll
c:\windows\system32\shlwapi.dll - OK

[Scan path] c:\windows\system32\shsvcs.dll
c:\windows\system32\shsvcs.dll - OK

[Scan path] c:\windows\system32\shwebsvc.dll
c:\windows\system32\shwebsvc.dll - OK

[Scan path] c:\windows\system32\sirenacm.dll
c:\windows\system32\sirenacm.dll - OK

[Scan path] c:\windows\system32\slc.dll
c:\windows\system32\slc.dll - OK

[Scan path] c:\windows\system32\slsvc.exe
c:\windows\system32\slsvc.exe packed by FLY-CODE
>c:\windows\system32\slsvc.exe - OK

[Scan path] c:\windows\system32\sluinotify.dll
c:\windows\system32\sluinotify.dll - OK

[Scan path] c:\windows\system32\smss.exe
c:\windows\system32\smss.exe - OK

[Scan path] c:\windows\system32\sndvolsso.dll
c:\windows\system32\sndvolsso.dll - OK

[Scan path] c:\windows\system32\snmptrap.exe
c:\windows\system32\snmptrap.exe - OK

[Scan path] c:\windows\system32\speech\speechux\sapi.cpl
c:\windows\system32\speech\speechux\sapi.cpl - OK

[Scan path] c:\windows\system32\spoolsv.exe
c:\windows\system32\spoolsv.exe - OK

[Scan path] c:\windows\system32\srchadmin.dll
c:\windows\system32\srchadmin.dll - OK

[Scan path] c:\windows\system32\srvsvc.dll
c:\windows\system32\srvsvc.dll - OK

[Scan path] c:\windows\system32\ssdpsrv.dll
c:\windows\system32\ssdpsrv.dll - OK

[Scan path] c:\windows\system32\sstpsvc.dll
c:\windows\system32\sstpsvc.dll - OK

[Scan path] c:\windows\system32\stobject.dll
c:\windows\system32\stobject.dll - OK

[Scan path] c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe - OK

[Scan path] c:\windows\system32\swprv.dll
c:\windows\system32\swprv.dll - OK

[Scan path] c:\windows\system32\sxs.dll
c:\windows\system32\sxs.dll - OK

[Scan path] c:\windows\system32\synccenter.dll
c:\windows\system32\synccenter.dll - OK

[Scan path] c:\windows\system32\synceng.dll
c:\windows\system32\synceng.dll - OK

[Scan path] c:\windows\system32\syncui.dll
c:\windows\system32\syncui.dll - OK

[Scan path] c:\windows\system32\sysmain.dll
c:\windows\system32\sysmain.dll - OK

[Scan path] c:\windows\system32\sysntfy.dll
c:\windows\system32\sysntfy.dll - OK

[Scan path] c:\windows\system32\tabsvc.dll
c:\windows\system32\tabsvc.dll - OK

[Scan path] c:\windows\system32\tapi32.dll
c:\windows\system32\tapi32.dll - OK

[Scan path] c:\windows\system32\tapisrv.dll
c:\windows\system32\tapisrv.dll - OK

[Scan path] c:\windows\system32\taskschd.dll
c:\windows\system32\taskschd.dll - OK

[Scan path] c:\windows\system32\tbs.dll
c:\windows\system32\tbs.dll packed by PESTUB
>c:\windows\system32\tbs.dll - OK

[Scan path] c:\windows\system32\tbssvc.dll
c:\windows\system32\tbssvc.dll - OK

[Scan path] c:\windows\system32\tcpmon.dll
c:\windows\system32\tcpmon.dll - OK

[Scan path] c:\windows\system32\termsrv.dll
c:\windows\system32\termsrv.dll - OK

[Scan path] c:\windows\system32\themeui.dll
c:\windows\system32\themeui.dll - OK

[Scan path] c:\windows\system32\thumbcache.dll
c:\windows\system32\thumbcache.dll - OK

[Scan path] c:\windows\system32\timedate.cpl
c:\windows\system32\timedate.cpl packed by ZLIB
>c:\windows\system32\timedate.cpl - archive BINARYRES
>>c:\windows\system32\timedate.cpl/data001 - OK
>c:\windows\system32\timedate.cpl - OK

[Scan path] c:\windows\system32\touchx.dll
c:\windows\system32\touchx.dll - OK

[Scan path] c:\windows\system32\trkwks.dll
c:\windows\system32\trkwks.dll - OK

[Scan path] c:\windows\system32\tsbyuv.dll
c:\windows\system32\tsbyuv.dll - OK

[Scan path] c:\windows\system32\tspkg.dll
c:\windows\system32\tspkg.dll - OK

[Scan path] c:\windows\system32\ui0detect.exe
c:\windows\system32\ui0detect.exe - OK

[Scan path] c:\windows\system32\umpnpmgr.dll
c:\windows\system32\umpnpmgr.dll - OK

[Scan path] c:\windows\system32\unregmp2.exe
c:\windows\system32\unregmp2.exe - OK

[Scan path] c:\windows\system32\upnphost.dll
c:\windows\system32\upnphost.dll - OK

[Scan path] c:\windows\system32\urlmon.dll
c:\windows\system32\urlmon.dll - OK

[Scan path] c:\windows\system32\usbmon.dll
c:\windows\system32\usbmon.dll - OK

[Scan path] c:\windows\system32\user32.dll
c:\windows\system32\user32.dll - OK

[Scan path] c:\windows\system32\userenv.dll
c:\windows\system32\userenv.dll - OK

[Scan path] c:\windows\system32\userinit.exe
c:\windows\system32\userinit.exe - OK

[Scan path] c:\windows\system32\usp10.dll
c:\windows\system32\usp10.dll - OK

[Scan path] c:\windows\system32\uxsms.dll
c:\windows\system32\uxsms.dll - OK

[Scan path] c:\windows\system32\uxtheme.dll
c:\windows\system32\uxtheme.dll - OK

[Scan path] c:\windows\system32\vds.exe
c:\windows\system32\vds.exe - OK

[Scan path] c:\windows\system32\version.dll
c:\windows\system32\version.dll - OK

[Scan path] c:\windows\system32\vfwwdm32.dll
c:\windows\system32\vfwwdm32.dll - OK

[Scan path] c:\windows\system32\vssapi.dll
c:\windows\system32\vssapi.dll - OK

[Scan path] c:\windows\system32\vsstrace.dll
c:\windows\system32\vsstrace.dll - OK

[Scan path] c:\windows\system32\vssvc.exe
c:\windows\system32\vssvc.exe - OK

[Scan path] c:\windows\system32\w32time.dll
c:\windows\system32\w32time.dll - OK

[Scan path] c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\esscli.dll - OK

[Scan path] c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\fastprox.dll - OK

[Scan path] c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\wbem\ncprov.dll - OK

[Scan path] c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\repdrvfs.dll - OK

[Scan path] c:\windows\system32\wbem\wbemcons.dll
c:\windows\system32\wbem\wbemcons.dll - OK

[Scan path] c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\wbemcore.dll - OK

[Scan path] c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\wbemess.dll - OK

[Scan path] c:\windows\system32\wbem\winmgmt.exe
c:\windows\system32\wbem\winmgmt.exe - OK

[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\wmiapsrv.exe - OK

[Scan path] c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmiprvsd.dll - OK

[Scan path] c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbem\wmisvc.dll - OK

[Scan path] c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wmiutils.dll - OK

[Scan path] c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbemcomn.dll - OK

[Scan path] c:\windows\system32\wcncsvc.dll
c:\windows\system32\wcncsvc.dll - OK

[Scan path] c:\windows\system32\wcspluginservice.dll
c:\windows\system32\wcspluginservice.dll - OK

[Scan path] c:\windows\system32\wdi.dll
c:\windows\system32\wdi.dll - OK

[Scan path] c:\windows\system32\wdigest.dll
c:\windows\system32\wdigest.dll - OK

[Scan path] c:\windows\system32\wdmaud.drv
c:\windows\system32\wdmaud.drv - OK

[Scan path] c:\windows\system32\webcheck.dll
c:\windows\system32\webcheck.dll - OK

[Scan path] c:\windows\system32\webclnt.dll
c:\windows\system32\webclnt.dll - OK

[Scan path] c:\windows\system32\wecsvc.dll
c:\windows\system32\wecsvc.dll - OK

[Scan path] c:\windows\system32\wercplsupport.dll
c:\windows\system32\wercplsupport.dll - OK

[Scan path] c:\windows\system32\wersvc.dll
c:\windows\system32\wersvc.dll - OK

[Scan path] c:\windows\system32\wevtapi.dll
c:\windows\system32\wevtapi.dll - OK

[Scan path] c:\windows\system32\wevtsvc.dll
c:\windows\system32\wevtsvc.dll - OK

[Scan path] c:\windows\system32\wiaservc.dll
c:\windows\system32\wiaservc.dll - OK

[Scan path] c:\windows\system32\winbrand.dll
c:\windows\system32\winbrand.dll - OK

[Scan path] c:\windows\system32\windowscodecs.dll
c:\windows\system32\windowscodecs.dll - OK

[Scan path] c:\windows\system32\winhttp.dll
c:\windows\system32\winhttp.dll - OK

[Scan path] c:\windows\system32\wininet.dll
c:\windows\system32\wininet.dll - OK

[Scan path] c:\windows\system32\wininit.exe
c:\windows\system32\wininit.exe - OK

[Scan path] c:\windows\system32\winlogon.exe
c:\windows\system32\winlogon.exe - OK

[Scan path] c:\windows\system32\winmm.dll
c:\windows\system32\winmm.dll - OK

[Scan path] c:\windows\system32\winnsi.dll
c:\windows\system32\winnsi.dll - OK

[Scan path] c:\windows\system32\winrnr.dll
c:\windows\system32\winrnr.dll - OK

[Scan path] c:\windows\system32\winspool.drv
c:\windows\system32\winspool.drv - OK

[Scan path] c:\windows\system32\winsrv.dll
c:\windows\system32\winsrv.dll - OK

[Scan path] c:\windows\system32\winsta.dll
c:\windows\system32\winsta.dll - OK

[Scan path] c:\windows\system32\wintrust.dll
c:\windows\system32\wintrust.dll - OK

[Scan path] c:\windows\system32\wkssvc.dll
c:\windows\system32\wkssvc.dll - OK

[Scan path] c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanapi.dll - OK

[Scan path] c:\windows\system32\wlanpref.dll
c:\windows\system32\wlanpref.dll - OK

[Scan path] c:\windows\system32\wlansvc.dll
c:\windows\system32\wlansvc.dll packed by PESTUB
>c:\windows\system32\wlansvc.dll - OK

[Scan path] c:\windows\system32\wlanutil.dll
c:\windows\system32\wlanutil.dll - OK

[Scan path] c:\windows\system32\wldap32.dll
c:\windows\system32\wldap32.dll - OK

[Scan path] c:\windows\system32\wlgpclnt.dll
c:\windows\system32\wlgpclnt.dll - OK

[Scan path] c:\windows\system32\wmpshell.dll
c:\windows\system32\wmpshell.dll - OK

[Scan path] c:\windows\system32\wmsgapi.dll
c:\windows\system32\wmsgapi.dll - OK

[Scan path] c:\windows\system32\wpcsvc.dll
c:\windows\system32\wpcsvc.dll - OK

[Scan path] c:\windows\system32\wpdbusenum.dll
c:\windows\system32\wpdbusenum.dll - OK

[Scan path] c:\windows\system32\wpdshext.dll
c:\windows\system32\wpdshext.dll - OK

[Scan path] c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\wpdshserviceobj.dll - OK

[Scan path] c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2_32.dll - OK

[Scan path] c:\windows\system32\wscapi.dll
c:\windows\system32\wscapi.dll - OK

[Scan path] c:\windows\system32\wscntfy.dll
c:\windows\system32\wscntfy.dll - OK

[Scan path] c:\windows\system32\wscsvc.dll
c:\windows\system32\wscsvc.dll - OK

[Scan path] c:\windows\system32\wsdmon.dll
c:\windows\system32\wsdmon.dll - OK

[Scan path] c:\windows\system32\wshext.dll
c:\windows\system32\wshext.dll - OK

[Scan path] c:\windows\system32\wship6.dll
c:\windows\system32\wship6.dll - OK

[Scan path] c:\windows\system32\wshtcpip.dll
c:\windows\system32\wshtcpip.dll - OK

[Scan path] c:\windows\system32\wsmsvc.dll
c:\windows\system32\wsmsvc.dll - OK

[Scan path] c:\windows\system32\wtsapi32.dll
c:\windows\system32\wtsapi32.dll - OK

[Scan path] c:\windows\system32\wuaueng.dll
c:\windows\system32\wuaueng.dll - OK

[Scan path] c:\windows\system32\wudfsvc.dll
c:\windows\system32\wudfsvc.dll packed by PESTUB
>c:\windows\system32\wudfsvc.dll - OK

[Scan path] c:\windows\system32\xmllite.dll
c:\windows\system32\xmllite.dll - OK

[Scan path] c:\windows\system32\xpsshhdr.dll
c:\windows\system32\xpsshhdr.dll - OK

[Scan path] c:\windows\system32\zipfldr.dll
c:\windows\system32\zipfldr.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\atl80.dll
c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\atl80.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll - OK

[Scan path] d:\program files\microsoft office\office12\grooveauditservice.exe
d:\program files\microsoft office\office12\grooveauditservice.exe - OK

[Scan path] d:\program files\microsoft office\office12\groovemisc.dll
d:\program files\microsoft office\office12\groovemisc.dll - OK

[Scan path] d:\program files\microsoft office\office12\groovemonitor.exe
d:\program files\microsoft office\office12\groovemonitor.exe - OK

[Scan path] d:\program files\microsoft office\office12\groovenew.dll
d:\program files\microsoft office\office12\groovenew.dll - OK

[Scan path] d:\program files\microsoft office\office12\grooveshellextensions.dll
d:\program files\microsoft office\office12\grooveshellextensions.dll - OK

[Scan path] d:\program files\microsoft office\office12\groovesystemservices.dll
d:\program files\microsoft office\office12\groovesystemservices.dll - OK

[Scan path] d:\program files\microsoft office\office12\grooveutil.dll
d:\program files\microsoft office\office12\grooveutil.dll - OK

[Scan path] d:\program files\microsoft office\office12\onbttnie.dll
d:\program files\microsoft office\office12\onbttnie.dll - OK

[Scan path] d:\program files\microsoft office\office12\onfilter.dll
d:\program files\microsoft office\office12\onfilter.dll - OK

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 1555
Infected: 5
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 8521 Kb/s
Scan time: 0:07:49
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 1555
Infected: 5
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 8190 Kb/s
Scan time: 0:08:08
=============================================================================
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well no sign of ramnit there - intriguing

Ok lets now run a dedicated malware programme to see what remains



Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#13
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'm having some trouble closing Sophos - I've ended its process in task manager and it's no longer in the system tray but combofix reckons it's still active. Shall I run anyway?
  • 0

#14
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scratch that, done it. Log to follow
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A belated yes - let it run :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP